Being a cyber security analyst is a job where no two days are alike. Your career will test your skills and intelligence regularly, and you need to keep learning and growing to perform well.
Cyber security analysts are necessary to the safety and health of everything from a company's finances or customer's data to democracy itself ― depending on where you work and your role there. It's also a job that's in high demand, so this is a good time to pursue a career in the field.
Because of the unique aspects of cyber security jobs — including building an employer's trust that you are indeed "secure" — a strong resume and convincing cover letter are of paramount importance (you can build both docs using our Resume Templates and Cover Letter Templates).
What do cyber security analysts do?
A cyber security analyst's job is to safeguard data for a company or government office. Cyber security analysts must understand how their enemies think, what they want and how they are trying to get what they want. Those enemies can be thieves, corporate competitors, hostile foreign governments or any of a host of hackers and miscreants who seek systems with vulnerabilities to exploit for their own purposes. Your job as a cyber security analyst ―if you choose to accept it ― is to protect that data.
Pick a path within the field
Cyber security is a vast field, so the first step is to understand its parts. The field of medicine, with its many branches, is a good point of comparison.
"Just as when you decide to become a doctor, you have to narrow [the field] down," says Roger Grimes, a cyber security analyst and the author of several books on the topic, including Hacking the Hacker: Learn from the Experts Who Take Down Hackers.
"Does it mean you want to be a general practitioner, a pediatrician or a surgeon? Before you look for cyber security analyst jobs, go learn about the field. Figure out where your natural interests lie. It's important to be interested in the role you choose, because you are more likely to read and learn about a topic you like."
Some of the potential areas you might specialize in as a cyber security analyst are:
- Computer forensics
- Application security
Each area has a different role when it comes to protecting data. A computer forensics specialist evaluates how hackers get in, after the fact, to find and patch the vulnerability. If you work in application security, your work would involve protecting software from potential intrusions.
You can learn much more about the details that go into the various specialties at sites like Schneier on Security, The Sans Institute, CSO and other forums and newsletters dedicated to professional cyber security analysts.
Get the right education for the job
A cyber security degree can look different depending on where you go to school. Many cyber security analysts have a degree in computer science. If that's not what you studied, don't let that stop you from considering this career path.
"I am a CPA," explains Grimes. His background in accounting served him well, though he has also gone on to earn numerous cyber security certifications.
"I think we sometimes have too many people with computer science degrees in security," he says. "They tend not to understand the business side of things. My degree in accounting makes me more valuable in this industry because it gives me a more diverse background and a knowledge of other aspects of business."
The ability to communicate is also essential. You have to understand the threats to a company or entity and be able to articulate those threats to management teams that may have little understanding or interest in the subject.
"I think people who studied liberal arts are particularly good at this aspect," says Grimes. In some roles, you will have to explain ― and likely train ― the company's other personnel on how not to become a security risk, since social engineering (aka, tricking humans into opening the door) is one of the most effective ways hackers get into any system.
If you're still in college, focus less on your major and more on making connections in the field, applying to internships and participating in activities related to cyber security. For example, your school might have an information security club or host conferences related to the field.
It's also never too early to begin learning how to write a resume. If you're a recent graduate or college student, you can still reach out to career services, professors or mentors. Creating a LinkedIn profile and connecting with people you meet in the field can help you build your people-centric early, which can be invaluable when you apply to entry-level cyber security jobs.
Hone in on computer networks and certifications
You can't be a cyber security analyst if you don't know your way around a computer network. Knowing how to code will help as well.
"Learn a programming or scripting language," Grimes recommends. "It makes you twice as valuable in this industry."
Whatever specialty you choose will have its own knowledge sets, and you will have to become an expert at those. Your computer science degree ― if you have one ― will have covered some of this. But if you didn't study computer science or you find there are holes in your knowledge of cyber security, you can learn more online at sites such as Cybrary, which specialize in training people to work in this field. You can take classes online in everything from penetration testing to scripting languages to network analysis.
Certifications are necessary for the field, and there are many to pursue. As you explore your potential path within cyber security, you will find that you need or want specific certifications. Perhaps you want to become certified in cyber defense, penetration testing or incident response and forensics.
Perhaps you want to become a certified ethical hacker. Many companies hire ethical hackers to bulletproof their systems against an attack from an adversary. There are dozens of certifications to choose from, ranging across the entire industry. GIAC (Global Information Assurance Certification), a respected online certification group, offers over 30.
Land an internship
Most entry-level cyber security jobs require experience — up to three years in the field in some cases. Hackers are continually morphing to stay ahead of their opponents (that's future you!) Gaining relevant experience can be a challenge, but an internship can help you get the valuable experience you need whether you're still in school or graduated.
"Find a company in your area of interest and ask if they offer internships," says Grimes. But be warned. Becoming a cyber security analyst is a bit like becoming a spy. You might find that those doing the hiring are suspicious of your motives.
"Some companies worry that interns only want to steal data or find the company's vulnerabilities," says Grimes. But anything worth doing is hard, right? And what sort of spy will you be if you can't find a way past this small obstacle?
Ready your application
To stand out as an entry-level cyber security analyst, you'll need an eye-catching resume and cover letter. These pieces of the application puzzle will convince an employer that you have the background skills, the ability to learn new techniques and stay ahead of the curve, and the trustworthiness required to bring you inside their organization.