Skills & Qualifications of a Cyber Security Analyst

For entry-level positions, many employers look for security analyst applicants with a bachelor’s degree (or sometimes a master’s) in computer-related fields such as computer science, information science, and possibly math and engineering. Security certifications (or the pursuit of one) are sometimes mandatory and can boost the candidate’s chances. It is also possible to land this job without a university degree but the candidate needs to have a good work history in a related field (such as system administrators) with solid references and possibly a security certification.

An intermediate-level security analyst position requires a combination of education, certifications, and industry experience. At least 3 years of direct information security experience is required to get this promotion. Crossovers from other industries are also possible but the chances are slim. Military veterans, software engineers, and investigators who performed information security duties can be considered as reliable candidates given they have some related certifications. This position is, and will remain, unattainable for candidates with no work experience and valid credentials. Intermediate-levels have a list of duties that require years of experience and solid industry knowledge.

Senior-level analysts need to accumulate at least 8 years of work experience strictly as a security analyst and there is no way around that with little to no exceptions. To be a successful analyst, a security professional must be detail-oriented and have thorough analytical skills. A good theoretical security knowledge along with an adaptable mindset to work with various real world scenarios will also prove crucially beneficial. This will require years of training and hard work but it is deemed necessary to succeed in such a consequential role.

Here is a list of skills that aspiring security analysts need to master regardless of their entry path to the industry:

• Strong communication skills, both written and verbal
• The ability to explain complex technical concepts to non-technical staff and clients
• Good time management skills to meet strict deadlines
• Multi-tasking and the ability to take-on many projects at the same time
• Awareness of security best practices when it comes to physical, human, hardware, and software security
• Programming skills (for select positions only) and an understanding of databases, front-end and back-end practices
• Creation of security policies and documentation
• A good mastery of identity management, authentication, authorisation, and risk assessment concepts
• Knowledge of industry best practices and frameworks when performing penetration tests and vulnerability assessments, both internally and externally
• A good insight on how to design and deploy security controls such as firewalls, intrusion detection/prevention systems, honeypots, encryption solutions, VPN’s …etc
• A strong theoretical knowledge of access controls and their best implementation practices

There are also several certifications that could demonstrate the applicant’s security skills and make them more desirable by employers. Here is a list of the most in-demand ones:

• CEH: the Certified Ethical Hacker certification is the most sought-after title by HR departments. It is the ‘core’ certification of cyber security and it is tailored to the security analyst position. It is provided by ec-council which continues to set standards in cyber security training and certifications
• Comptia Security+: this popular certification serves as a test for baseline security skills and knowledge and is attractive to beginners who want to get into the industry. It covers the main theoretical topics of cyber security such as security controls, penetration testing, and incident response.
• GSEC: Giac Security Essentials Certification holders can demonstrate both practical and theoretical security defense skills that go beyond terminology and definitions. The test covers everything from access control and endpoint security to IT risk assessments and cryptography.
• ENDP: Elearnsecurity Network Defense Professionals can demonstrate practical network security skills. It can prove that the candidate can practically remediate security issues and harden a network infrastructure to prevent targeted attacks.
• OSCP: this is by far the most practical certification for security analysts. Offensive Security Certified Professionals can demonstrate strong ethical hacking skills because of the hands-onl nature of the test. Applicants need to compromise a series of vulnerable boxes in a twenty four hour time-frame and document the whole process.