Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems.

Duties

Information security analysts typically do the following:

  • Monitor their organization’s networks for security breaches and investigate when one occurs
  • Use and maintain software, such as firewalls and data encryption programs, to protect sensitive information
  • Check for vulnerabilities in computer and network systems
  • Research the latest information technology (IT) security trends
  • Prepare reports that document general metrics, attempted attacks, and security breaches
  • Develop security standards and best practices for their organization
  • Recommend security enhancements to management or senior IT staff
  • Help computer users when they need to install or learn about new security products and procedures

Information security analysts are heavily involved with creating their organization’s disaster recovery plan, a procedure that IT employees follow in case of emergency. These plans allow for the continued operation of an organization’s IT department. The recovery plan includes preventive measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. Analysts continually test the steps in their recovery plans.

Information security analysts must stay up to date on IT security and on the latest methods attackers are using to infiltrate computer systems. Analysts need to research new security technology to decide what will most effectively protect their organization.

Work Environment

Information security analysts held about 163,000 jobs in 2021. The largest employers of information security analysts were as follows:

Computer systems design and related services         27%
Finance and insurance 15
Information 14
Management of companies and enterprises 8
Administrative and support services 5

Many information security analysts work with other members of an information technology department, such as network administrators or computer systems analysts.

Work Schedules

Most information security analysts work full time, and some work more than 40 hours per week. Information security analysts sometimes have to be on call outside of normal business hours in case of an emergency.

Education and Training

Information security analysts typically need a bachelor’s degree in a computer science field, along with related work experience. Employers may prefer to hire analysts who have professional certification.

Education

Information security analysts typically need a bachelor’s degree in computer and information technology or a related field, such as engineering or math. However, some workers enter the occupation with a high school diploma and relevant industry training and certifications.

Work Experience in a Related Occupation

Information security analysts may need to have work experience in a related occupation. Many analysts have experience in an information technology department, often as a network and computer systems administrator.

Licenses, Certifications, and Registrations

Many employers prefer to hire candidates who have information security certification. Some of these certifications, such as Security+, are for workers at the entry level; others, such as the Certified Information Systems Security Professional(CISSP), are designed for experienced information security workers. Certification in specialized areas, such as systems auditing, also is available.

Advancement

Information security analysts may advance to become chief security officers or another type of computer and information systems manager. Information security analysts also may advance within the occupation as they gain experience. For example, they may lead a team of other information security analysts or become an expert in a particular area of information security.

Personality and Interests

Information security analysts typically have an interest in the Building, Thinking and Organizing interest areas, according to the Holland Code framework. The Building interest area indicates a focus on working with tools and machines, and making or fixing practical things. The Thinking interest area indicates a focus on researching, investigating, and increasing the understanding of natural laws. The Organizing interest area indicates a focus on working with information and processes to keep things arranged in orderly systems.

If you are not sure whether you have a Building or Thinking or Organizing interest which might fit with a career as an information security analyst, you can take a career test to measure your interests.

Information security analysts should also possess the following specific qualities:

Analytical skills. Information security analysts must carefully study computer systems and networks and investigate any irregularities to determine if the networks have been compromised.

Detail oriented. Because cyberattacks can be difficult to detect, information security analysts pay careful attention to their computer systems and watch for minor changes in performance.

Ingenuity. Information security analysts try to outthink cybercriminals and invent new ways to protect their organization’s computer systems and networks.

Problem-solving skills. Information security analysts uncover and fix flaws in computer systems and networks.

Pay

The median annual wage for information security analysts was $102,600 in May 2021. The median wage is the wage at which half the workers in an occupation earned more than that amount and half earned less. The lowest 10 percent earned less than $61,520, and the highest 10 percent earned more than $165,920.

In May 2021, the median annual wages for information security analysts in the top industries in which they worked were as follows:

Information $128,970
Finance and insurance 104,790
Management of companies and enterprises 101,350
Computer systems design and related services         101,170
Administrative and support services 95,270

Most information security analysts work full time, and some work more than 40 hours per week. Information security analysts sometimes have to be on call outside of normal business hours in case of an emergency.

Job Outlook

Employment of information security analysts is projected to grow 35 percent from 2021 to 2031, much faster than the average for all occupations.

About 19,500 openings for information security analysts are projected each year, on average, over the decade. Many of those openings are expected to result from the need to replace workers who transfer to different occupations or exit the labor force, such as to retire. 

Employment

High demand is expected for information security analysts. Cyberattacks have grown in frequency, and these analysts will be needed to create innovative solutions to prevent hackers from stealing critical information or creating problems for computer networks.

As businesses focus on enhancing cybersecurity, they will need information security analysts to secure new technologies from outside threats or hacks. A shift to remote work and the rise of e-commerce have increased the need for enhanced security, contributing to the projected employment growth of these workers over the decade.

Strong growth in digital health services and telehealth will also increase data security risks for healthcare providers. More of these analysts are likely to be needed to safeguard patients' personal information and data.

For More Information

For more information about computer careers, visit

Association for Computing Machinery

Computing Research Association

IEEE Computer Society

For information about opportunities for women pursuing information technology careers, visit:

National Center for Women & Information Technology

 

 

FAQ

Where does this information come from?

The career information above is taken from the Bureau of Labor Statistics Occupational Outlook Handbook. This excellent resource for occupational data is published by the U.S. Department of Labor every two years. Truity periodically updates our site with information from the BLS database.

I would like to cite this page for a report. Who is the author?

There is no published author for this page. Please use citation guidelines for webpages without an author available. 

I think I have found an error or inaccurate information on this page. Who should I contact?

This information is taken directly from the Occupational Outlook Handbook published by the US Bureau of Labor Statistics. Truity does not editorialize the information, including changing information that our readers believe is inaccurate, because we consider the BLS to be the authority on occupational information. However, if you would like to correct a typo or other technical error, you can reach us at help@truity.com.

I am not sure if this career is right for me. How can I decide?

There are many excellent tools available that will allow you to measure your interests, profile your personality, and match these traits with appropriate careers. On this site, you can take the Career Personality Profiler assessment, the Holland Code assessment, or the Photo Career Quiz.

Get Our Newsletter