You can learn more about information security by visiting the Web sites of cybersecurity companies such as Symantec, McAfee, Checkpoint, Sourcefire, Fortinet, and Forcepoint. Download and install free security software from a reputable company to get a basic understanding of how such technology works. Read professional publications such as the ISSA Journal (https://www.issa.org/journal) to learn about the issues analysts face daily. Talk with analysts about their careers. Ask your computer science teacher or school counselor for help setting up an information interview. Check out Cybersecurity Resources (https://niccs.us-cert.gov/workforce-development/cybersecurity-resources) to access education and career resources. Finally, participate in cybersecurity competitions to hone your skills. One example: The National Cyber League (https://nationalcyberleague.org), which is available to high school and college students.
Data breaches at major U.S. retailers are frequently in the news today. Financial and personal information from tens of millions of consumers has been compromised, and it seems like each week brings a new hacking scandal at a major retailer. But that’s just one problem information security analysts must address as technology continues to make life easier for consumers and information seekers, but also increases opportunities for cybercriminals. Denial of service attacks, malware, viruses, threats from internal sources, and even attacks on computer systems that run critical infrastructure used in oil and gas pipelines and water supply, electric power distribution, and transportation systems, are just a few of the critical threats that information security analysts must identify and address.
Duties for information security analysts vary by job title, type and size of employer, and other factors. The following paragraphs detail the main duties performed by analysts.
Information security analysts install, configure, test, operate, maintain, and manage networks and their firewalls, including hardware and software that permit the sharing and transmission of data. They also perform the same duties in regard to firewalls and data encryption programs to protect sensitive information. Analysts teach organization employees how to install or use new security products and procedures, and they ensure that new or current information technology systems meet their organization’s information assurance and security requirements. Throughout their careers, analysts research the latest information technology security trends and threats so that they can be an asset to their employers.
Each day, analysts test, operate, and maintain systems security; conduct assessments of threats and vulnerabilities to computer systems; and analyze collected data to identify vulnerabilities and the potential for exploitation. They are also responsible for managing user accounts, firewalls, and patches and overseeing user access, passwords, and account creation and administration.
Information security analysts identify, analyze, and report suspicious events and activities that occur or might occur within computer networks and other systems. They respond to crises or urgent situations to mitigate immediate and potential threats. They collect, analyze, and present computer-related evidence in support of network vulnerability mitigation, and/or fraud, criminal, law enforcement, counterintelligence investigations. Analysts engage in surveillance and counter surveillance methods and use surveillance detection strategies and interview and interrogation techniques to gather evidence of security breaches or related issues. They identify and assess the capabilities and activities of foreign intelligence entities or cyber criminals and prepare status reports for their superiors.