Number of Jobs
|This Job is Ranked in|
|Best Technology Jobs||#4|
|The 100 Best Jobs||#11|
With the rise in hackers and data breaches sweeping throughout companies and the government, there's a greater need to keep personal and top-secret information safe from cyberattacks. That's where information security analysts enter the picture. Information security analysts are responsible for protecting the computer networks of a company or government agency. While their behind-the-scenes work often goes unnoticed – as it should – public awareness about cybersecurity threats and efforts to protect sensitive information spiked last year when classified documents were leaked from the National Security Agency and the story made headlines worldwide.
Information security analysts must stay one step ahead of cyberattackers. Someone in an entry-level position may operate software to monitor and analyze information, while a more senior-level position could require investigative work to determine whether a security breach has occurred. David Brumley, an assistant professor in Carnegie Mellon University's Department of Electrical and Computer Engineering, says security analysts focus on three main areas: risk assessment (identifying problems an organization might face), vulnerability assessment (determining an organization's weaknesses) and defense planning (installing protections such as firewalls and data encryption programs).
People who want to work in this field need strong problem-solving and analytical skills and an understanding of computer systems. Some information security analysts must be familiar with security regulations and standards. Chris Liu, a security research engineer and instructor at InfoSec Institute, points to the analysts who responded to Target's data breach in November 2013 – when credit and debit card information of roughly 70 million shoppers was compromised. Those analysts had to know the Payment Card Industry Data Security Standard, which provides a guideline for the prevention and detection of credit card security incidents.
Organizations are increasingly looking for ways to protect data and information, which means there's a high demand for information security analysts. The Bureau of Labor Statistics projects 36.5 percent employment growth for this profession between 2012 and 2022, which is the highest growth rate among all technology jobs on our list. During that period, the BLS estimates 27,400 new jobs will need to be filled in the industry. In 2012, the Washington D.C., area had by far the highest employment level for the occupation, likely due to hiring from government agencies. As Brumley explains, "this is one of the few [jobs] in the government that's projected to grow, not shrink, this coming year – even with the sequestration."
Information security analysts earned a median annual salary of $86,170 in 2012, according to the Bureau of Labor Statistics. The best-paid 10 percent made $135,600, while the lowest-paid took home $49,960. The highest-paid in the profession work in the metropolitan areas of New York City, San Francisco and Bethesda, Md.
Many information security analysts earn a bachelor's degree in computer science, programming or engineering. Some employers seek applicants with a Master of Business Administration in information systems. There is also a range of certifications offered by for-profit organizations like InfoSec Institute. After gaining some experience in the field, Liu says many analysts obtain a CompTIA Security+ certification, which includes training in network security, threats and vulnerabilities and cryptography.
The daily skills and knowledge required depends on the position. "Some focus more on risk assessment so they need to understand how computers work – all the way up to people who do penetration testing where they break into your system," Brumley says. "They need to know every detail about your computer."
Generally, this is not an entry-level position. Many people venture into the occupation only after working in another IT role like computer technician. While most companies seek applicants with bachelor's or master's degrees in a computer-related field, Liu says obtaining a certification is key to finding a job. “That's often a critical first step. Once you have the technical understanding and the certification, usually you can find yourself a position somewhere,” he says. "There’s a lot of demand for it."
|Upward Mobility||good Above Average|
|Stress Level||poor Above Average|
Last updated by Stephanie Steinberg.