High School

In high school, take as many computer science classes as possible—particularly in database management, programming, and software design. Try to obtain hands-on experience by joining your school’s computer club, helping out in the computer lab, and simply playing around with computers. You should also take English and speech classes because analysts need strong communication skills to write detailed reports, explain their solutions to security issues to top managers and executives, and interact effectively with coworkers. Other recommended classes include business, mathematics, science, and social studies.

Postsecondary Education

Many colleges and universities offer degrees in information security. If your college doesn’t offer such a major, you can earn a bachelor’s degree in computer science, networking, programming, or database management and a minor in computer security, or you can earn a graduate degree in information security. Some employers prefer applicants to have a master’s of business administration in information systems. 

Certification

Some colleges and universities offer undergraduate and graduate certificates in Internet security, programming, database management, computer science, and related areas. For example, the University of Maryland offers the following graduate certificates in cybersecurity: Cybersecurity Management and Policy; Cybersecurity Technology; Homeland Security Management; andInformation Assurance. Contact schools in your area to learn about available programs.

The IEEE Computer Society offers certificates of achievement to those who complete the following security-related courses: Foundations of Software Security, Secure Software Design, Managing Secure Software Development, Cloud Governance and Security, and Secure Software Coding.

Other Education or Training

Hackers and other cybercriminals constantly seek new ways to break into secure networks and create other types of digital mayhem, so it’s important that information security analysts continue to learn throughout their careers. Professional associations and government agencies often provide continuing education (CE) opportunities. For example, the CERT Division offers online and in-person CE classes such as Fundamentals of Incident Handling; Secure Coding in C and C++; Practical Risk Management: Framework and Methods; Insider Threat Program Implementation and Operation; Managing Computer Security Incident Response Teams; and Malware Analysis Apprenticeship. Other opportunities are provided by the International Association of Computer Investigative Specialists, Information Systems Security Association, (ISC)², SANS Institute, Association for Computing Machinery, and the IEEE Computer Society. Contact these organizations for more information.

Certification or Licensing

(ISC)² offers several certification designations to applicants who pass an examination and meet other requirements. Some of its designations include associate of (ISC)² (an entry-level credential), certified information systems security professional, systems security certified practitioner, certified cloud security professional, certified authorization professional, certified secure software lifecycle professional,and healthcare information security and privacy practitioner. SANS Institute, CompTIA, and vendors of Internet security software and other products also provide certification programs.

Although demand is growing rapidly for information security analysts, there is strong competition for jobs at Fortune 500 companies and government cybersecurity agencies. A growing number of employers are seeking analysts who are certified. Certification from a reputable provider tells employers that the applicant has met the highest standards established by his or her industry. At many employers, certified analysts earn higher salaries and are more likely to be promoted than analysts who are not certified. 

North American–based information security professionals who were members of (ISC)² who were certified earned higher average annual salaries than those who were not certified, according to the 2019 (ISC)² Global Information Security Workforce Study. Those who are certified have more industry knowledge and better opportunities for promotion than those who are not. 

Other Requirements

Some employers—especially government agencies and the financial industry—may require job applicants to undergo background checks. 

Students should obtain as much experience in the field as possible by participating in summer internships and part-time jobs at computer security firms, government agencies that focus on digital security, or other organizations that employ information security analysts.

To be successful, analysts need strong communication skills, which were cited as the most important traits for success by 66 percent of hiring managers surveyed for the 2017 (ISC)² Global Information Security Workforce Study. Other key traits include:

• analytical skills
• risk assessment and management
• cloud computing and security
• infosystems and security operations management
• platform or technology specific skills
• governance, risk management, and compliance.

Other important traits include diplomacy, negotiation, and leadership skills; the ability to assess risk; customer service, sales, and marketing skills; and the ability to prioritize and work as a member of a team.