How to Become a Cybersecurity Analyst

Our world becomes more data and technology-driven every day. Growing advances in technology demand growth in data security and privacy.

With the rapid developments in the field, a career in cybersecurity could be a good option if you're interested in the intersection of technology, computer science and problem-solving. There are many opportunities to be a generalist or a specialist.

“Cybersecurity keeps growing, with many niche areas where a prospective candidate can carve out great opportunities,” said Terry Winn, an adjunct instructor at Southern New Hampshire University (SNHU) with more than 37 years of experience working for Department of Defense (DoD) agencies.

The Field of Cybersecurity

Cybersecurity is “the art of protecting networks, devices and data from unauthorized access or criminal use,” according to the Cybersecurity & Infrastructure Security Agency (CISA).

Cybersecurity and information assurance are closely linked, according to Winn, whose recent experience includes work as an information system security professional team lead within the Governance, Risk and Compliance (GRC) area of the field. “While information assurance provides protection capabilities at the data level, cybersecurity offers protection at the system or network level,” he said.

Both embody three key tenets that serve as the cornerstone of the field, according to Winn:

• Confidentiality, which deals with ensuring that no unauthorized disclosures happen
• Integrity, which ensures that data is authentic and has not been changed
• Availability, which ensures that data is at the ready when users need to access it

A strong interest in technology and an understanding of computer systems are key to building a career as a cybersecurity analyst.

Read more: What is Information Security? Why It’s Important, Job Outlook and More

What Does a Cybersecurity Analyst Do?

One of many roles within cybersecurity, cybersecurity analysts perform a number of important job functions.

Also referred to as information security analysts, people in this role may have a variety of responsibilities, according to the U.S. Bureau of Labor Statistics (BLS), including:

• Maintaining firewalls and other security measures to keep data safe
• Monitoring data systems for intrusion from those with criminal intent
• Recommending security measures to management to be both proactive and reactive against threats
• Researching to stay current on new trends in the field

Your exact duties can depend on the size of your organization and your team. For instance, SNHU alumna Cyndie Ramirez '18 was a security analyst on a Security Operations Center (SOC) team before transitioning to the same role on an Insider Threat team. From there, she entered management.

Ramirez joined the field after earning a bachelor's degree in information technology with a concentration in cybersecurity at SNHU. No matter the team you're on, she said it's essential for all security analysts to understand threats and stay updated on industry changes.

The work of a cybersecurity analyst is certainly technical, but a variety of interpersonal and professional skills are needed to be successful as well. According to Winn, it’s important to be able to demonstrate the following for success in any role:

• Ability to act and respond to threats with little information
• An inquisitive mind to assess threats and find solutions
• Attention to detail to document findings and recommendations
• Willingness to learn because the field is always changing

"As the cybersecurity field grows, so will the day-to-day responsibilities of the cyber analyst," Winn said. "No two events or situations are the same." That's why the ability to continually learn and grow is key, regardless of the role.

What Qualifications Do I Need to Be a Cybersecurity Analyst?

While cybersecurity analysts often get their start in the field with the help of a bachelor's degree, according to BLS, it's not always a requirement. Some employers will also consider candidates with certifications and relevant industry training, BLS reported.

Winn said that one of the best ways to be prepared for the job hunt is to arm yourself with the three pillars of entry to the field: education, certification and experience.

• Education, which involves working on a cybersecurity certificate or a cybersecurity-related degree program
• Certification, which provides formal acknowledgment that an individual has achieved a baseline level of knowledge in a specific topic area
• Experience, which provides opportunities to demonstrate hands-on knowledge with tools commonly used within the cybersecurity field

If you don't have any formal experience in the industry, you may be able to start building a portfolio as a student.

Is It Hard to Become a Cybersecurity Analyst?

While it can take some time to land a cybersecurity analyst position due to the competitive nature of the field, job opportunities can be plentiful, according to Winn.*

To gain practical experience early in your career, he recommends participating in nationally recognized events and organizations that allow you to practice skills hands-on in low-stakes environments.

Three opportunities recommended by Winn are:

Capture the Flag

This is a competition that uses a cloud-based platform to host cybersecurity or security-related challenges.

“These competitions provide a practice ground for training and learning skills without the impact of something going wrong in a live environment,” Winn said. “If a participant solves a challenge, they receive a ‘flag.’ The more flags you capture, the greater your skills are.”

Anyone wanting a role in penetration testing, ethical hacking, information technology and information security may benefit from participating in these competitions.

National Cyber League (NCL)

This allows students to participate in a capture-the-flag environment to hone skills.

“Participating in an NCL event is a great way to get exposure to industry-related cybersecurity tools in a ‘mistake-free’ environment,” said Winn.

He equates this to a sandbox-type environment for skills practice.

Open only to high school or college students, you must be affiliated with a school to participate. Last fall, SNHU ranked 4th out of more than 600 participating colleges and high schools.

You can check with your school to see how you can get involved.

The Scouting Report

This is a report that details and verifies the skills that an individual has mastered in events such as Capture the Flag.

Without participation in an industry event, a student or someone new to the field may not have a way to demonstrate what they can do. The Scouting Report is verifiable online, so a prospective employer can validate the participant and verify their skills.

This report is “a fancy way to represent your skills and performance in a cybersecurity event virtually,” Winn said.

How Long Does It Take to Become a Cybersecurity Analyst?

Becoming a cybersecurity analyst can take different lengths of time based on your background, career goals and interests.

In terms of time to completion, the quickest path forward can be by earning a certificate in cybersecurity. At SNHU, this can be completed in just over six months, and includes six courses covering topics in:

• Defense strategies
• Legal and ethical considerations
• Network design
• Operating system fundamentals
• Problem-solving through systems thinking
• Technological tools and software basics

These areas lay the groundwork for your chosen career while preparing you for success in further study. Other program options include:

• Associate degree in cybersecurity - can be earned in a little more than a year and a half if you already have a certificate or two years without it.
• Bachelor’s degree in cybersecurity - may take around 4 years or less if you have transfer credits from other schools or programs, like a cybersecurity certificate or associate degree.
• Master’s degree in cybersecurity - can take as little as 15 months. This is a good option if you already have a bachelor's degree.

At SNHU, the certificate, associate and bachelor's programs in cybersecurity are stackable, so you won’t have to backtrack and repeat any courses to move forward.

Read more: What is a Cybersecurity Degree?

Career Outlook for Cybersecurity Analysts

The career outlook for cybersecurity analysts is strong, according to BLS, with a median salary of $124,910 in 2024 and a healthy job growth of 29% over the next 10 years, which is much faster than the national average for all occupations.*

Creating your organization’s disaster recovery plan, staying up to date on the latest technology research and proactively investigating ways hackers are trying to infiltrate computer systems are key elements to any cybersecurity analysis role.

The ability to pivot, be open to learning new skills and act quickly and decisively are also key skills for a cybersecurity analyst. BLS notes the following skills in particular as helpful for success in a cybersecurity role:

• Analytical skills - to conduct research and determine needs and solutions to those needs
• Communication skills - both written and oral, so you can make recommendations to upper management
• Problem-solving skills - to uncover potential threats to the network and design systems to prevent breaches from happening in the first place

Most corporations and organizations require cybersecurity analysis and protection. The technology sector is one area where cybersecurity analysts are needed. But a growing use of artificial intelligence (AI) and the digital needs of e-commerce industries are contributing to the approximately 16,000 job openings in this field each year, according to BLS. Safeguarding information extends to credit card data, financial data and even personal data.

Everyone online can be found, and everything needs to be protected. Strong cybersecurity analysis can help prevent bad actors from gaining private information, create preventative measures and devise plans to manage risk.

*Cited job growth projections may not reflect local and/or short-term economic or job conditions and do not guarantee actual job growth. Actual salaries and/or earning potential may be the result of a combination of factors including, but not limited to: years of experience, industry of employment, geographic location, and worker skill.

A former higher education administrator, Dr. Marie Morganelli is a career educator and writer. She has taught and tutored composition, literature, and writing at all levels from middle school through graduate school. With two graduate degrees in English language and literature, her focus — whether teaching or writing — is in helping to raise the voices of others through the power of storytelling. Connect with her on LinkedIn.