Home / Career Guides / Cybersecurity Analyst

Cybersecurity Analyst Career Guide

What is a cybersecurity analyst?

Cybersecurity analysts are vital players in the tech space within any significant organization. They are responsible for keeping computer networks secure, anticipating threats (both externally and internally), and teaching others how to stay safe in the cyber workspace. As technology continues to transform the workplace, it’s critical to have employees that understand how to keep networks as airtight as possible. 

There will be a difference between working for small versus large companies. With large companies, analysts will have more specific roles and responsibilities; with smaller companies, it’s expected that these positions can handle a broader range of information. 

Duties and responsibilities

Cybersecurity analysts use hard and soft skills to manage systems and contain threats. Most day-to-day activities fly under the radar and go unnoticed, but we’ve all heard of the issues that have crippled global companies. It’s crucial to have protections in place for personal data, medical systems, and even potential government secrets. Cybersecurity analysts help put protections in place to avoid any unauthorized access.

Understanding cyberattacks, malware, and the behavior of criminals in this space are essential for analysts to protect the IT infrastructure and networks. Typically, cybersecurity analysts will have up-to-date knowledge of firewalls, VPNs, and the inner workings of a network. 

Work environment

Cybersecurity analysts work as part of an organization’s IT department team. Generally speaking, analysts can do this job in an office or remotely. In some instances, travel to office locations for meetings and server rooms for physical maintenance may be required. 

When dealing with cybersecurity threats, there may be higher levels of stress and urgency to resolve the problems. Analysts need to be able to remain calm in these situations and help find resolutions quickly. 

Attention to detail is critical in this role. It’s important that cybersecurity analysts work in a space that allows for concentration and minimal outside distractions. The ability to keep multiple things going at one time and not lose focus can be a huge asset. Whether working remotely or in an office, it should be a place that doesn’t allow frequent interruptions.

Typical work hours

While cybersecurity analysts generally keep standard working hours from nine to five, cybercriminals don’t exactly hold the same hours. Shift work and on-call rotations may be necessary. There’s no predicting when there might be some late-night or weekend security issues, and companies should be prepared.

Depending on the size of the IT team, there can be rotations for who is on-call and clear expectations laid out on response times. Typically, if someone is on-call, they will receive a lighter schedule during regular working hours. There may be an option to do this work as a freelancer for small companies that just need audits completed. 

How to become a cybersecurity analyst

In order to become a cybersecurity analyst, you will need a combination of education, training, and experience. In this career guide section, we cover the steps you’ll need to take to achieve your goal:

Step 1: Earn a bachelor’s degree

The first step is to obtain a bachelor’s degree in an information technology area of study. A bachelor’s degree is typically a four-year program from an accredited university or college. The majority of job openings in cybersecurity require at least a bachelor’s degree. There are universities where you can get a specific degree in cybersecurity, but other IT degrees are a great start.

Step 2: Take specialized courses in cybersecurity

Courses and certifications that are specific to cybersecurity will cover all the unique languages, tools, and best practices in the field. As one of the most in-demand roles in tech right now, some incredible courses are available from top-rated institutions.

  • Udemy offers The Complete Cyber Security Course, which teaches an advanced practical skillset in defending all online threats, including hackers, trackers, malware, and more. It covers multiple operating systems and includes the very latest up-to-date information and methods. 
  • Coursera offers an IBM Cybersecurity Analyst Professional Certificate. To get this certificate, participants must complete the necessary coursework and projects. This will show hands-on experience to hiring managers. 

Step 3: Receive certification

Professional certifications are a clear way to communicate to potential employers what skills and knowledge the applicants have. Obtaining certification in cybersecurity will help candidates ensure that they have the necessary background knowledge and qualifications. 

Security+ from CompTIA is one of the most widely recognized. This entry-level certification validates the foundational skills needed for all cybersecurity roles. It ensures candidates have the problem-solving skills to operate within the law, monitor and secure hybrid environments, assess the security of an environment, and identify, analyze, and respond to security events and incidents. 

Step 4: Apply for jobs and internships

Once the knowledge and skillset are there, it’s time to apply for jobs. Internships are a great starter option to build up your resume and get additional on-the-job training. Colleges and universities often have great recommendations and can help with job or internship placement. There are also incredible online resources, like LinkedIn and Indeed, which will have job postings and allow you to apply online. Consider any opportunities that allow you to gain experience.

Step 5: Obtain additional certification to advance your career

Once someone has worked in the cybersecurity field and begun to gain some experience, additional certifications can be added to the resume. 

  • Certified Information Systems Security Professional (CISSP) – The Certified Information Systems Security Professional is a certification that requires five or more years of cumulative work experience in at least two of eight different cybersecurity domains: Software Development Security, Security Operations, Security Assessment, and Testing, Identity and Access Management, Communication and Network Security, Security Architecture and Engineering, and Asset Security.
  • Certified Information Systems Auditor (CISA) – One of the most recognized certifications, the Certified Information Systems Auditor, shows abilities to assess and prevent security vulnerabilities, implement new controls, and report compliance. 
  • Certified Information Security Manager (CISM) – For advancement to senior positions and the management side, the Certified Information Security Manager shows the ability to handle managing this part of the business. From development to risk management and governance, this covers the next levels.

Step 6: Continue your education

It’s easy to see how quickly the world of technology is changing. That means the methods by which cyber criminals operate are also shifting and changing. By staying in the know of any trends or changes in the field, cybersecurity analysts will be able to stay ahead of potential threats and issues. Continuing education options from companies like Udemy and Coursera are great for staying in touch with the most current information available.

How much do cybersecurity analysts make?

There are many variables that go into determining how much a cybersecurity analyst makes, from company size to experience to education just to name a few. According to the U.S. Bureau of Labor Statistics, the top-paying places of employment and specific industries for cybersecurity analysts are (shown in annual mean salary):

  • Remediation and waste management services – $173,250
  • Computer and peripheral equipment – $144,040
  • Financial investments – $142,070
  • Motion picture and video industries – $141,070

The top-paying cities for cybersecurity analysts to work in are (shown in annual mean salary):

  • San Jose, CA – $150,820
  • San Francisco, CA – $149,250
  • Des Moines, IA – $135,080
  • New York, NY – $134,390

Browse cybersecurity analyst salary data by market

Types of cybersecurity analysts

Cybersecurity is a large field, and it’s growing with each new development in workplace technology. Analysts can be used in many ways, so let’s break down the major paths in the cybersecurity field.

Offensive security

Offensive security is the field of cybersecurity that focuses on the proactive approach. These analysts often play the role of the hacker and look for vulnerabilities in the network. This helps companies get an idea of where they need to prioritize updates and stronger security. Sometimes known as ethical hackers, these roles are important to understanding how things look to an outsider trying to get in.

Incident response

Incident response teams work to fix vulnerabilities when issues occur. Once a security issue is discovered, this team helps minimize further issues and loss. It requires quick thinking and great communication, and teamwork. This type of expertise is also used in digital forensics. Analysts help law enforcement with cybercrimes.

Security architects and engineers

Security architects and engineers are responsible for managing an organization’s network and security infrastructure. This is a great role for people who enjoy building and changing the network structure to build up defenses. It’s less about specific incidents of cybersecurity and more about the overall big picture.

Cybersecurity managers

Cybersecurity managers often oversee a team of people that work on the network and security system. It’s a great role for experienced analysts who enjoy developing talents and working with people. Entry-level analysts can advance to these management positions with experience.

Top skills for cybersecurity analysts

Professionals working in cybersecurity require a degree in cybersecurity, network security, or another relevant information technology discipline. In addition, it’s important to have a basic knowledge of common programming languages, like Java, PHP, or Python. 

Experience is essential, especially if there is a small cybersecurity team. Having at least three years of experience in a relevant position will help ensure that the candidate is prepared to handle situations that arise. It will also provide sufficient expertise in configuring and administering Linux and Windows systems. 

Other technical experience that can help applicants for cybersecurity roles includes experience working with Splunk, Enterprise Prevention Systems, or Endpoint detection and forensic investigation tools. Having proficiency in using some type of intrusion detection and prevention systems is crucial in this role. 

In addition to technical knowledge and experience, analysts in cybersecurity should also have excellent multitasking and organization skills. Possessing the skills to create infographics and educational tools, like diagrams, screenshots, and workflows can help with training and presentations. With any analyst role, having unrivaled attention to detail and excellent verbal and written communication skills are required to perform job duties effectively.

Career path

Cybersecurity analysts are needed at companies of all shapes, sizes, and industries. There is no shortage of demand, so analysts with this skill set can pick which type of industry or region they want to work in. 

With experience in computer sciences and cybersecurity, it’s possible to expand your knowledge base and learn more about software engineering and other information technology fields. Smaller companies may have some crossover between IT positions and offer training in other areas. 

Many large corporations have high-level leadership positions that focus on technology. By focusing on soft skills and continuing education in the IT field, promotions to management roles and even the chief technology officer (CTO) or chief information officer (CIO) may be possible.

There’s no doubt the world is becoming more interconnected every day. Companies that start or transition into the digital age must face digital threats. They need professionals to win the arms race against these threats to avoid crippled infrastructure or losing valuable data or trust from their clients. There is a massive incentive for the preventative measures that cybersecurity experts put in place and the recovery plans they create in case the worst comes to pass. For these reasons, this position is seeing a massive global demand explosion and likely won’t see a slowdown for some time.

During the COVID pandemic, many organizations transitioned to remote or hybrid work environments. Users logging into networks from many locations increased the risk for companies. The higher the risk, the higher the need for cybersecurity professionals. This field is growing and ever-changing, so it will provide exciting opportunities in the future.

Employment projections for cybersecurity analysts

According to the BLS, job openings for cybersecurity analysts are expected to grow four times faster than other roles. Between 2020 and 2030, jobs will grow by 33%, making this a strong career path.

Cybersecurity analyst career tips

Soft skills and traits for cybersecurity analysts

Learn as much as possible about cybersecurity and what areas are available. Find out if there’s a specific section you’re most passionate about. Practice presentation skills and reporting information to large groups of people, both in-person and written. Make continuing education a priority to stay on top of technological changes and be aware of new threats. 

Commonly required skills and qualifications

Consider consulting to build up experience. Many companies are hiring consultants for short-term projects, which could give you some background to add to your resume. Shadow someone in the cybersecurity field for the day to understand what the role does daily. Practice skills like network monitoring and endpoint management. If you work with users working from home, you’ll need to learn how to secure multiple endpoints, like computers and phones. Educate yourself on the companies that have had data breaches and hacker attacks to understand the fallout when things are not secure on a network.

Develop a professional network

Subscribe to Cybersecurity Magazine to stay current on happenings in the field and hear from your peers and their work. You should also join some professional networks to meet others in your field. Here are a few networks to explore:

  • International Association of Computer Science and Information Technology (IACSIT)
  • Information Systems Audit and Control Association (ISACA)
  • Cyber Threat Intelligence Network (NCSA)
  • Information Systems Security Association (ISSA)
  • Women in Cybersecurity (WiCyS)
  • Silicon Valley Cybersecurity Institute (SVCSI)

Where the jobs are

Top companies

  • Exelon
  • ManTech
  • International Corportation
  • ACI Federal


  • Nevada
  • Oregon
  • Washington
  • Arizona
  • Connecticut

Top industries

  • Financial services
  • Government
  • Healthcare
  • Manufacturing
  • Retail

job sites

  • Indeed
  • LinkedIn
  • ZipRecruiter
  • Careerbuilder
  • Monster


What qualifications does a cybersecurity analyst need?

Most jobs in cybersecurity require a bachelor’s degree in technology, like computer sciences and information technology. In addition, some positions require additional certification in specific areas of cybersecurity. 

Do cybersecurity analysts need coding knowledge?

Coding is not required for most basic entry-level positions but can be necessary for career advancement. 

What does a cybersecurity analyst do each day?

Daily tasks for cybersecurity analysts include monitoring networks, assessing the status of security measures, looking into any issues that arise, and analyzing data. There might also be regular reporting and communication with other parts of the organization.

What are the top three most common cyber threats?

While there are many threats in the world wide web today, the three main issues for cybersecurity are social engineering attacks (like phishing), ransomware, and remote working risks. 

Are there companies that hire hackers?

Ethical hackers are used to find vulnerabilities within a company’s network before someone outside is able to. Companies like IBM and the US Army hire ethical hackers to help them get ahead of the problems.

How do I find cybersecurity analyst jobs?

Use online job search tools and job boards, as well as reach out to any connections you have. The field is growing quickly, so there are constantly new jobs and expanding teams.

What should be on my resume for a cybersecurity analyst?

When creating your resume to apply for a cybersecurity analyst role, you’ll want to include any experience you have in the field and all of your education. Include any certifications you have and list any internships or consulting gigs.

How long does it take to become a cybersecurity analyst?

Once you have your four-year degree in a computer science field, you can get a cybersecurity certification to gain more specialized knowledge. Start with an entry-level position to gain experience, and you can work your way up from there.

Do cybersecurity analysts only work for tech companies?

All significant organizations need a cybersecurity team to help protect their network, its users, and its customers. You can find cybersecurity roles in any industry, from film production to healthcare to government to tech companies. 

Is cybersecurity a solid field to enter?

The U.S. Bureau of Labor Statistics expects cybersecurity jobs to increase by 33% by 2030, so this is a great field to enter. The COVID pandemic has increased the need for these positions because more and more people are working in different locations, requiring more security to protect the company.