Surveys indicate that a solid majority of employers use it certifications to _____.

Summary

Please enable javascript to play this video.

Video transcript available at https://www.youtube.com/watch?v=cVZktAEtWE4.

What Information Security Analysts Do

Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems.

Work Environment

Most information security analysts work for computer companies, consulting firms, or business and financial companies.

How to Become an Information Security Analyst

Information security analysts typically need a bachelor’s degree in a computer science field, along with related work experience. Employers may prefer to hire analysts who have professional certification.

Pay

The median annual wage for information security analysts was $102,600 in May 2021.

Job Outlook

Employment of information security analysts is projected to grow 35 percent from 2021 to 2031, much faster than the average for all occupations.

About 19,500 openings for information security analysts are projected each year, on average, over the decade. Many of those openings are expected to result from the need to replace workers who transfer to different occupations or exit the labor force, such as to retire.

State & Area Data

Explore resources for employment and wages by state and area for information security analysts.

Similar Occupations

Compare the job duties, education, job growth, and pay of information security analysts with similar occupations.

More Information, Including Links to O*NET

Learn more about information security analysts by visiting additional resources, including O*NET, a source on key characteristics of workers and occupations.

What Information Security Analysts Do About this section

Information security analysts install software, such as firewalls, to protect computer networks.

Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems.

Duties

Information security analysts typically do the following:

• Monitor their organization’s networks for security breaches and investigate when one occurs
• Use and maintain software, such as firewalls and data encryption programs, to protect sensitive information
• Check for vulnerabilities in computer and network systems
• Research the latest information technology (IT) security trends
• Prepare reports that document general metrics, attempted attacks, and security breaches
• Develop security standards and best practices for their organization
• Recommend security enhancements to management or senior IT staff
• Help computer users when they need to install or learn about new security products and procedures

Information security analysts are heavily involved with creating their organization’s disaster recovery plan, a procedure that IT employees follow in case of emergency. These plans allow for the continued operation of an organization’s IT department. The recovery plan includes preventive measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. Analysts continually test the steps in their recovery plans.

Information security analysts must stay up to date on IT security and on the latest methods attackers are using to infiltrate computer systems. Analysts need to research new security technology to decide what will most effectively protect their organization.

Work Environment About this section

Many analysts work in IT departments and manage the security of their companies computer networks.

Information security analysts held about 163,000 jobs in 2021. The largest employers of information security analysts were as follows:

Many information security analysts work with other members of an information technology department, such as network administrators or computer systems analysts.

Work Schedules

Most information security analysts work full time, and some work more than 40 hours per week. Information security analysts sometimes have to be on call outside of normal business hours in case of an emergency.

How to Become an Information Security Analyst About this section

There are a number of information security certifications available, and many employers prefer candidates to have certification.

Information security analysts typically need a bachelor’s degree in a computer science field, along with related work experience. Employers may prefer to hire analysts who have professional certification.

Education

Information security analysts typically need a bachelor’s degree in computer and information technology or a related field, such as engineering or math. However, some workers enter the occupation with a high school diploma and relevant industry training and certifications.

Work Experience in a Related Occupation

Information security analysts may need to have work experience in a related occupation. Many analysts have experience in an information technology department, often as a network and computer systems administrator.

Licenses, Certifications, and Registrations

Many employers prefer to hire candidates who have information security certification. Some of these certifications, such as Security+, are for workers at the entry level; others, such as the Certified Information Systems Security Professional (CISSP), are designed for experienced information security workers. Certification in specialized areas, such as systems auditing, also is available.

Advancement

Information security analysts may advance to become chief security officers or another type of computer and information systems manager. Information security analysts also may advance within the occupation as they gain experience. For example, they may lead a team of other information security analysts or become an expert in a particular area of information security.

Important Qualities

Analytical skills. Information security analysts study computer systems and networks and assess risks to determine improvements for security policies and protocols.

Communication skills. Information security analysts must be able to explain information security needs and potential threats to technical and nontechnical audiences within their organizations.

Creative skills. Information security analysts must anticipate information security risks and implement new ways to protect their organizations’ computer systems and networks.

Detail oriented. Because cyberattacks may be difficult to detect, information security analysts must pay careful attention to computer systems and watch for minor changes in performance.

Problem-solving skills. Information security analysts must respond to security alerts and uncover and fix flaws in computer systems and networks.

Pay About this section

Information Security Analysts

Median annual wages, May 2021

The median annual wage for information security analysts was $102,600 in May 2021. The median wage is the wage at which half the workers in an occupation earned more than that amount and half earned less. The lowest 10 percent earned less than $61,520, and the highest 10 percent earned more than $165,920.

In May 2021, the median annual wages for information security analysts in the top industries in which they worked were as follows:

Most information security analysts work full time, and some work more than 40 hours per week. Information security analysts sometimes have to be on call outside of normal business hours in case of an emergency.

Job Outlook About this section

Information Security Analysts

Percent change in employment, projected 2021-31

Employment of information security analysts is projected to grow 35 percent from 2021 to 2031, much faster than the average for all occupations.

About 19,500 openings for information security analysts are projected each year, on average, over the decade. Many of those openings are expected to result from the need to replace workers who transfer to different occupations or exit the labor force, such as to retire.

Employment

High demand is expected for information security analysts. Cyberattacks have grown in frequency, and these analysts will be needed to create innovative solutions to prevent hackers from stealing critical information or creating problems for computer networks.

As businesses focus on enhancing cybersecurity, they will need information security analysts to secure new technologies from outside threats or hacks. A shift to remote work and the rise of e-commerce have increased the need for enhanced security, contributing to the projected employment growth of these workers over the decade.

Strong growth in digital health services and telehealth will also increase data security risks for healthcare providers. More of these analysts are likely to be needed to safeguard patients' personal information and data.

State & Area Data About this section

Occupational Employment and Wage Statistics (OEWS)

The Occupational Employment and Wage Statistics (OEWS) program produces employment and wage estimates annually for over 800 occupations. These estimates are available for the nation as a whole, for individual states, and for metropolitan and nonmetropolitan areas. The link(s) below go to OEWS data maps for employment and wages by state and area.

• Information security analysts

Projections Central

Occupational employment projections are developed for all states by Labor Market Information (LMI) or individual state Employment Projections offices. All state projections data are available at www.projectionscentral.com. Information on this site allows projected employment growth for an occupation to be compared among states or to be compared within one state. In addition, states may produce projections for areas; there are links to each state’s websites where these data may be retrieved.

CareerOneStop

CareerOneStop includes hundreds of occupational profiles with data available by state and metro area. There are links in the left-hand side menu to compare occupational employment by state and occupational wages by local area or metro area. There is also a salary info tool to search for wages by zip code.