July 18, 2022  |  Purdue Global

Information security analysts are in demand across the country. Consider the following statistics:

  • The Bureau of Labor Statistics (BLS) projects that employment of information security analysts will grow 33% from 2020 to 2030, which is much faster than the average for all occupations.
  • From October 2020 to September 2021, 597,767 cybersecurity job openings were available in the U.S., according to Cyber Seek.
  • Cybersecurity Ventures predicts there will be 3.5 million unfilled cybersecurity jobs globally by 2025.

Below, we explain what an information security analyst is and provide tips for how to start a career in information security.

What Does an Information Security Analyst Do?

To learn more about cybersecurity analysts, we talked with Randy Stauber, faculty member at Purdue Global’s School of Business and Information Technology.

“At a high level, information security analysts look for intrusions in a network, investigate breaches when they occur, keep software maintained and up to date, and perform risk analyses to check for vulnerabilities,” says Stauber. “They are also often tasked with educating employees on cybersecurity best practices.”

The term “information security analyst” is often used interchangeably with “cybersecurity analyst.”

“Technically, information security simply refers to keeping data protected, whereas cybersecurity also encompasses the security of network infrastructure, cloud structure, and more,” says Stauber. “There is a lot of overlap between the two fields, and employers may not make a distinction between information security and cybersecurity in job postings.”

>> Read: A Day in the Life of a Cybersecurity Professional

Why Are Security Analysts in Such High Demand?

Some factors influencing the demand for information security analysts include:

  • Cyberattacks. Cybercrime Magazine estimates that by 2025, companies around the world will spend a collective $10.5 trillion each year to combat cybercrime. As the frequency of ransomware, data breaches, and other types of attacks increase, companies will need dedicated information security professionals to protect their data.
  • Volume of data. The sheer volume of data being generated each day is another contributing factor to the growing cybersecurity industry. As more and more activities shift online, the risk of being targeted by a cybercrime grows. “Take the COVID-19 lockdowns, for example,” says Stauber. “During this time, ecommerce became even more ubiquitous. But the more credit card transactions you complete online, the more opportunities there are for your data to be breached.”
  • Evolving workforce. According to the BLS, one of the major reasons why security analyst job openings are on the rise is because many workers are transferring from different occupations.

How to Become a Cybersecurity Analyst

The BLS states that the minimum education required to become an information security analyst is typically a bachelor’s degree in a computer science field.

According to Stauber, employers look at three main qualifications when hiring information security analysts:

  1. Education
  2. Work experience
  3. Cybersecurity certifications

“There are various ways to go about getting each of these, but certainly, education plays a pivotal role in exposing you to the core concepts of information security and preparing you for earning industry certifications,” says Stauber. “Some degree programs also allow you to gain real-world experience through internships.”

Entry-level positions in information security often only call for a bachelor’s degree, but employers may give preference to applicants who can demonstrate advanced knowledge. This knowledge may come from work experience, certifications, or the completion of an online graduate degree in cybersecurity or a related field.

What Hard and Soft Skills Are Needed to Be an Information Security Analyst?

The BLS outlines several important qualities for information security analysts:

  • Analytical skills
  • Communication skills
  • Creative skills
  • Detail-oriented approach
  • Problem-solving skills

Stauber says that of all the skills needed to become a cybersecurity professional, the ability to analyze a situation is one of the most important. “To determine whether a breach has occurred, you need to examine logs and records and look for evidence of vulnerabilities. You need to be able to sort through and make sense of extensive documentation.”

Even though communication and creativity are not always associated with people working in tech jobs, these traits are very valuable for security analysts. “It’s essential that cybersecurity professionals are able to communicate best practices to others in their organization,” says Stauber. “In terms of creativity, analysts often need to think outside the box to solve problems, especially if seemingly unrelated issues are affecting the security of your data.”

>> Read: 7 Myths About Working in Tech

Which Certifications Are Best for Information Security Analysts?

Some employers may prefer to hire information security analysts who have professional certifications. According to Stauber, many cybersecurity certifications are available, but two of the most important are Security+ and CISSP. “I think those two have the most universally recognized value,” he says.

Security+ is a certification developed by CompTIA that focuses on the core security functions of enterprise environments. Some of the topics covered in the Security+ certification include architecture and design, implementation of security measures, and incident response procedures. CompTIA recommends that candidates have two years of experience working in IT before completing the certification exam.

CISSP stands for Certified Information Systems Security Professional. (ISC)—the nonprofit organization that administers the certifications—refers to it as the “world’s premier cybersecurity certification.” The CISSP certification is designed to teach you how to design, implement and manage a cybersecurity program.

To qualify for the CISSP certification, you need to have five years of work experience in the cybersecurity field. “While earning the CISSP may not be required to start your career as an information security analyst, it can be helpful for advancing within your career down the line,” says Stauber.

Take the Next Step Toward a Career in Information Security

Ready to join the cybersecurity field? Purdue Global offers several online degree programs that can prepare you for a career as an information security analyst:

To learn more about our information technology degree programs, request information here.

About the Author

Purdue Global

Purdue Global delivers a fully personalized, world-class education online that's tailored for adults. We offer 175 programs, including associate's, bachelor's, master's, and doctoral degrees as well as certificates, in areas such as business, IT, education, health sciences, nursing, criminal justice, and more.


Employment and Career Advancement: Purdue Global does not guarantee employment placement or career advancement. Actual outcomes vary by geographic area, previous work experience and opportunities for employment. Additional training or certification may be required. In addition, job titles and responsibilities may vary by organization.

Certification Exams: Students are responsible for understanding the requirements of optional certification exams. The University cannot guarantee students will be eligible to sit for or pass exams. In some cases, work experience, additional coursework beyond the Purdue Global program, fieldwork, and/or background checks may be necessary to be eligible to take or to successfully pass the exams.