What Does a Cybersecurity Analyst Do?

Are you intrigued by the potential of technology to transform everyday life? Are you passionate about digital justice and thinking of pursuing a crime-fighting career? If so, you might consider becoming a cybersecurity analyst.

What does a cybersecurity analyst do and how can you become one? This in-depth career guide explores the world of cybersecurity and how you might get your foot in the door.

In This Article:

• Why Is Cybersecurity So Important?
• What Do Cybersecurity Analysts Do in Day-to-Day Work?
• Top Technical Skills for Cybersecurity Analysts
• Essential Soft Skills and Characteristics for Cybersecurity Analysts
• How To Become a Cybersecurity Analyst
• What Advancement Opportunities Are Available in Cybersecurity?
• Are Cybersecurity Analysts in Demand?
• How Much Do Cybersecurity Analysts Earn?

Why Is Cybersecurity So Important?

Technology is integrated so deeply and broadly into modern life that when a cyberattack occurs, significant disruption results. Hackers can target any individual, business or other entity — from hospitals to small retail shops to government agencies. A malicious attack can paralyze a computer system, result in the loss of sensitive financial and identification data and prevent organizations from carrying out their daily operations.

The result of cyberattacks is costly. The FBI’s Internet Crime Complaint Center sifted through 847,376 complaints regarding criminal activity online during 2021 alone. Organizations also reported nearly $7 billion in losses due to cyberattacks in 2021 — up 64% from the previous year.¹

It isn’t just financial losses and operational disruptions that result from cyberattacks, either. In some cases, a cyberattack can even turn deadly. In 2019, Springhill Medical Center in Mobile, Alabama, suffered a cyberattack that disrupted their network for several weeks, which interfered with staff communication about patients, prevented access to electronic health records (EHRs) and interfered with fetal heartbeat monitors. As an alleged result, a patient in labor was not given a needed C-section and her baby was born unresponsive.²

As you can see, the work that cybersecurity analysts do is critically important for protecting businesses and other organizations, preventing financial loss, thwarting identity theft and even saving human life.

What Do Cybersecurity Analysts Do in Day-to-Day Work?

Now that you’re familiar with the critical importance of cybersecurity for everyday life, it’s time to take a closer look at the question, What do cybersecurity analysts do? Cybersecurity analysts are responsible for protecting computer networks and systems, as well as the information they contain. They work to proactively strengthen their networks and systems against attacks, monitor for potential attacks and respond to active threats.

Every day might look a little different for a cybersecurity analyst, depending on what the needs of the organization are at any given time. In general, however, they may do any of the following tasks:

• Evaluate networks and computer systems for potential vulnerabilities that hackers could exploit
• Fix security vulnerabilities and use data encryption programs, firewalls and other techniques to safeguard digital data
• Establish best practices for security standards for their organizations
• Actively monitor their networks for potential breaches of security and launch a cyber forensic investigation when one is detected
• Stay on top of the latest regulatory changes and recent trends in cybercrime
• Develop reports that document security breaches, attempted breaches and potential vulnerabilities
• Train non-IT staff members on security procedures and best practices

In the world of cybersecurity, it’s not a question of if a network will be attacked, but rather when an attack might occur. Cybersecurity analysts must be thoroughly prepared to identify and respond to an attack. They must also create and implement a disaster recovery plan, which includes steps such as backing up and storing critical information away from the main network in the event of an attack.

Top Technical Skills for Cybersecurity Analysts

Aspiring cybersecurity analysts can benefit from developing strong technical skills, including the following:

• Scripting
• Python
• Controls and frameworks
• Intrusion detection
• Network security control
• Incident response and cybersecurity forensic investigations
• Cloud security
• DevOps

It’s also important for cybersecurity analysts to have a strong working knowledge of all applicable regulatory guidelines. These include the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).

Essential Soft Skills and Characteristics for Cybersecurity Analysts

In addition to technical skills, there are a number of soft skills and traits that can help cybersecurity analysts be more effective in the workplace. As you progress through your education, you can actively work on cultivating the following:

• Written and verbal communication skills
• Collaborative mindset
• Adaptability
• Commitment to lifelong learning
• Critical thinking and analytical reasoning
• Attention to detail
• Time management
• Creative problem solving

How To Become a Cybersecurity Analyst

Now that you know the answer to the question, What does a cybersecurity analyst do? you may be curious about how to become a cybersecurity analyst. If you’re still in high school, consider speaking with your guidance counselor about your career goals. Ask if you can add more courses that would prove helpful for your future, such as classes in computer applications, programming and law, if available. In addition, you can look for relevant extracurricular activities, such as a coding club.

After high school, you'll need to earn an IT-related bachelor’s degree, such as a cybersecurity degree. You’ll learn about coding, securing networks and systems, identifying threats and responding to malicious attacks.

It may also be beneficial to pursue an internship opportunity during college or shortly thereafter. You’ll gain valuable real-world skills, catch a glimpse of what it’s really like to work in IT and build your professional network.

Commonly, aspiring cybersecurity analysts start out in entry-level roles in the field. For instance, you might pursue a position as a penetration tester or incident responder before working your way up to applying to a job as a cybersecurity analyst. Earning one or more professional certifications can both help you break into the field and enable you to pursue advancement opportunities.

Earn Your Baccalaureate Cybersecurity Degree

After high school, your first step toward becoming a cybersecurity analyst is to earn a baccalaureate cybersecurity degree. It’s possible to break into the field with a degree in a related discipline, such as information technology or computer programming. However, if you’re positive that cybersecurity is the right specialization for you, then it makes more sense to enroll in a cybersecurity-specific degree.

The exact curriculum for a Bachelor of Science in Cybersecurity degree will depend on your school. In general, however, you are likely to study any of the following topics:

• Fundamentals of networks and networking in IT, including a close look at LANs, WANs, service providers, packets, hubs, routers, switches and Internet protocols
• Algorithm analysis with applications in discrete mathematics, with a look at complexity analysis, Boolean algebra, finite state machines and cryptography
• Programming for cybersecurity professionals, exploring how to use development tools, control constructs and programming language syntax
• Analysis and binary reverse engineering techniques for malware
• Procedures, techniques and methodologies for conducting cybersecurity forensic investigations

In addition, you may have the opportunity to take a course in laws and regulations that apply to cybercrime. A cyber law class will ideally explore legal precedence and legal decisions that relate to cybercrime, as well as emerging areas of potential regulations.

You may also find yourself taking a project-based course, sometimes called a capstone course. This is your chance to demonstrate everything you’ve learned up to that point by conducting a major research-based project that could culminate in a presentation. You could include this project in a professional portfolio that might help you land your first job after college.

Do Cybersecurity Analysts Need a Master’s Degree?

Cybersecurity analysts aren’t typically required to have a master’s degree. However, if you aspire to work toward a managerial position, such as leading a team of cybersecurity analysts, you may find it advantageous to later return to school to earn a master’s degree in cybersecurity.

What Does a Cybersecurity Analyst Do To Break Into the Field?

After graduating with your bachelor’s degree, you may find that you are able to land a job as a cybersecurity analyst right away. However, in many cases, employers require or prefer related professional experience. There are several related, entry-level jobs that an aspiring cybersecurity analyst could use to break into the field. Consider the following possibilities:

• Incident responder: Incident responders apply cyber forensic investigation techniques to investigate the scope of security breaches and to analyze security threats.
• Cryptographer: Cryptographers rely on ciphers and algorithms to encrypt sensitive information, reducing its risk of being intercepted, copied, destroyed or otherwise affected by malicious attacks.
• Security auditor: Security auditors are responsible for evaluating security procedures and maintaining the safety of computer and operating systems, such as by conducting penetration testing.
• Source code auditor: Source code auditors work within the codebase checking for potential vulnerabilities, syntax errors and bugs.

What Advancement Opportunities Are Available in Cybersecurity?

To climb the ladder in the cybersecurity subfield, you will likely need to earn a professional certification or two. Some professional certifications require applicants to already have some work experience, while others are designed for recent college graduates. There is a vast range of IT and cybersecurity-related certifications to choose from, such as the Certified Information Systems Security Professional (CISSP) designation from (ISC) ²® and the Security+ credential from CompTIA.

As you acquire one or more certifications and gain at least a few years of experience, you may decide to work toward a senior-level role. For example, you may pursue a role as a computer and information systems manager, also known as an IT manager or IT project manager. These professionals are responsible for planning and directing the IT-related activities within their organization, including cybersecurity.

Are Cybersecurity Analysts in Demand?

The U.S. Bureau of Labor Statistics (BLS) estimates that job growth for information security analysts will increase by 35% from 2021 to 2031, faster than average. This indicates that employers are expected to hire about 56,500 new professionals in the field.³

Information security analysts are very similar to cybersecurity analysts — some job postings may use the term interchangeably. There is a subtle difference to be aware of, however. While cybersecurity analysts manage the safety of information in digital formats, information security analysts manage the security measures to protect all forms of data, including in digital formats.

How Much Do Cybersecurity Analysts Earn?

The specific salaries of cybersecurity analysts can vary from one company to the next, often depending on factors such as level of seniority and years of experience. As of May 2021, information security analysts — a career role that is very similar to that of cybersecurity analysts — have a median annual salary of $102,600, according to the U.S. BLS.⁴

If you have a passion for technology and a desire to protect others from malicious cyberattacks, you can find your purpose at Grand Canyon University. The Bachelor of Science in Cybersecurity degree program empowers students to develop a strong framework of technical skills, as well as foundational knowledge in cyber-related laws and cyber forensic investigations. Click on Request Info at the top of your screen to learn about joining our dynamic learning community online or on campus. 

¹ Retrieved from CNBC, The FBI is worried about a wave of cyber crime against America’s small businesses in December 2022. 

² Retrieved from Healthcare IT News, Hospital ransomware attack led to infant’s death, lawsuit alleges in December 2022. 

³ COVID-19 has adversely affected the global economy and data from 2020 may be atypical compared to prior years. The pandemic may impact the predicted future workforce outcomes indicated by the U.S. Bureau of Labor Statistics as well. Accordingly, data shown is based on December 2022, which can be found here: U.S. Bureau of Labor Statistics, Occupational Outlook Handbook, Information Security Analysts, retrieved on Jan. 11, 2023. 

⁴ The earnings referenced were reported by the U.S. Bureau of Labor Statistics (“BLS”), Information Security Analysts as of May 2021, retrieved on Jan. 11, 2023. Due to COVID-19, data from 2020 and 2021 may be atypical compared to prior years. The pandemic may also impact the predicted future workforce outcomes indicated by the BLS. BLS calculates the median using salaries of workers from across the country with varying levels of education and experience and does not reflect the earnings of GCU graduates as Information Security Analysts. It does not reflect earnings of workers in one city or region of the country. It also does not reflect a typical entry-level salary. Median income is the statistical midpoint for the range of salaries in a specific occupation. It represents what you would earn if you were paid more money than half the workers in an occupation, and less than half the workers in an occupation. It may give you a basis to estimate what you might earn at some point if you enter this career. You may also wish to compare median salaries if you are considering more than one career path. Grand Canyon University can make no guarantees on individual graduates’ salaries as the employer the graduate chooses to apply to, and accept employment from, determines salary not only based on education, but also individual characteristics and skills and fit to that organization (among other categories) against a pool of candidates.

Approved by an instructor for the College of Science, Engineering and Technology on Jan. 30, 2023.