In this video, Marc Menninger describes key roles and functions performed by IT security analysts. Discover which skills and certifications IT security analysts are expected to have. Learn how many years of experience and other requirements you'll need to qualify for this high-demand IT security job.
- [Narrator] IT security analysts are highly desired because they have a solid depth of experience that they can apply to many critical security functions. The IT security analyst role is very versatile, covering nearly every aspect of IT security, and as the title implies, this job is perfect for someone who loves digging into the details, whether they're technical or legal. In addition to security analyst, common job titles include vulnerability analyst, compliance analyst, incident response analyst, intrusion detection analyst, and audit analyst.
Penetration testers, experts at finding and exploiting security vulnerabilities are also a type of IT security analyst. And you can expect a wide range of opportunities as an IT security analyst based on your role and experience. You could be an IT security analyst for many years starting out as a junior analyst and graduating to a senior analyst. From there, it's up to you if you want to stay at the top of the analyst hill or move on to another IT security job. There are quite of few skills included in almost every IT security analyst job listing.
The most common is strong analytical skills. Alice may be considered geeky or wonky to non analysts, but that's because analysts want to understand how systems or rules work at a deeper level than everyone else. As an analyst, you will be responsible not only for figuring out what happened when a problem occurs, but being able to explain it to people who don't have the analytical skills you do. That's why it's common to see job listings looking for IT security analyst candidates with excellent verbal and written communication skills.
IT security analysts will be expected to handle most problems that fall into their area of responsibility, whether that means relying on personal experience handling similar problems in the past, or knowing which resource will be most likely to have a quick answer. Your job will be to figure out the solution. Processing large amounts of data, whether that's system log data or network traffic often goes hand in hand with IT security analysis. That's why it's not unusual for IT security analyst job listings to request that the candidate have experience in scripting languages such as Perl, Python, or Windows PowerShell.
IT security analyst positions aren't typically entry-level positions. Most job postings require a fair amount of experience. Almost every role will require a Bachelor's degree in a related field. This means an IT field such as a computer information systems degree. Other technical degrees may also be accepted. Many roles will also require five to nine years of experience involving work directly related to the position. You'll need to rely on your experience to solve the problems you'll encounter on the job.
You'll need knowledge of technical topics, such as TCP/IP networking, the OSI model, and routing, and switching. Finally, you'll likely need hands-on experience performing network traffic analysis, analysis of log files from a variety of sources, such as individual host logs, network traffic logs, firewall logs, or intrusion prevention logs, and intrusion analysis and detection. Frequently desired certifications for IT security analysts included CompTIA A+, Network+, and Security+, SANS GIAC certifications, GCIH, GCFE, GCFA, CISM, and CISSP.
The IT security analyst job is a great opportunity for anyone who wants to apply their security experience to help organizations tackle their toughest security challenges.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- The job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself