Throughout my career, I have come across quite a few positions and a lot of different people. No other job title, however, is as “hot” right now as that of “cybersecurity analyst.” Generally speaking, skilled cybersecurity personnel are both highly valued and increasingly rare. Security professionals of all different types are needed.
So what makes the role of cybersecurity analyst stand out? Why are they needed so badly? What does it take to become one, and what sort of special training and background is required? Touching on my favorite topic: What certifications does one need to become a truly sought-after cybersecurity analyst?
The topic of “what does [type of professional] do” largely depends on who you ask. If you ask me, what a cybersecurity analyst does is analysis and compliance. As thi author sees it, that is the sweet spot for an analyst of any kind, but especially a cybersecurity analyst.
A quick Google search indicates that many people believe analysts install firewalls, security software, or two-factor authorization systems — they do not. That would be the job of a cybersecurity engineer. An analyst understands these tools and makes sure from a business perspective that both IT staffers and regular personnel are utilizing these systems and complying with policies outlined in the company’s cybersecurity framework.
First, any company must define its cybersecurity policy. Analysts help with this effort from the ground up. They understand how a breach would occur and assess the landscape of the company, as well as its appetite for security. They either write or help write the policy that ALL the individuals in the company, regardless of position, will follow.
Second, the policy must be applied to objects and individuals through definition and monitoring. This also fall directly within the analyst’s purview. Oftentimes, as part of definition, a cybersecurity analyst will assign files and file types a classification. The data itself will be marked as confidential; the analyst’s job is to define which data qualifies for that label.
Next up is monitoring. You can’t improve or critique anything if you can’t monitor or measure it. A cybersecurity analyst will review data access, firewall logs, login logs, MFA logs — essentially any logs that are kept. The analysis of these logs will produce actionable items that the analyst can hand off to a security, network, or systems engineer.
By and large, the cybersecurity analyst serves as a bridge between the IT department (including the security team) and the rest of the business. The entire concept of a cybersecurity analysts is governance (or oversight) of security. In a nutshell, this largely involves making sure that the good people don’t do bad things.
The organizational standing of an analyst is sometimes high enough that he or she can be tasked with compliance. A monitoring log indicates a breach or deviation from defined policy, and the cybersecurity analyst takes charge of making a correction to the affected area.
For example, they could adjust a user’s log-on hours if they notice that, between 2 a.m. and 3 a.m., the account is logging on — during a time that the user claims to be asleep. (This happened recently at a company where I work.) They might also lock a user’s account, if that user’s devices are actively sending spam, or are engaged, whether by design or accidentally, in malicious activities.
As noted above, security really is about keeping good people from doing bad things. About 99 percent of the activity that a cybersecurity analyst reviews will be benign and present no problems. It’s that 1 percent of off-kilter indicators that causes all of the headaches.
Another area of concern for analysts is auditing. Some analysts can get into penetration testing, financial audits or NIST audits. My day job requires that NIST audits be performed, and the government version of these audits is one of the most tedious parts of an analyst’s job.
If someone out there finds audits enjoyable, my hat is off to them! A lot of financial firms will employ their CPAs to do cybersecurity audits from a financial perspective, where transactional data for an accounting system is reviewed. Who better to look at money and security than a cybersecurity analyst who is also a CPA?
As you can see, the cybersecurity analyst can take charge of a wide variety of duties. The point at which the work done pivots to being a security engineer role is when it touches on physical infrastructure. Among true security professionals, that is the dividing line.
It has been predicted that growth of this job function, in its pure form, will rise by 28 percent in the next seven years, and undoubtedly continue to go up from there. Security isn’t going away anytime soon, and with the introduction of new tools and quantum computing, we will need more white hats in the mix.
A simple search of Indeed reveals thousands of jobs with median pay of around $80,000 per year. I personally think that is low, but some firms have an analyst on staff to do little more than stamp reams of paper —.and pay that individual accordingly.
In terms of professional background, both a keen eye and a thorough understanding of logic are helpful. Anyone who has been in IT can be trained to become a cybersecurity analyst, but the truly great ones have a keen sense of anomaly. That is to say that they have the ability to spot patterns, as well as a nose for when “something is wrong.” Ex-law enforcement individuals often make great analysts, as do CPAs.
To bolster your cybersecurity analyst qualifications, I recommend a couple of different credentials. First, there is the Certified Information Systems Auditor (CISA) credential offered by ISACA. This for the anyone who winds up in charge of ensuring that an organization’s IT and business systems are monitored, managed and protected.
Next up, a good analyst should consider pocketing a technical cert like CEH (Certified Ethical Hacker) or the Certified Penetration Tester (CPT). The job may not involve much practical application of those skills, but having that stock of knowledge makes it easier to spot and assess anomalies. It also makes it easier to cross over to an engineering job, should one fall on hard times.
Lastly, go for the gold and get (ISC)²’s CISSP credential. It will show any employer that you are serious. A good alternative to CISSP, is ISACA’s Certified Information Security Manager (CISM) certification. No matter what you get, remember that, for a good analyst, the concept of governance or oversight is pervasive.
No matter what happens with computers or the information technology landscape, cybersecurity analysts will always have a part to play. And as the world becomes ever more computerized, the opportunities in this niche are sure to multiply. If you have an analytical mind, then this is a career path that merits strong consideration. As always, have fun getting there!