How to Become a Cybersecurity Analyst in 2022: Training, Salary and Trends

In learning how to become a cybersecurity analyst, you will acquire the answers to these questions:

• What is the difference between a cybersecurity analyst and a cybersecurity engineer?
• What does a cybersecurity analyst really do?
• What skills should you have to become a cybersecurity analyst?
• What are the requirements to get started as a cybersecurity analyst?
• What are some common titles of cybersecurity analysts?
• What certifications should I work towards for success as a cybersecurity analyst?

Are you on the lookout for something to give more meaning and challenge to your work or for new career paths? If so, the cybersecurity career, particularly as an analyst, is an exciting option. Cybersecurity professionals are now on the frontlines of a growing global industry. They tackle advancing cyber threats and help organizations and individuals. They master deep technical expertise as they go. The cybersecurity career also offers a future-proof career path. It is one of the most in-demand skillsets in the US. 

The number of cybersecurity jobs in the US is growing at an astounding rate. There are not enough well-trained professionals to fill these positions. One prediction estimates that there may be 3.5 million unfilled cybersecurity jobs globally by 2025. Cybersecurity offers significant potential for both entry-level and seasoned professionals and provides a path toward meaningful and rewarding work.

With the COVID-19 pandemic, the demand for cybersecurity skills increased even more. According to one report, around 80% of cybersecurity threats use COVID-19 as leverage. This is due to the increased reliance on telework across most industries. These threats encompass nearly all cyber attacks. These include business email compromise, credential phishing, malware, and spam emails. Cybersecurity specialists have never been more important than they are today. They protect businesses, people, and their data in the situation the world is facing.

You may want to consider the path that many prospective cybersecurity analysts take. Most candidates begin their careers as information technology specialists. They then get the CompTIA Security+ and CompTIA CySA+ certifications. Then they find themselves ready to start their next career challenge.

What is the difference between a cybersecurity analyst and a cybersecurity engineer?

In the broadest sense, we can map cybersecurity jobs into two categories — analysts and engineers. So how do they differ? Well, I’m pretty sure we all have seen Formula 1 racing. Imagine for a moment that cybersecurity analysts are like those F1 drivers. They are paying attention to how the car is working and everything going on around it. They know if something is not right with the car (or, in our case, the computer networks) and if there is an issue with the way it is functioning. Unfortunately, cybersecurity analysts do not know how to get under the hood and fix it, though. They just sit in the car and are the experts in driving it to a pole position or to secure a podium finish. 

In contrast, cybersecurity engineers are like the race car’s designers and engineers. These specialists understand all the nuts and bolts of how the system within the car operates. In our case, the vehicle is the cyber defense systems and analysis network. The engineers design the systems that make the car function as efficiently as possible. They know how to fix the car’s issues, if there are any, and ensure that it is fine-tuned and functioning correctly.

But what does a cybersecurity analyst really do?

Cybersecurity analysts focus on research, data analysis, and creative problem-solving. Day-to-day tasks can vary. They may involve scanning internal datasets to detect system vulnerabilities and cyber attackers. They may call for drawing on external intelligence to predict and prepare for future cyber threats. Cybersecurity analysts are also great communicators and managers. They play a vital role in connecting the dots with other functions in their organization.

As cybersecurity analysts grow in their careers, they also have a lot of options. They can take a manager track toward leading a security team. They can become a Chief Security Officer. A CSO heads up the security function for their entire organization. They can also choose to stay on a more technical track. This means building skills in engineering or system architecture. They will continue to do analytical work and start to introduce some limited engineering work on their own. They also collaborate with other teams or other engineers at a more advanced level. Some will be cybersecurity analysts for in-house cybersecurity teams. Analysts can also become independent consultants. They can start their own company or organization using their skills and experience.

What skills should you have to become a cybersecurity analyst?

First, cybersecurity analysts need strong research, analytical, and problem-solving skills. They also need an understanding of information systems and a sound grasp of information security. If you work in security, you should understand exactly what security is and means. 

Project management skills are also very important. This is not a technical skill. It is not like being the engineer working on a car. It is more about managing time, people, and data in an efficient manner. This type of management skill is essential for entry-level cybersecurity analyst jobs. It is also important for first-level managers, who might have to oversee tight schedules and deadlines.

Last and what may be the most important, cybersecurity analysts need to stay up to date. They must stay updated with current trends in threats and ways to combat them. They need to know how to identify and reduce vulnerabilities. They also need to prepare their networks for these threats to lessen the likelihood of an attack.

Alright, you convinced me. What are the requirements to get started as a cybersecurity analyst?

Many people think they need to earn degrees in computer science to become a cybersecurity analyst, but that is not true. When it comes to cybersecurity jobs, employers prefer candidates with three things — experience, certifications, and degrees. 

The first thing an employer looks for is a candidate with experience. This is why many people with a bachelor’s degree do not get hired for cybersecurity positions. Employers typically give these positions to people who have real-world experience. Take a look at most cybersecurity jobs. Even entry-level positions ask that a candidate have at least two years of experience. This doesn’t mean you need two years of experience as a cybersecurity analyst to get an entry-level job. Instead, it means you need to have two years of experience in information technology. So, if you want to be a cybersecurity analyst, you should start with an information technology job. Two years of work in system administration, as a network engineer, or even at a service desk will let you gain that experience. Then you will be more competitive for a cybersecurity position.

Second, employers look at your certifications. If you want to become a cybersecurity analyst, you should at least have your CompTIA Security+ and CompTIA CySA+ certifications. This shows employers that you are serious about the field. It also indicates that you have invested time and money into your future career. Many companies may use certifications as a hiring filter. If you don’t have the certifications listed on your resume, you won’t even make it to the hiring manager. There goes a potential interview. Take the time to earn your certificate. It really is helpful in landing a position.

The third area that employers consider is a degree. Notice the order of these three things because it was intentional. Experience is the most important factor. Certifications help you get past the recruiting filters. So, you might wonder, what are degrees used for in the hiring process?

Employers usually use degrees to determine your salary. A degree alone won’t get you the job. Instead, it helps determine salary in combination with your experience and your certifications. For this reason, most degree programs in the United States now include certifications as part of their programs.

What are some common titles of cybersecurity analysts?

• Incident Analysts respond to cybercrimes, such as hacking. They piece together a narrative to understand how the crime happened. They gather forensic evidence to figure out events when a hacker has broken into a system. The national average salary for Incident Analysts is around $78,000, according to ZipRecruiter.
• Threat Intel Analysts specialize in monitoring and analyzing active and potential cybersecurity threats. They focus on analyzing useful intelligence from a wide spectrum of sources. They keep their finger on the pulse of cybersecurity. The national average salary for Threat Intel Analysts is around $112,000 per year, according to Glassdoor.
• Security Hunt Analysts are responsible for defensive cyber counter-infiltration operations. They work against Advanced Persistent Threats and focus on searching for hackers already deep in the organization’s network. These positions earn a national average salary of around $111,000 per year, according to ZipRecruiter. 
• Compliance Analysts make sure that their organization’s systems are compliant with regulations. They check systems against government and industry regulations. They figure out which regulations affect their organization. Then they develop plans to meet the necessary standards. They research, educate, and project-manage. They do this to make sure all the members of a cybersecurity team are on the same page. A general compliance analyst earns a median salary of around $63,000 per year. A cybersecurity compliance analyst can earn up to $100,000 per year, according to ZipRecruiter. 

What certifications should I work towards for success as a cybersecurity analyst?

There are many certifications in the IT and cybersecurity industry. You may feel confused about which you should focus on. As a beginner, you should work towards your CompTIA Security+ certification. As you move upward, the next two certifications you should work towards are your CompTIA CySA+ (cybersecurity analyst) and CompTIA PenTest+ (penetration tester). As you continue in your career, you should work towards your CompTIA Advanced Security Practitioner (CASP+) and the Certified Information Systems Security Professional designations. 

The possibilities are endless as a cybersecurity analyst. It is a rewarding career path and offers a tremendous amount of growth potential for your future.