Security analysts help organizations protect their computer systems and networks. They install software to safeguard sensitive data, conduct penetration testing, and recommend security upgrades. Security analysts also research IT security trends and assist computer users with security processes and products.
The Bureau of Labor Statistics (BLS) reports a median salary of $103,590 and projects a 33% job growth rate (much faster than average) for information security analysts from 2020-2030. This role makes an excellent career choice for those seeking high wages in a fast-growing field.
This page explores a typical day in the life of a security analyst. We describe common security analysts job tasks, where these professionals work, and what it takes to pursue the role.
What Is a Security Analyst?
Security analysts keep organizations' computer systems and networks secure. The daily work of a security analyst may include developing security best practices, monitoring systems for intrusions, and leading workshops on new security products.
Security analysts work for computer companies, business and financial organizations, and consulting firms. They perform specialized security work within the larger computer and information technology (IT) field.
Information security analysts typically need a bachelor's degree in a computer-related field. Information security and cybersecurity are subdisciplines of computer science. Some employers prefer workers with MBAs in information systems.
Many security analysts start out in other IT roles. Some employers may prefer security analysts who are certified in information security.
Job Tasks of a Security Analyst
Security analysts stop or respond to cyberattacks against their organizations' computer systems and networks. This work is increasingly important within the IT industry, as more organizations move their information online and the frequency of security breaches continues to increase.
These analysts typically collaborate with other IT professionals. They may also interact with upper-level management to make security recommendations, create best practices, and design disaster recovery plans.
Common job tasks include monitoring for security breaches, investigating cyberattacks, and writing reports.
Over time, a security analyst's role might grow to include supervisory duties and greater responsibility for their company's overall IT security. Some move into roles like IT security director, chief information security officer, or security engineer. People who thrive in security analyst roles typically exhibit strong analytical and problem-solving skills.
A day in the life of a security analyst varies depending on their industry, employer, and area of expertise. Common job tasks include monitoring for security breaches, investigating cyberattacks, and writing reports. Other duties include conducting penetration testing and installing software.
Keep reading to learn more details about primary job tasks for a security analyst, along with some less common duties.
Primary Duties of Security Analysts
-
Monitoring Computer Networks for Breaches
A major component of the daily work of a security analyst typically includes monitoring computer networks for potential security breaches. This preventative measure helps security analysts stop cyberattacks before they happen, saving their organizations from the cost and hassle that comes with a breach.
-
Investigating Security Breaches
In the unfortunate event that a computer network comes under attack, security analysts must investigate the cause of the breach. This work can help organizations better prepare for the future and aid in searching for cybercriminals.
-
Writing Reports About Breaches
When an organization experiences a computer system breach, a security analyst usually prepares a report explaining what happened and why. A security analyst's company may require them to present their findings to upper management. Breach reports typically include security recommendations to prevent future breaches.
-
Conducting Penetration Testing
Security analysts also perform penetration testing, which is a form of ethical hacking. Information security analysts simulate cyberattacks to find system and network vulnerabilities before they can happen. Penetration testers carry out their work by planning, scanning, gaining and maintaining access, and analyzing current safeguarding measures.
-
Installing and Maintaining Software
Information security analysts use software to protect networks and data. Common programs include vulnerability management software like SpyBot, Qualys, and Atera. Security analysts also work with antivirus software like Malwarebytes and Webroot Endpoint Protection, along with password managers like LastPass and Keeper.
Secondary Duties of Security Analysts
-
Researching IT Security Trends
Security analysts can stay on top of current IT security trends by subscribing to professional journals, scanning the news for relevant articles, and joining industry listservs and discussion groups.
-
Making Security Recommendations
Security analysts, especially individuals in senior positions, may make IT security recommendations to management. They create documentation outlining the organization's top security processes, procedures, and products.
-
Creating Security Best Practices
Analysts may participate in this process within teams or independently, depending on the company. To create best practices, analysts research other organizations' policies and participate in professional groups to keep up to date.
-
Helping Computer Users
Not every security analyst position directly assists computer users, but some do. Employees may require training or assistance when information security analysts install or upgrade software. At some companies, one day in the life of a security analyst may include leading an IT security workshop for other workers.
-
Creating Disaster Recovery Plans
Information security analysts make plans to help their organizations recover following cyberattacks. This work includes pinpointing critical operations, considering different emergency scenarios, and creating data recovery plans. Analysts also test their disaster recovery plans.
Top Online Programs
Explore programs of your interests with the high-quality standards and flexibility you need to take your career to the next level.
A Typical Day for a Security Analyst
A typical day in the life of a security analyst varies depending on their job sector, area of specialization, and employer. Keep reading for a sample schedule of the daily work of a security analyst.
9 a.m.: Read and respond to emails. Check the calendar for any special tasks or meetings. 9:30 a.m.: Meet with the IT team to discuss any changes to the company's security best practices. 11:30 a.m.: Monitor computer networks for security breaches. Identify one potential vulnerability and make plans for penetration testing next week. 12:30 p.m.: Lunch with coworkers 1:30 p.m.: Install new antivirus software on company computers. Explain how the software works and instruct employees on functionality. 3:30 p.m.: Write a report and create charts to document last month's security breach. Create a PowerPoint presentation for your meeting with IT. 6 p.m.: Make a to-do list of essential tasks for tomorrow. 6:30 p.m.: Check computers to ensure your antivirus software installation was successful at all workstations before leaving for the day.
Where Security Analysts Work
Information security analysts can find employment in various industries and locations. Top industries for security analysts include computer systems design and related services, management of companies and enterprises, and credit intermediation and related activities.
Job availability varies with state and region. Your location affects pay, career outlook, job duties, and available specializations, as well. Some states offer higher pay and more job openings for security analysts.
Security analysts should consider the pros and cons of relocating to another location to find better career opportunities. Consider how moving for a job might impact other aspects of life, like proximity to friends and family, cost of living, and quality of life.
On average, states like California, New York, and New Jersey pay information security analysts salaries that exceed the national median figure for the occupation. If salary is a top consideration for you, consider the data in the table below.
State | Average Annual Salary for Information Security Analysts |
---|---|
California | $125,990 |
New York | $125,920 |
New Jersey | $123,280 |
District of Columbia | $119,460 |
Virginia | $116,920 |
Source: BLS, May 2020
States like Virginia, Texas, and California employ more information security analysts than other areas. Living in a top-employing state for information security analysts can make it easier to find a better job.
State | Employment |
---|---|
Virginia | 16,160 |
Texas | 13,410 |
California | 10,470 |
Florida | 7,600 |
Maryland | 7,090 |
Source: BLS, May 2020
Should You Become a Security Analyst?
A security analyst career offers potential for above-average compensation, a rewarding day-to-day experience, and plentiful job opportunities. The much faster-than-average projected growth rate for information security analysts from the BLS indicates an excellent job outlook.
Security analysts can advance by gaining professional experience, completing formal education, and receiving professional certifications. They can pursue roles as chief security officers or other types of computer and information systems managers.
The daily work of a security analyst may appeal to people with strong computer skills who enjoy solving problems. As cyberattacks continue to happen more frequently, more organizations will likely seek skilled analysts to respond to and prevent security breaches.
One con of working in information security is that the daily job tasks for a security analyst can sometimes become repetitive and tedious. At other times, like after a security breach, a security analyst position may also be stressful.
Preparing for the Daily Work of a Security Analyst
Preparation for the daily work of a security analyst lasts several years and includes mental, emotional, and workload expectations. Students need to develop high-level expertise and technical skills in computer systems and network security.
Prospective security analysts must complete bachelor's degrees, which typically last four years. Some students may land security analyst jobs right after graduating, while others start by gaining experience in other IT department positions.
Some people work in the IT field first and then return to school to earn IT-related bachelor's degrees. In either case, students may need to balance school with part-time or full-time jobs. Many employers prefer applicants with cybersecurity certifications, so aspiring security analysts should also plan to study for certification tests.
Learn More About Security Analysts
What Is a Security Analyst?
This page describes the typical responsibilities and job tasks for a security analyst. We also explain what to expect from the daily work of a security analyst.
How to Become a Security Analyst
Learn what it takes to become a security analyst with this guide. We cover education and experience requirements and explain what to expect from the process.
Salary and Career Outlook for Security Analysts
This guide details the excellent salary and career outlook figures for security analysts, including a discussion of factors that influence salary variances.
Security Analyst Certifications
This page outlines some of the most popular security analyst certifications. We explain the requirements and process for earning certifications. We also cover how they can help your career.
Professional Spotlight: Anthony Messina GSEC, GCIH, GPEN
I would advise those who are looking to break into the field to find mentorship, obtain industry certifications, lab constantly in your downtime, and build your network. Do these things, and you will have no issues finding rewarding work in infosec.
– Anthony Messina
Anthony Messina GSEC, GCIH, GPEN
Anthony Messina started his professional journey in the United States Marine Corps as a Reconnaissance Marine. His post-military endeavors included private security contracting roles in both Iraq and Afghanistan. Messina then found his way into information technology by enrolling in college and becoming an IT support technician.
Anthony quickly grew bored with password reset tickets and became increasingly intrigued by the infosec team's stories that he could hear from across the hall. He learned from a colleague about the incredible opportunity that SANS could offer and decided to enroll in the SANS Technology Institute's Applied Cybersecurity certificate program and aimed to become a security analyst.
After graduation, he used his new cybersecurity certifications and work experience to obtain his first security analyst 2 position with an amazing endpoint detection and response company, which he currently works for.
What previous cybersecurity (or related) experience did you have, if any, and what prompted your journey to work in the field of security analysis?
While I was working on various private security contracts overseas, I quickly became the technical go-to guy on my team. I loved to tinker with the various sensors, computers, radios, and offensive/defensive hardware that were made readily available to me. I would study the docs, read the manuals for fun, and find out every bit of information about the hardware so that I could employ it to its full potential in the field.
Eventually, this led me to want to learn how to break that very same equipment, so I started tinkering and dabbling with infosec tools like Mimikatz and Metasploit in my off time. From there, I fell in love with the cybersecurity profession.
I cherished the idea of joining a blue team and being able to scour through various log types to parse out the bad behavior from the good behavior. That constant thrill of the hunt while chasing the ever-evolving attack vectors from known threat actors fed my curiosity and fueled my passion for becoming a security analyst.
For whom do you think this career is a good fit? Why?
I would recommend the security analyst career path to anyone who wants to protect an organization's data and who wants to be on the front line of cybersecurity. This field demands team players that are technically skilled, deeply curious, naturally inquisitive, and thirsty for more knowledge.
An analyst will be challenged constantly and is encouraged to continue their education indefinitely to stay competitive amongst their peers and against tireless threat actors. If you feel that you fill these personality requirements and are up for the challenge, I encourage you to get started! There is no time like the present.
The road is challenging, long, and twisty. But once you make it to your destination, you will find that it is well worth the journey.
What educational path did you take to work in this field? Did you pursue additional education at any point? What was your educational experience like?
Originally, I obtained a bachelor's degree in information technology from American Military University. In all honesty, this degree is not necessarily needed to become a security analyst. I would highly recommend obtaining a degree in either computer science or a bachelor's degree in applied cybersecurity program from the SANS Technology Institute.
Once I realized that my initial path of IT studies needed adjustment, I corrected course by attending the undergraduate certificate in applied cybersecurity (ACS) program from the SANS Technology Institute. This program allowed me to obtain three powerful GIAC certifications that completely propelled my life in a strong and confident direction.
What certifications or tests did you need to pass, if any, to enter the field and/or progress in your career?
I have obtained three GIAC Certifications from my time studying at the SANS Technology Institute. These certifications include the GIAC GSEC (security essentials), GCIH (certified incident handler), GPEN (penetration tester), and during that time, I earned a spot on the GIAC Advisory Board forum.
I believe that these certifications were vital in providing me with the necessary industry fundamentals and lab experience to succeed at work. I understand that a fourth GIAC certification, the GIAC GFACT (foundational cybersecurity technology), is now part of the undergraduate certificate program.
What's a typical day like for you?
My workday typically involves me logging into my organization's security information and event management system to hunt through volumes of alerts from various endpoints and detection sources scattered across our organization. When I am not querying logs for indicators of compromise from threat intel sources, I am digesting rule-generated behavioral and file reputation alerts.
These alerts have become my bread and butter. They get fed to me via our watcher alert system at a rapid rate for hasty time-sensitive analysis. The average day is filled with reporting and case management, but occasionally those juicy malicious indicators of compromise will land in my dashboard, and I will get to work alongside our incident response team to begin scoping out the true damage that specific alert behavior or file caused.
What's your favorite part of the job?
My favorite part about being a security analyst is finding the bad indicators of compromise amongst all the noise. I often joke and compare the feeling to a squirrel finding their nut, a dog sniffing out his bone, Captain Ahab reeling in his Moby Dick. You get the picture. Finding bad makes me feel good!
However, that reward doesn't come without a challenge. To me, the most challenging part of security analyst work is overcoming that initial fear of the unknown. When I first started analyzing alerts, there would be alerts that left me baffled and scrambling for fast, accurate answers in a short time constraint.
It was like being on the bomb squad and not knowing which wire to cut first. For instance, threat actors are great at utilizing various data obfuscation techniques to make life harder on analysts, their queries, and their detection tools.
But, slowly and surely, a new analyst who works closely alongside an amazing mentor and develops a strong search engine dorking ability can ease that fear of the unknown and allow it to diminish more over time.
How different are the roles of security analyst and security consultant? For example, does one inform the other, or is there a great deal of overlap in duties?
As I understand it, the role of a security consultant is to identify vulnerabilities within an organization's IT environment and offer mitigation techniques to secure those vulnerabilities before they can be exploited. This may involve conducting extensive organization-wide vulnerability assessments, then crafting in-depth reports for both the C-level and engineering teams to process and act on.
A security analyst's mission is to monitor, identify, prevent, and stop attacks on their organization's IT infrastructure. To do this, Analysts must be able to rapidly parse through massive collections of logs from various detection sources, identify legitimate indicators of compromise from the good noise, then take the correct response actions to prevent further exploitation.
I can see the potential for overlap between these two infosec career paths while respecting their differences. To me, it comes down to wanting to be more frontline focused in my role.
I want to be in the trenches with the threat actor, sifting through their efforts and trying to stop them in real time versus the alternative of running a vulnerability scanner on all the organization's equipment and reporting your findings in a large final report. At the end of the day, all infosec careers are good careers, in my opinion.
What advice do you have for individuals considering becoming an information security analyst?
I would advise those who are looking to break into the field to find mentorship, obtain industry certifications, lab constantly in your downtime, and build your network. Do these things, and you will have no issues finding rewarding work in infosec.
What do you wish you'd known before working in security analysis?
My only regret is not finding the SANS Technology Institute sooner. I wasted a considerable amount of time and money by going down a degree path that wasn't geared towards cybersecurity. If I had found the SANS Technology Institute's bachelor's degree or ACS programs first, I would have developed quality experience, more industry certifications, and deeper working knowledge in a much shorter time frame than I did.
FAQ About the Daily Work of a Security Analyst
What does an information security analyst do day to day?
A day in the life of a security analyst varies depending on the industry, area of specialization, and position. The main goal of a security analyst is to protect their organization's computer system and network from cyberattacks.
Are the job tasks of a cybersecurity analyst the same as a security analyst?
Both of these types of professionals protect data and share some overlapping duties. However, cybersecurity analyst job tasks typically cover protecting information against crimes like phishing and fraud, while security analysts handle a wider scope of cyberintrusions.
Is the daily work of a security analyst stressful?
The daily work of a security analyst can sometimes be stressful. If your organization experiences a security breach or cyberattack, you may be held responsible. Sometimes, cyberattacks cost companies millions of dollars. At other times, the day-to-day of this job can be mundane and repetitive.
What are the most challenging responsibilities for a security analyst?
The most challenging part of being a security analyst is knowing that you are responsible for identifying vulnerabilities and stopping attacks. This requires you to think ahead and predict how criminals may be able to break into your system.
Recommended Reading
View hand-picked degree programs
Tell us what you’d like to specialize in, and discover which schools offer a degree program that can help you make an impact on the world.