Information Security Analysts and a Growing Demand

The Internet has become such an integral part of our existence that we cannot imagine life without it. But just as much as the Internet makes it easy for us to do pretty much everything, it also poses certain risks that stem from attacks and gross misuse of technology. This is where information security analysts come in. Today, we discuss the important role that information security analysts play and how one can become a digital guardian.

Highlights

• Who is an Information Security Analyst?
• What are their responsibilities?
• Necessary Skills
• How to become an Information Security Analyst
• Potential Salary
• The Future of Information Security
• Impact of COVID-19

Information Security Analysts – Who exactly are they?
The Internet has both good and bad attributes. While the good does outweigh the bad, the latter has the potential to turn organisations and empires to dust. We have broadly classified all the bad on the Internet under one term – cyberattacks. Some of the attacks come in the form of security breaches that steal information about millions of users for financial gain or to cripple organisations, corporate fraud, bank fraud, or even system breaches where a computer is hacked into and is used to launch attacks on other systems. Such scenarios make it necessary to have security analysts work within organisations to form action plans that offer protection from cyber crimes and thwart attacks.

Information security analysts are responsible for designing and developing security measures (softwares, communication networks etc) that are capable of resisting attacks and launching counter-measures in case of a breach. They have to plan on designing the organisation’s data-rich environment in such a way that infiltration and hacking are rendered powerless. The analysts have to develop solutions that can prevent the loss, damage and theft of mission critical data.

Every industry and business has taken a hit during the pandemic. Many businesses have shut down or are halting operations – signs of a slowing economy. But the need for cybersecurity has not gone down one bit. The switch to the “work from home” culture has in fact, only promoted the need for more security analysts as personal computers do not possess the security prowess that large organisations employ at their offices. If anything, the demand for jobs is only growing in the cybersecurity industry. It’s what they call a “pocket of growth”.

(Source: Statista & GreyCampus)

This industry is not only booming but it is also becoming relatively easier to find opportunities. Additionally, the paradigm shift toward working from home has become the new norm. The current vulnerability has provided hackers who have malicious intent with ample opportunities for breaching organizational databases through attacks such as ransomware, phishing, man-in-the-middle (MitM) attacks, Denial-of-Service (DoS) and malware.

The unprecedented rise of cybercrimes have led to the creation of heavy demand for cyber security experts. The year 2020 has had the infamous record of having global losses amounting to almost 1 trillion from cyber crimes alone! In 2019, around 60% of security breaches were directly linked to human error. Such instances highlight the need for stricter security measures to be put in place. And that’s where security analysts come in.

Information security analysts make use of their analytical and technical skills to design and develop security solutions to protect any organisation’s coveted goldmine – data. In fact, they can be considered as the frontline workers of an organisation that deals with data. One of the most sought-after jobs in the market today, security analysts have one of the most challenging yet highly rewarding jobs. The responsibility of managing and securing an entire organisation’s data is not something to be taken lightly.

They put their skills to good use by deploying systems that test an organisation’s network, detect anomalies, manage data distribution, protect employee assets and data, and to constantly upgrade the security features. One of their biggest responsibilities lies in intrusion detection and launching counter-measures for the same. Most analysts constantly monitor their systems through testing procedures where they identify flaws and work out efficient strategies to overcome them. They monitor security access to map data access to the different users. Minimising damages is not an easy task so preventing them from happening is where an analyst’s job begins.

Analysts are required to keep track of changing technology and keep themselves updated in terms of security systems and cyber attack possibilities. In order to prevent unauthorized access, they must secure both online and on-site infrastructure by filtering out anomalies and mitigating risks. They also generate reports to evaluate the efficiency of security policies. Auditing security measures is also part of an analyst’s responsibilities.

Analysts are required to train employees and employers about the different security protocols to be followed in order to ensure maximum protection from unauthorized personnel. The analysts maintain documentation about the security measures and keep the systems updated to prevent breaches, trigger better “incidence response” and improve data recovery. In instances where the security coverage is provided by a third-party vendor, the analysts have to constantly collaborate with them to improve standards and to track updates.

• Analytical skills to understand the methods by which data can be secured and how attacks take place so that they can either be prevented or disabled.
• Technical skills to troubleshoot issues and to develop new security solutions.
• Problem solving capabilities are a must as analysts should possess the ability to respond immediately to intrusions and to minimise the damages. They also have to rectify the security issues so that the same does not occur again in the future.
• Great communication skills are a necessity since the problems that have been identified and the vulnerabilities of a system that have been exposed through external attacks or through internal testing need to be clearly relayed to upper management in order to launch quick fixes before the damage is done. The analysts also have to train other employees to follow secure procedures while handling data.
• In order to identify weak links in an organisation’s security systems, one must be able to try and “hack” into it. This is known as ethical hacking – a friendly intrusion method that points out the vulnerabilities of a system. This way, the entry points which were otherwise overlooked can easily be controlled so that the exploitation can be minimised or negated.
• Technical/Hard skills: They include knowledge of a significant programming language like Java, Python, PHP, Shell, C/C++, etc. Also, expertise in network or system architecture, management, and administration skills are in demand.
• When a data breach occurs, it is important to understand where it came from. Computer forensics help in the collection, analysis and reporting of data in order to understand how breaches took place.
• The ability to monitor traffic over the network so that intrusions can be detected and a response can be meted out immediately.
• To reverse the effects of an attack or to understand how a piece of software can be modified so that bugs can be patched, one must know the process of reverse engineering.
• The role of an analyst requires one to be extremely diligent and patient since there may be scenarios where one has to go over hundreds of pages of data in order to identify risks or breaches.
• One must develop expertise in cyber security, network security, firewall maintenance, linux-based systems and other technical areas in order to be analytically strong and detail-oriented.

In case one wants to become an Information Security Analyst, there are multiple ways to become one.

• Undergraduate and Graduate Degrees – Possessing an undergraduate or graduate degree in cyber security is a sure shot way of landing your dream job. A degree in cyber security or any of the related fields including mathematics, computer science or engineering has been regarded as the most sought after requirements in the industry. Cybersecurity certifications are also considered as a prerequisite for landing jobs in the private sector.
• Certifications and Licenses – Numerous certifications are available for those looking to be cyber security professionals. In fact, this is one of the few professions that requires certifications along with the necessary academic credentials to showcase technical skills so that one may land a well-paying job. Some of the certifications for cyber security include Certified Ethical Hacker (CEH), Certified Information Security Auditor (CISA), CompTIA Security+, CCNA: Cisco Certified Network Associate Security, SSCP: Systems Security Certified Practitioner, Certified Information Systems Security Professional (CISSP), GSEC: GIAC Security Essentials.
• Developing Technical Skills – Learning how to write code can be a significant advantage over other potential candidates. The ability to code in Java, C/C++, Python, Shell script etc are highly sought after by those looking to hire information security analysts.
• Gaining Field Experience – By racking up experience over the years, one can find very highly-paying opportunities across industries. Additionally, the experience helps one to stay on top of their game and in staying informed about the latest trends in the field. Over time, the development of professional networks may help one to know about the latest developments and various opportunities.
• Academic Research – The need for research in the information security field cannot be undermined. By being involved in research, one can design and develop new cyber security technologies that can enhance existing protocols.

The growing job demand would mean that one may likely enjoy job security. But that’s not all! Information security analysts are among the highest paid IT professionals in the world. The median salary for those jobs in May of 2020 was USD 103,590 (USD 49.80 per hour) with the highest median remuneration of USD 107,310 coming from working for the information industry. In fact, the median salary for other IT related jobs was around USD 91,250. Expert cyber security professionals with experience or highly-valuable technical skills can expect to get paid a lot more than the average.

Around the world, the governments, health care organizations, financial systems, and other companies are increasingly relying on information security analysts to protect their information systems against hackers and cyberattacks. The Bureau of Labor Statistics projects 31.2 per cent employment growth for information security analysts between 2019 and 2029. In that period, an estimated 40,900 jobs should open up in the US alone.

As the digital transformation across industries and sectors grows, experts believe that security analysts will continue to be in high demand. Traditional cybersecurity analysts worked in niche industries related to traditional sectors of the economy such as the military, finance and banking, and the oil and gas companies.

But now, increasingly, consumer companies and everyday brands are hiring cybersecurity analysts to help protect their companies and operations. The need for well-trained cybersecurity analysts is so high that employment opportunities for cybersecurity professionals will grow by 36 per cent through 2024. The projected rate of job growth is much faster than other sectors of the economy. Current trends project to continue to grow into the next several years as more companies and organizations begin investing in cybersecurity positions.

The governments of various countries, defense organisations, sporting teams, multinational companies, investment and banking sectors, educational institutions and other small and large organisations are dependent on information security analysts to design systems that are capable of protecting their databases from malicious cyber attacks. The employment opportunities for information security analysts are projected to grow by at least 28% between 2019-2027, according to reports from the U.S Bureau of Labor Statistics (BLS). Information security analyst is ranked number 4 in the list of top ten preferred IT jobs.

As the remote-working trend makes waves across industries and sectors, experts believe that the demand for security analysts will continue to be high. If estimates are to be believed, more than 3 million cyber security jobs are expected to open up by the end of 2024. The high probability for career growth and relatively low stress levels among IT jobs are also attractive factors for considering the role of a security analyst.

The need for well-trained cyber security analysts is so high that the job outlook for cyber security professionals is touted to reach 31% between 2019-2029, a much higher percentage compared to other IT jobs. Current trends point towards a positive growth in the market for cyber security analysts.

Businesses have begun to prioritise their operations. Most organisations are at their most vulnerable stages currently as many sectors are facing budget cuts including IT and cyber security operations. These budget cuts are expected to be major setbacks for planned long-term improvement programmes and deployment of security features that form the first line of defense of any organisation. There are possibilities of employees side-stepping organisational procedures while working from home in order to accommodate their long work schedules. These simple deviations can act as sweet spots for hackers to target and steal information. Due to the distributed nature of work and the need to access organisational workfiles remotely, the users are susceptible to Distributed Denial-of-Service (DDoS) attacks. The use of unfamiliar software may also open up vulnerabilities that can be exploited. Covid-themed attacks are being employed to disrupt networks and to leak data.

Due to the effects of the pandemic that has been discussed, the organisations have no choice but to ramp up their security infrastructure. Increased monitoring, aggressive testing of systems and networks to identify breaches and employing more cybersecurity professionals seems to be way ahead. Cloud-based systems are expected to reduce the time taken for deployment and can also have better security while being flexible enough to be maintained remotely.

Once the workforce gets back to office, cyber security professionals are expected to build tighter security systems and networks. They might even have to reset existing systems and re-assess the security architectures that are in place currently. With advanced levels of attacks, the need to utilise artificial intelligence and data analytics in order to detect and neutralise threats are also on the cards. Indeed reported a 13% increase in the cyber-security-based job postings from February to May last year. A 30% increase in job searches related to cybersecurity roles was also noticed. Another report revealed that although there are 2.8 million cybersecurity professionals, the cybersecurity workforce needs to increase by 147% to close the skill gap. The demand for technically sound cyber security professionals is expected to surge in the coming years.

To sum it all up

• Information security analysts use their technical and analytical skills to design and develop measures to protect an organisation’s data.
• Information security analysts generally possess expertise in cyber security, deployment of firewalls, network security, distributed data management and protection, linux-based operating systems, end-to-end encryption, hashing, programming languages (Java, C/C++ etc), application security, cloud security etc.
• The median annual salary for information security analysts in 2019 was around USD 99,730. One can expect to earn a lot more than this based on experience or expertise.
• The employment opportunities for cyber security professionals are at an all-time high currently and is expected to grow by at least 36% by the end of 2024.
• In spite of the slow economic growth predicted due to the pandemic, opportunities in the field of cyber security are not expected to go down anytime soon due to demand for improved security measures.