How to Become a Cybersecurity Analyst

Our world becomes more data and technology-driven every day. Growing advances in technology demand growth in security for data and privacy. 

With the rapid developments in the field, a career in cybersecurity could be a good option if you're interested in the intersection of technology, computer science and problem solving. There are many opportunities to be a generalist or a specialist.

“Cybersecurity keeps growing, with many niche areas where a prospective candidate can carve out great opportunities,” said Terrance Winn, adjunct instructor at Southern New Hampshire University (SNHU). 

In addition to teaching at SNHU, Winn works for a Department of Defense (DoD) Agency as an information system security professional team lead. Having worked for the DoD, both in and out of uniform, for more than 36 years, Winn’s current role falls within the Governance, Risk, and Compliance (GRC) area of the greater cybersecurity career field.

The Field of Cybersecurity

Cybersecurity is “the art of protecting networks, devices, and data from unauthorized access or criminal use,” according to the Cybersecurity & Infrastructure Security Agency (CISA). That protection of networks and data requires skill in ensuring confidentiality, integrity and availability of information, according to CISA.

Cybersecurity and information assurance are closely linked, according to Winn. “While information assurance provides protection capabilities at the data level, cybersecurity offers protection at the system or network level,” he said.

Both embody three key tenets that serve as the cornerstone of the field, according to Winn:

• Confidentiality, which deals with ensuring that no unauthorized disclosures happen
• Integrity, which ensures that data is authentic and has not been changed
• Availability, which ensures that data is at the ready when users need to access it

A strong interest in technology and an understanding of computer systems are key to building a career as a cybersecurity analyst.

Learn more about what cybersecurity is and why it's important.

What Does a Cybersecurity Analyst Do?

Cybersecurity analysts perform a number of important job functions, including:

• Designing and maintaining firewalls and other security measures to keep data safe
• Monitoring data systems for intrusion from those with criminal intent
• Recommending security measures to management to be both proactive and reactive against threats
• Research to stay current on new trends in the field

In these roles, you may coordinate and perform a variety of technical tasks, manage projects and respond to cyber incidents, according to Jonathan Kamyck, associate dean of cybersecurity at SNHU.

You may also conduct research on current and expected cyber threats, perform security assessments and suggest improvements to existing systems.

According to CISA, cybersecurity jobs can fall into several categories, such as:

• Cross-Functional Skills Jobs. In this category, positions include program manager, cyber policy and strategy planner and information technology (IT) project manager roles
• Cyber Intelligence Skills Jobs. Within this job category, you may work to assess network vulnerabilities or collect intelligence and analyze your findings to support organizational operations and security
• Cybersecurity Skills Jobs. In this category, you may work in positions like data analyst, software developer, database administrator, network operations specialist and system administrator 
• IT Skills Jobs. Cyber security skills are used in a variety of ways within IT, such as with jobs as cyber defense analysts, security architects and cyber defense incident responders

The work of a cybersecurity analyst is certainly technical, but a variety of interpersonal and professional skills are needed to be successful as well. According to Winn, it’s important to be able to demonstrate the following for success in any role:

• Ability to act and respond to threats with little information
• An inquisitive mind to assess threats and find solutions
• Attention to detail to document findings and recommendations
• Willingness to learn because the field is always changing

"As the cybersecurity field grows, so will the day-to-day responsibilities of the cyber analyst," Winn said. "No two events or situations are the same." That's why the ability to continually learn and grow is key regardless of the role.

What Qualifications Do I Need to be a Cybersecurity Analyst?

Some employers may hire candidates with a certificate or associate degree, according to the U.S. Bureau of Labor Statistics (BLS), though a bachelor’s degree is generally needed to be competitive in the job market, as is work experience. To gain that work experience, you may wish to start your career in an information technology role, perhaps as a network or computer systems administrator.

The median salary for such roles is $90,520 per year, according to BLS, and positions may include job functions such as maintaining servers, providing input on hardware purchasing decisions and training users on security measures and proper use of the organization’s systems.*

While it can take some time to break into the field as a cybersecurity analyst due to the competitive nature of the field, job opportunities can be plentiful, according to Winn. He said that one of the best ways to be prepared for the job hunt is to arm yourself with the three pillars of entry to the field: education, certification and experience. 

• Education, which involves working on a cybersecurity certificate or cybersecurity-related degree program
• Certification, which provides formal acknowledgment that an individual has achieved a baseline level of knowledge in a specific topic area
• Experience, which provides opportunities to demonstrate hands-on knowledge with tools commonly used within the cybersecurity field

To gain practical experience early in your career, Winn recommends participating in nationally recognized events and organizations designed to allow cybersecurity professionals the opportunity to practice skills hands-on in low-stakes environments. 

Some events and organizations recommended by Winn include:

• Capture the Flag. This is a competition that uses a cloud-based platform to host cybersecurity or security-related challenges. “These competitions provide a practice ground for training and learning skills without the impact of something going wrong in a live environment,” Winn said. “If a participant solves a challenge, they receive a ‘flag.’ The more flags you capture, the greater your skills are.” Anyone wanting a role in penetration testing and ethical hacking, as well as information technology and information security, may benefit from participating in these competitions.
  
  
• National Cyber League (NCL). This allows students to participate in a capture-the-flag environment to hone skills. “Participating in an NCL event is a great way to get exposure to industry-related cybersecurity tools in a ‘mistake-free’ environment,” said Winn. He equates this to a sandbox-type environment for skills practice. 
  
  
• The Scouting Report. This is a report that details and verifies the skills that an individual has mastered in events such as Capture the Flag. Without participation in an industry event, a student or someone new to the field may not have a way to demonstrate what they can do. The Scouting Report is verifiable online, so a prospective employer can validate the participant and verify their skills. This report is “a fancy way to represent your skills and performance in a cybersecurity event virtually,” Winn said.

Winn has been the coach of SNHU's NCL group, known as the "CyberSNHUpers," since 2017. Open only to high school or college students, you must be affiliated with a school to participate. 

Notable wins for the CyberSNHUpers during Fall 2023, according to Winn, include: 

• Ranked 65th in the "National" or "Standard" bracket, including inexperienced players
• SNHU's top "National" or "Standard" bracket player, Matt Jackson, was 147th nationwide
• Ranked 7th nationwide in the "Experienced Student" group
• SNHU's top experienced player, Steven Dudley, finished 10th nationwide in the "Experienced Student" group
• Kyle Pizzolato finished 39th in the country, also in the "Experienced Student" group

You may wish to check with your school to see how you can get involved.

How Long Does it Take to Become a Cybersecurity Analyst?

Becoming a cybersecurity analyst can take different lengths of time based on your background, career goals and interests.

In terms of time to completion, the quickest path forward can be by earning a certificate in cybersecurity. At SNHU, this can be completed in just over six months, and includes six courses covering topics in:

• Defense strategies
• Legal-ethical considerations and defense strategies
• Network design
• Operating system fundamentals
• Problem-solving through systems thinking
• Technological tools and software basics

These areas lay the groundwork for your chosen career while preparing you for success in further study.

An educational credential, such as a certificate or a degree, could help prepare you for jobs as a cybersecurity analyst. Hands-on experience is helpful, too.

An associate degree in cybersecurity can be earned in a little more than a year and a half, depending on your situation. A bachelor’s degree in cybersecurity will likely take a bit more time, but the exact time may vary depending on any transfer credits you have from other schools or from programs like a cybersecurity certificate or associate degree. At SNHU, all of these programs are stackable, so you won’t have to backtrack and repeat any courses to move forward.

If you are interested in earning a master’s degree in cybersecurity, that can be earned in as little as 15 months. This is a good option if you already have a bachelor's degree.

Explore more about the different cybersecurity degrees.

Career Outlook for Cybersecurity Analysts

The career outlook for cybersecurity analysts is strong, according to BLS, with a median salary of $112,000 and a healthy job growth of 32% over the next 10 years, which is much faster than the national average.*

Creating your organization’s disaster recovery plan, staying up to date on the latest technology research and proactively investigating ways hackers are trying to infiltrate computer systems are key elements to any cybersecurity analysis role.

The ability to pivot, be open to learning new skills and the ability to act quickly and decisively are also key skills for a cybersecurity analyst. BLS notes the following skills in particular as helpful for success in a cybersecurity role:

• Analytical skills, to conduct research and determine needs and solutions to those needs
• Communication skills, both written and oral, so you can make recommendations to upper management
• Problem-solving skills, to uncover potential threats to the network and design systems to prevent breaches from happening in the first place

Most corporations and organizations have a need for cybersecurity analysis and protection. The technology sector is one area where cybersecurity analysts are needed, but the digital needs of the healthcare and e-commerce industries are rising as well, according to BLS. Safeguarding information extends to credit card data, financial data and even personal data.

Everyone online can be found, and everything needs to be protected. Strong cybersecurity analysis can help prevent bad actors from gaining private information, create preventative measures and devise plans to manage risk.

*Cited job growth projections may not reflect local and/or short-term economic or job conditions and do not guarantee actual job growth. Actual salaries and/or earning potential may be the result of a combination of factors including, but not limited to: years of experience, industry of employment, geographic location, and worker skill.

Marie Morganelli, Ph.D. is an educator, writer and editor.