Job Profile: Become a cybersecurity analyst

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

The job title "cybersecurity analyst" gets thrown around a lot. But what does it actually encompass?Throughout my career, I have come across quite a few positions and a lot of different people. No other job title, however, is as “hot” right now as that of “cybersecurity analyst.” Generally speaking, skilled cybersecurity personnel are both highly valued and increasingly rare. Security professionals of all different types are needed.

So what makes the role of cybersecurity analyst stand out? Why are they needed so badly? What does it take to become one, and what sort of special training and background is required? Touching on my favorite topic: What certifications does one need to become a truly sought-after cybersecurity analyst?

The topic of “what does [type of professional] do” largely depends on who you ask. If you ask me, what a cybersecurity analyst does is analysis and compliance. As thi author sees it, that is the sweet spot for an analyst of any kind, but especially a cybersecurity analyst.

A quick Google search indicates that many people believe analysts install firewalls, security software, or two-factor authorization systems — they do not. That would be the job of a cybersecurity engineer. An analyst understands these tools and makes sure from a business perspective that both IT staffers and regular personnel are utilizing these systems and complying with policies outlined in the company’s cybersecurity framework.

First, any company must define its cybersecurity policy. Analysts help with this effort from the ground up. They understand how a breach would occur and assess the landscape of the company, as well as its appetite for security. They either write or help write the policy that ALL the individuals in the company, regardless of position, will follow.

Second, the policy must be applied to objects and individuals through definition and monitoring. This also fall directly within the analyst’s purview. Oftentimes, as part of definition, a cybersecurity analyst will assign files and file types a classification. The data itself will be marked as confidential; the analyst’s job is to define which data qualifies for that label.

The job title "cybersecurity analyst" gets thrown around a lot. But what does it actually encompass?Next up is monitoring. You can’t improve or critique anything if you can’t monitor or measure it. A cybersecurity analyst will review data access, firewall logs, login logs, MFA logs — essentially any logs that are kept. The analysis of these logs will produce actionable items that the analyst can hand off to a security, network, or systems engineer.

By and large, the cybersecurity analyst serves as a bridge between the IT department (including the security team) and the rest of the business. The entire concept of a cybersecurity analysts is governance (or oversight) of security. In a nutshell, this largely involves making sure that the good people don’t do bad things.

The organizational standing of an analyst is sometimes high enough that he or she can be tasked with compliance. A monitoring log indicates a breach or deviation from defined policy, and the cybersecurity analyst takes charge of making a correction to the affected area.

For example, they could adjust a user’s log-on hours if they notice that, between 2 a.m. and 3 a.m., the account is logging on — during a time that the user claims to be asleep. (This happened recently at a company where I work.) They might also lock a user’s account, if that user’s devices are actively sending spam, or are engaged, whether by design or accidentally, in malicious activities.

As noted above, security really is about keeping good people from doing bad things. About 99 percent of the activity that a cybersecurity analyst reviews will be benign and present no problems. It’s that 1 percent of off-kilter indicators that causes all of the headaches.

Another area of concern for analysts is auditing. Some analysts can get into penetration testing, financial audits or NIST audits. My day job requires that NIST audits be performed, and the government version of these audits is one of the most tedious parts of an analyst’s job.

If someone out there finds audits enjoyable, my hat is off to them! A lot of financial firms will employ their CPAs to do cybersecurity audits from a financial perspective, where transactional data for an accounting system is reviewed. Who better to look at money and security than a cybersecurity analyst who is also a CPA?

As you can see, the cybersecurity analyst can take charge of a wide variety of duties. The point at which the work done pivots to being a security engineer role is when it touches on physical infrastructure. Among true security professionals, that is the dividing line.

It has been predicted that growth of this job function, in its pure form, will rise by 28 percent in the next seven years, and undoubtedly continue to go up from there. Security isn’t going away anytime soon, and with the introduction of new tools and quantum computing, we will need more white hats in the mix.

A simple search of Indeed reveals thousands of jobs with median pay of around $80,000 per year. I personally think that is low, but some firms have an analyst on staff to do little more than stamp reams of paper —.and pay that individual accordingly.

In terms of professional background, both a keen eye and a thorough understanding of logic are helpful. Anyone who has been in IT can be trained to become a cybersecurity analyst, but the truly great ones have a keen sense of anomaly. That is to say that they have the ability to spot patterns, as well as a nose for when “something is wrong.” Ex-law enforcement individuals often make great analysts, as do CPAs.

To bolster your cybersecurity analyst qualifications, I recommend a couple of different credentials. First, there is the Certified Information Systems Auditor (CISA) credential offered by ISACA. This for the anyone who winds up in charge of ensuring that an organization’s IT and business systems are monitored, managed and protected.

One-to-one business meetingNext up, a good analyst should consider pocketing a technical cert like CEH (Certified Ethical Hacker) or the Certified Penetration Tester (CPT). The job may not involve much practical application of those skills, but having that stock of knowledge makes it easier to spot and assess anomalies. It also makes it easier to cross over to an engineering job, should one fall on hard times.

Lastly, go for the gold and get (ISC)²’s CISSP credential. It will show any employer that you are serious. A good alternative to CISSP, is ISACA’s Certified Information Security Manager (CISM) certification. No matter what you get, remember that, for a good analyst, the concept of governance or oversight is pervasive.

No matter what happens with computers or the information technology landscape, cybersecurity analysts will always have a part to play. And as the world becomes ever more computerized, the opportunities in this niche are sure to multiply. If you have an analytical mind, then this is a career path that merits strong consideration. As always, have fun getting there!

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
Nathan Kimpel

ABOUT THE AUTHOR

Nathan Kimpel is a seasoned information technology and operations executive with a diverse background in all areas of company functionality, and a keen focus on all aspects of IT operations and security. Over his 20 years in the industry, he has held every job in IT and currently serves as a Project Manager in the St. Louis (Missouri) area, overseeing 50-plus projects. He has years of success driving multi-million dollar improvements in technology, products and teams. His wide range of skills include finance, ERP and CRM systems. Certifications include PMP, CISSP, CEH, ITIL and Microsoft.

Posted in Jobs and Salary|

Comment:

One thought on “Job Profile: Become a cybersecurity analyst”

  1. I serve as a contractor at a U.S. Government Agency, as the Program Manager for their Cybersecurity Policy and Compliance Program. Federal agencies in he U.S. follow the Risk Management Framework (RMF), so my direct reports are cybersecurity analysts, performing many – but not all – of the functions you identified in your excellent article.

    Kindly consider this additional information: The RMF is published by the National Institute of Standards and Technologies (NIST) in their Special Publication (SP) 800-37. While intended for the U.S. Government, NIST publications are available online for free, and anyone can use them to improve their security posture, policies, practices, and procedures, without having to “re-invent the wheel.”

    (ISC)2 offers a certification specifically aimed at cybersecurity analysts that wish to demonstrate proficiency in the RMF. This is the Certified Authorization Professional (CAP). According to the member counts on the (ISC)2 website, there are only a few thousand individuals holding the CAP accreditation, but there are tens of thousands of job openings for cybersecurity analysts.

    I hold the CISSP, along with the CCSP, and a number of other certifications. From many years of experience in compliance, I can tell you that very little of the information in the 8 CISSP domains applies, making it an unnecessary requirement for compliance work. It is very applicable to many other roles in cybersecurity, including policy, so I don’t want to diminish its overall value. However, if a person is seeking a compliance and/or risk management cybersecurity analyst position, the CAP accreditation is very important and relevant.

    Lloyd Diernisse
    CISSP | CCSP | LSSBB | PMP | CSM | CMMI-A | ITIL-Fv3

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>