Which qualifications are needed to become a cyber security analyst?
Cyber security analysts are often the first and last line of defence against cyber-attacks. They are the ones who not only have to deal with the actual technical implementation but also train the wider workforce on proper usage of systems and work through crises. Therefore, the skill requirements for experts in the field is high, but so is the compensation and salary growth. If you haven’t already, also check out the detailed Job Description page for cyber security which also covers the career prospects and daily routine for cyber security professionals.
- A graduate degree in an IT or tech-related field is highly recommended. Most jobs have a lot of on-the-job training and cyber security is no different. However, the technical prerequisites are much higher for cyber security. You need to be well versed with the core IT platforms that your employer is using, its weaknesses and how to overcome them. Graduating from a top college will add to your overall attractiveness and make it possible for you to apply to more reputable and thus higher-paying companies
- In terms of specific degrees, IT and computer science-related fields would be the top preference. There are specific cyber, IT, informatics and network security courses that are offered by some universities. Graduates with these degrees would have a leg up but since the demand for cyber security professionals far outstrips the supply, graduates in other technical fields like science, mathematics and engineering, and even business, have more than a fair chance of getting hired.
There a ton of cyber security-related certifications which are well recognised in the industry. They can be general or tailored towards a specific to the role that you are aiming for. Here are some examples:
- Certified in Risk and Information Systems Control (CRISC) – Ideal for IT risk management professionals but can also be beneficial for control and assurance teams. This is all about the impact of IT risks – right from identification to mitigation and control
- Certified Information Systems Auditor (CISA) - If your interests lie in the governance and audit side of things, this is the route to go
- Certified Information Security Manager (CISM) - This certification is well suited for information security managers and even the IT leadership within a company. It adds a business flavour to IT security, creating an ideal blend of the two disciplines.
Certifications like these would generally be considered a plus and boost your chances of a CV shortlist. All of the good certifications will have a formal exam at the end which is what makes these certifications valuable. Having one of these makes it easy for the company to shortlist you because they can be sure that you have indeed mastered the basics that are taught in the respective course.
Another advantage of such certifications is networking opportunities. Larger organisations usually have local chapters which can help you network with other professionals in your field and that can only help you in your career down the line.
Just a word of caution - not all certifications are beginner-friendly. Some are designed for professionals with at least a few years of experience who are just looking to transition to a more senior role. Therefore, it might be a good idea to have a look at the curriculum before you decide to enroll.
Hopefully, this should give you enough of an idea to start your search for the right certification for you.
It would also be a very good idea to do some extra courses on security-related topics. These don’t have to be formal courses and they differ from formal certifications in the sense that you aren’t really doing them for the added CV value but rather to gain some extra knowledge about the field or to fill in any holes in your understanding of certain concepts.
- Platforms like Coursera and Udemy offer good courses created by industry professionals and you can access them at quite an affordable price. These might also be really good for beginners which is not the case with the more complex formal certifications. You can complete them at your own pace and even use them to get your feet wet in the field of cyber security
- Such courses can also help you look at the various niches within the broader cyber security field and decide which one interests you the most
- Lastly, remember that these really don’t have to be formal courses. There are a lot of well-written articles and even YouTube videos which cover these topics, but the benefit of these courses is that they present the information in a well-structured manner.
Work experience / Internships
- Nothing adds more value to your CV like some on-the-job experience. Even a year or two of experience can make you more attractive as a candidate since the employer knows you understand the basics of how to practically use your theoretical knowledge and hit the ground running from day one. However, it becomes a catch-22 sort of situation where you can find it hard to break in without the experience and can’t get the experience without breaking into the industry first.
- This is where internships come in. Internships don’t pay well (or at all in some cases) and you end up doing grunt work, but they are probably the easiest and most sure-fire way to get your foot in the door. If you are a student, your college or university can likely help you connect with the industry resources to secure one or you can just do it on your own. Chances are, many companies will be more than happy to have an extra hand help out at minimal cost to them
- Internships are also great for building up your CV. For example, it is much easier to get an internship in a really good firm as compared to a full-time offer and having that company’s brand on your CV can really boost things
- Finally, another great advantage of internships is that if you are really good, you can get a full-time offer from that very firm. Even if you don’t really want to join that company, it is good to have an option that you can fall back on and you can continue to apply elsewhere with peace of mind.
What skills do cyber security analysts need?
Cyber Security, at the end of the day, is all about protecting your company’s digital assets. You can think of yourself as cyber cops and specialise in anything from risk management to forensics and from network security to consulting. Here are some of the core soft skillsets required:
Cyber Security requires you to think analytically. You have to be methodical, thorough and sometimes think like a machine. All digital devices follow rules-based algorithms and if you are to safeguard them, you have to have a clear understanding of how those algorithms can break down when faced with external tampering and how best to safeguard them.
Communication and presentation
These skills are important as you will not be working in a silo. You would be coordinating with other internal and even external teams including business, finance, risk, audit and so on. Secondly, it is your job to highlight all the digital risks that the business faces. This means that you have to explain a lot of technical things to top management in a language that they can understand and of which they can then appreciate the significance. Most business failures throughout history have happened due to a lack of effective communication.
Project management/ organisation skills
Part of a cyber security professionals’ job is also to bring structure to organisation in chaotic systems. Incompatible systems and untrained users can create a lot of vulnerabilities and gaps in cyber security. Large one-time projects as well putting this in order on a daily basis is something that cyber security professionals should be comfortable with.
Search other articles to learn more about cyber security analyst careers:
Search Jobs to find out about the cyber security job roles we currently have available.