High School

Classes in computer science [specifically in database management, programming, Microsoft PowerPoint and other Office applications, and computer security (if available)], will provide a good introduction to information technology. History, science, mathematics, social studies, psychology, and philosophy courses will help develop your analytical and critical-thinking skills. Finally, speech and English classes will help you to become a strong communicator.  

Postsecondary Education

You’ll need a minimum of a bachelor’s degree in computer and data security, computer science, management information systems, computer engineering, or a related information technology field to become an information assurance analyst. Students in baccalaureate programs should take as many classes in information assurance and information security as possible, as well as participate in internships at government agencies, technology companies, risk management consulting firms, and other organizations that employ analysts. 

The most-qualified job candidates have a master’s degree in information assurance. Typical courses include:

• Foundations of Information Assurance
• Distributed System and Network Security
• Software Assurance
• Computer and Network Forensics
• Host-Based Vulnerability Discovery
• Network-Based Vulnerability Discovery
• Security of Embedded Systems
• Secure Web Development 
• Secure Mobile Development
• Advanced Computer Forensics
• Business Continuity and Disaster Recovery
• E-Commerce Security
• Computer Security Management
• Information Warfare and Security
• Information Security Policy and Ethics
• Security Risk Analysis & Management

Schools that offer master’s degrees in information assurance include Pennsylvania State University, Iowa State University, University of Maryland, University of Nebraska at Omaha, Florida Institute of Technology, Embry-Riddle Aeronautical University, and Carnegie Mellon University.

Some information assurance analysts receive their training during military service.

Certification

Many colleges and universities offer certificates in information assurance and computer security. Contact schools in your area to learn about available programs.  

The CERT Division offers certificates in a variety of areas, including:

• CERT Certificate in Digital Forensics
• Cybersecurity Engineering and Software Assurance Professional Certificate
• Incident Response Process Professional Certificate
• Information Security Professional Certificate
• Insider Threat Program Manager Certificate
• Insider Threat Vulnerability Assessor Certificate
• Insider Threat Program Evaluator Certificate
• Certified Computer Security Incident Handler
• CERT Secure Coding in C and C++ Professional Certificate
• CERT Secure Coding in Java Professional Certificate

Other Education or Training

Professional development opportunities are provided by associations, IT companies (such as IBM and Cisco), and for-profit and nonprofit schools (such as Coursera, edX, Global Knowledge Training LLC, and Udacity). For example, ISACA (a nonprofit, organization for information assurance and security, risk management, and governance professionals) offers online courses such as IT Risk Assessment, Planning for a Data Breach, Insider Threat: Building a Security Program for a Multi-Generational Workforce, and Encryption Strategy. The IEEE Computer Society offers online courses on cybersecurity, cloud computing, project management, and other topics. The Association for Computing Machinery, CompTIA, Global Association of Risk Professionals, Information Systems Security Association, (ISC)², RIMS—The Risk Management Society, RMA-The Risk Management Association, SANS Institute, and the Storage Networking Industry Association also offer continuing education opportunities. Contact these organizations for more information.

Certification or Licensing

Many certification programs are available for information assurance analysts. Those who are certified typically earn higher salaries and receive more opportunities for promotion than those who are not certified. Additionally, some employers require job applicants to be certified or in the process of earning certification. The following organizations provide certification programs for IAAs and related professionals:

• (ISC)²: associate of (ISC)², certified information systems security professional, systems security certified practitioner, certified cloud security professional, certified authorization professional, certified secure software lifecycle professional, information systems security management professional, information systems security architecture professional, and other credentials
• Global Information Assurance Certification (GIAC): GIAC security essentials, GIAC continuous monitoring, and many others
• CompTIA: security+ and many more
• Storage Networking Industry Association: certified storage engineer
• EC-Council: certified ethical hacker, licensed penetration tester, certified security analyst, certified network defender, and chief information security officer
• ISACA: certified information security manager, certified information systems auditor, certified in risk and information systems control, and others
• Institute for Certification of Computing Professionals: certified big data professional, certified data scientist, and others
• DAMA International: certified data management professional
• TDWI: certified business intelligence professional
• RIMS—The Risk Management Society: RIMS-certified risk management professional
• various credentials offered by vendors of security software (such as Cisco’s certified network professional and certified network associate)

Other Requirements

A background check, which may include a drug test, is typically required; government agencies and contractors require analysts to be U.S. citizens and have security clearances.

Required levels of experience for information assurance analysts vary by position and employer. Some employers may require just a bachelor’s degree and one year of experience (internships, co-ops, summer jobs, etc.). Others may require a bachelor’s degree plus three years of relevant experience, or a master’s degree plus one year of relevant experience, or a doctoral degree and no experience.

To be a successful information assurance analyst, you’ll need excellent interpersonal and communication skills in order to interact with end users at all levels; the ability to work independently with minimal supervision, as well as a member of a team; strong problem-solving, organizational, time-management, critical-thinking, and analytical skills; knowledge of risk management principles; and the ability to use vulnerability scanning tools such as Tenable Nessus, desktop software such as Microsoft Office, and other types of software.

Information assurance analysts must have strong technical skills in a variety of areas, including network protocols, encryption, virtual private networks, firewalls, proxy services, cloud-based systems, operating systems, servers, routers, wireless technology, database design and administration, vulnerability analysis, penetration testing, computer forensics, and systems engineering.