Information security analysts are responsible for protecting information in an organization’s computer systems from data breaches and cyberattacks. Since lots of sensitive data is stored electronically these days, including bank account numbers and passwords, these professionals are crucial.

Information security analysts may install and maintain firewalls or data encryption software, develop security standards and best practices to protect sensitive information, identify risks and vulnerabilities in an organization’s network systems, and investigate if a data breach occurs.

“The opportunities are vast right now in the profession,” Casey Cegielski, a professor at Auburn University who specializes in information security, and a partner at a cybersecurity consulting firm, wrote in an email. “Every organization needs security people who have a strong industry understanding and are willing to learn technical skills and continue to grow.”
The Bureau of Labor Statistics projects 31.5% employment growth for information security analysts between 2022 and 2032. In that period, an estimated 53,200 jobs should open up.

You’ll typically need a bachelor’s degree to work in an information security role. According to the BLS, this could be a degree in computer and information technology, or even engineering or math. But Cegielski says employers may prefer candidates with a degree in information systems.

“That surprises many people because they think this role is heavily focused toward computer science,” he says. “In fact, this is a business role first. You are helping secure the business based on the regulations, compliance requirements and strategy of the organization.”

Various cybersecurity certifications are available, and many companies prefer to hire certified security professionals. In addition, information security analysts must always be learning and growing with the ever-changing technology landscape, staying on top of the latest trends, issues and threats.

“I am a huge advocate of continuous education in this profession,” Cegielski says. “The skills and knowledge required to be successful evolve quickly.” He specifically mentions that the Certified Information Systems Security Professional, Certified Information Systems Auditor and Certified Information Security Manager “are all very challenging credentials to earn and valuable indicators of a broader understanding of the profession.”