Explore jobs
Find specific jobs
Explore careers
Explore professions
Best companies
Explore companies
Job outlook for information security analysts in the United States
Information security analyst job growth summary. After extensive research, interviews, and analysis, Zippia's data science team found that:
The projected information security analyst job growth rate is 32% from 2018-2028.
About 35,500 new jobs for information security analysts are projected over the next decade.
Information security analyst salaries have increased 12% for information security analysts in the last 5 years.
There are over 33,770 information security analysts currently employed in the United States.
There are 112,818 active information security analyst job openings in the US.
The average information security analyst salary is $98,144.
Are information security analyst jobs in demand?
Information security analyst job and salary trends over time
Information security analyst jobs over time
Information security analyst job growth rate over time
| Year | # of jobs | % of population |
|---|---|---|
| 2021 | 33,770 | 0.01% |
| 2020 | 35,160 | 0.01% |
| 2019 | 32,797 | 0.01% |
| 2018 | 55,345 | 0.02% |
| 2017 | 53,906 | 0.02% |
Average information security analyst salary over time
Information security analyst salary by year
| Year | Avg. salary | Hourly rate | % Change |
|---|---|---|---|
| 2025 | $98,144 | $47.18 | +3.4% |
| 2024 | $94,910 | $45.63 | +2.3% |
| 2023 | $92,761 | $44.60 | +3.0% |
| 2022 | $90,083 | $43.31 | +3.1% |
| 2021 | $87,338 | $41.99 | +2.8% |
Information security analyst jobs by state
Most common states for information security analysts
| Rank | State | Population | # of jobs | Employment/ 1000ppl |
|---|---|---|---|---|
| 1 | District of Columbia | 693,972 | 508 | 73% |
| 2 | Delaware | 961,939 | 295 | 31% |
| 3 | Rhode Island | 1,059,639 | 318 | 30% |
| 4 | Alaska | 739,795 | 222 | 30% |
| 5 | Minnesota | 5,576,606 | 1,529 | 27% |
| 6 | North Dakota | 755,393 | 205 | 27% |
| 7 | Vermont | 623,657 | 167 | 27% |
| 8 | New Hampshire | 1,342,795 | 340 | 25% |
| 9 | Virginia | 8,470,020 | 2,019 | 24% |
| 10 | Montana | 1,050,493 | 251 | 24% |
| 11 | Illinois | 12,802,023 | 2,883 | 23% |
| 12 | Washington | 7,405,743 | 1,704 | 23% |
| 13 | Oregon | 4,142,776 | 897 | 22% |
| 14 | Nebraska | 1,920,076 | 423 | 22% |
| 15 | Wyoming | 579,315 | 129 | 22% |
| 16 | Pennsylvania | 12,805,537 | 2,671 | 21% |
| 17 | North Carolina | 10,273,419 | 2,168 | 21% |
| 18 | New Jersey | 9,005,644 | 1,925 | 21% |
| 19 | Arizona | 7,016,270 | 1,446 | 21% |
| 20 | South Dakota | 869,666 | 185 | 21% |
Most common cities for information security analysts
| Rank | City | # of jobs | Employment/ 1000ppl | Avg. salary |
|---|---|---|---|---|
| 1 | Frankfort | 6 | 22% | $81,603 |
| 2 | Annapolis | 7 | 18% | $92,539 |
| 3 | Juneau | 6 | 18% | $97,753 |
| 4 | Dover | 6 | 16% | $108,237 |
| 5 | Lansing | 7 | 6% | $86,853 |
| 6 | Topeka | 6 | 5% | $80,528 |
| 7 | Tallahassee | 7 | 4% | $76,824 |
| 8 | Washington | 21 | 3% | $94,302 |
| 9 | Des Moines | 7 | 3% | $79,289 |
| 10 | Little Rock | 6 | 3% | $73,938 |
| 11 | Boston | 13 | 2% | $101,471 |
| 12 | Atlanta | 11 | 2% | $86,155 |
| 13 | Tampa | 7 | 2% | $77,658 |
| 14 | Urban Honolulu | 6 | 2% | $75,645 |
| 15 | Phoenix | 11 | 1% | $95,025 |
| 16 | Indianapolis | 6 | 1% | $77,623 |
| 17 | Baltimore | 5 | 1% | $92,515 |
Information Security Analyst job outlook: Expert opinions
Our panel of information security analyst experts
Rider University
University of Alabama at Huntsville
Pace University
West Virginia State University
University of Maryland Global Campus
Pennsylvania State University - Altoona
Pennsylvania State University - Lehigh Valley
Northwood University
The University of Tampa
Albertus Magnus College
Medaille College
Texas A&M University San Antonio
University of Georgia
Grantek Systems Integration
AVIXA
What general advice would you give to an Information Security Analyst?
Robert Cutlip Ph.D.: Seek internship opportunities while still enrolled. This will help with gaining experience, growing professionally, and starting to build your professional reputation and contacts. Also, actively engage in networking and outreach, along with research on private sector or government sector opportunities that you can pursue.
What Information Security Analyst skills would you recommend for someone trying to advance their career?
Robert Cutlip Ph.D.: Regarding salary, internship experience or part-time employment in the field will be of benefit. Also, any certifications in this area will be of benefit to prospective employers.
What will help Information Security Analysts increase their earning potential?
Robert Cutlip Ph.D.: The field of Cybersecurity is rapidly evolving. Threats from foreign actors are becoming more mature. Also, artificial intelligence presents new challenges. I would suggest staying abreast of new threat signatures, mitigation strategies, and technologies that will be a factor in this space in the near future.
What general advice would you give to an Information Security Analyst?
Zhengping Luo Ph.D.: Securing your first internship or job in your field can be challenging and sometimes frustrating. It's important to keep an open mind about all potential job opportunities in your field. While your first job may not be your dream job, gaining experience will improve your prospects as long as you remain in the field. Be patient, as you may face many rejections before landing a good position. It's worth noting that rejections are often not a reflection of your qualifications. Employers consider various factors when hiring, and many of which are often have nothing to do with your professional skills, so don't be discouraged. Simply keep moving forward without carrying the burden of past rejections. After securing your position, remain open to challenges, as they often provide opportunities to make a name for yourself and advance your career.
What Information Security Analyst skills would you recommend for someone trying to advance their career?
Zhengping Luo Ph.D.: Cybersecurity is a rapidly evolving field deeply rooted in Computer Science. To excel as a cybersecurity expert, you must understand the underlying technology of information systems. Therefore, continuous learning and staying updated with the latest technologies are essential. Currently, generative models like large language models are on the rise. It won't be long before cybersecurity concerns expand to include artificial intelligence technologies. Thus, the ability to keep pace with technological advancements, such as AI, is crucial for cybersecurity professionals. Cybersecurity is still evolving, and programming/debugging skills remain crucial. In addition, strong communication and teamwork skills are increasingly essential for cybersecurity experts.
What will help Information Security Analysts increase their earning potential?
Zhengping Luo Ph.D.: Maximizing your salary potential hinges on providing value in a market-driven economy. Make sure to focus on developing skills that are in high demand. One of the tips is to consider expanding your horizons beyond where you grow up or the place you received your degree. Explore opportunities in locations that value your talents and offer competitive compensation, such as different cities, states, or even nations. Additionally, don't limit yourself to familiar job roles; be open to new positions and industries. The evolving job market continually creates new and unforeseen opportunities. While striving for financial success is important, it's equally vital to consider long-term goals and personal fulfillment. Prioritize maximizing life experiences and other cherished values alongside financial goals.
What general advice would you give to an Information Security Analyst?
Tommy Morris Ph.D.: Cybersecurity is an ever evolving landscape. The tools you use in your job will change as your career progresses. Make sure to understand the underlying concepts behind the tools and the attacks you are defending against so that you can easily adapt to change.
What Information Security Analyst skills would you recommend for someone trying to advance their career?
Tommy Morris Ph.D.: Be close to the money. Cybersecurity is an expense to many organizations and a profit center for others, the ones that sell cybersecurity software and services. Try to work on the side that profits from cybersecurity if you want to make money.
What will help Information Security Analysts increase their earning potential?
Tommy Morris Ph.D.: Two skills are critical for the short term and long term in cybersecurity careers. Short term (3-5 years) artificial intelligence and machine learning will be a big trend in cybersecurity. Take a class in AI/MLand try to understand it can serve as a tool in your toolbox. Longer term, cybersecurity professionals need to be prepared to work on cross functional teams and be good communicators.
What general advice would you give to an Information Security Analyst?
Dr. Darren Hayes: Add a cover letter, to accompany your resume, as many older people who review your resume expect you to include one. Don't just list your skills but mention some special projects that you were involved in, or your impact on an organization during an internship. These demonstrate the application of your skills and can be great talking points during an interview. Don't add a lot of acronyms to your resume and expect that the reviewer will know what those mean - spell everything out. Read about the organization that you are applying to before an interview - it shows that you care and are taking an interest while in the interview. Professional certifications, in addition to your degree, will give you an edge over other applicants. Additionally, participation in team competitions, such as capture the flag, demonstrates a willingness to learn beyond the classroom, hone your skills, and ability to work in a team setting. Cybersecurity, digital forensics, IT, are always evolving so you need to continue to evolve too. Therefore, you should have plans to continue learning, such as professional certifications, graduate degree, training classes and other continuing education options. Talk about your plans and goals in an interview and not just about what you have done.
What Information Security Analyst skills would you recommend for someone trying to advance their career?
Dr. Darren Hayes: Many students add 'Excellent communication skills' to their resume but cannot explain what they mean by this. If you can demonstrate this by showing a website that you created, detailing your skills, portfolio of special projects, and other key successes, then it shows that you went the extra mile. Excellent communication skills can also be demonstrated with a YouTube video that you created, a presentation you gave at an academic conference or at other speaking engagements. Graduates looking for a job with Homeland Security that can demonstrate excellent writing skills are in need. My students who possessed excellent writing skills, in addition to technical skills, generally ended up making a higher salary. Those in high-ranking positions are generally assigned reporting responsibilities that require a good command of the English language. Critical thinking is also vitally important.
What will help Information Security Analysts increase their earning potential?
Dr. Darren Hayes: Artificial intelligence - in terms of automating certain areas of cybersecurity, such as acquiring threat intelligence, malware detection and being alerted to network breaches. Ransomware continues to be the primary concern for most organizations and using AI to quickly identify those threats and quickly respond will be key. AI can also be used in investigations, such as photo searches to identify where a suspect is or to find a missing person. Knowledge of current events - especially geopolitical events. These events have repercussions for the most sophisticated (state-sponsored) cyber attacks. Knowledge of a second, third or fourth language, is helpful now and will continue to be important - especially from a cybersecurity perspective because investigations often include foreign nationals. Knowledge of malware is really important for homeland security and this area of expertise will continue to be in demand. Incident response will continue to be understaffed and therefore tremendous opportunities will continue for those who can respond to network breaches, forensically analyze systems, examine malware, etc. Other areas of importance include, machine learning, quantum computing, open source intelligence (OSINT), threat intelligence (especially related to critical infrastructure and SCADA), cryptocurrencies, IoT threats and IoT evidence, to name but a few.
Dr. Ali Al-Sinayyid PhD
Assistant ProfessorWest Virginia State University
Computer Science
What general advice would you give to an Information Security Analyst?
Dr. Ali Al-Sinayyid PhD: Cloud Security: With the increasing adoption of cloud computing, expertise in securing cloud environments will be crucial. Artificial Intelligence and Machine Learning (AI/ML): Leveraging AI and ML for threat detection, anomaly detection, and predictive analytics will be essential in staying ahead of sophisticated cyber threats. Privacy and Data Protection: With the rise of data privacy regulations like the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), skills in privacy engineering, data protection, and compliance will be in high demand. IoT Security: As the Internet of Things (IoT) continues to expand, securing connected devices and IoT ecosystems will become increasingly important. Threat Intelligence and Cyber Threat Hunting: Proactive threat intelligence gathering and cyber threat hunting skills will be essential for identifying and mitigating advanced cyber threats before they cause significant damage.
What Information Security Analyst skills would you recommend for someone trying to advance their career?
Dr. Ali Al-Sinayyid PhD: Maximizing salary potential when starting your career in cybersecurity requires strategic planning and ongoing skill development. Here are some steps to consider: Certifications: Obtaining industry-recognized certifications such as CompTIA Security+, CISSP, CISM, CEH, or CCSP can enhance your marketability and salary potential. Practical Experience: Highlight hands-on experience through internships, co-op programs, research projects, or freelance work to showcase your skills and capabilities to potential employers. Negotiate Salary: Research industry salary benchmarks and be prepared to negotiate your salary based on your qualifications, experience, and the value you bring to the organization. Stay Updated on Industry Trends: Stay abreast of emerging trends, technologies, and market demand in cybersecurity to position yourself for lucrative opportunities and career advancement. Network and Build Relationships: Cultivate relationships with professionals in the field, participate in industry events, and leverage networking opportunities to uncover hidden job opportunities.
What will help Information Security Analysts increase their earning potential?
Dr. Ali Al-Sinayyid PhD: I advise any graduate of computer science entering the cybersecurity field, to focus on continuous learning and practical experience. Stay updated on emerging technologies, threats, and best practices through professional development courses, certifications, and participation in industry conferences and events. Also, you need to seek opportunities for hands-on experience through internships, research projects, or collaboration with industry partners. Finally, consider specializing in a niche area of cybersecurity to differentiate yourself and enhance your expertise.
What general advice would you give to an Information Security Analyst?
Jesse Varsalone: Cybersecurity graduates will need to learn to work with Artificial Intelligence (AI) as it becomes more integrated into daily IT tasks for problem solving. The proliferation of IoT (Internet of Things) devices connected to the network will increase the need for cybersecurity professionals to focus on securing these devices. Even more importantly, common cybersecurity tasks like securing and hardening will be even more paramount if networks include critical infrastructure devices. Cyberattacks can have far-reaching financial implications and cause serious damage to the reputation of companies. Attacks can also include intellectual property loss or the disclosure of personal information. As compromises including ransomware attacks continue to plague companies and organizations, it will be essential for cybersecurity professionals to know how to detect, respond to, and remediate these cyberattacks.
What Information Security Analyst skills would you recommend for someone trying to advance their career?
Jesse Varsalone: Obtaining additional industry certifications like CompTIA Security+, CISSP (Certified Information Systems Security Professional), and OSCP (Offensive Security Certified Professional) can make you a more valuable employee. If you are focused in an area like SOC (Security Operations Center), you can make yourself more well-rounded by learning a different role such as penetration (pen) testing. Adding an additional sector of cybersecurity will make you a more valuable asset to your present company and help you understand your current work role even better.
What will help Information Security Analysts increase their earning potential?
Jesse Varsalone: There are several things you can do to be successful in your career. Athletes in the NBA and NFL are at the highest level of competition, but they still go to practice all the time and participate in off-season workouts. Anyone in cybersecurity should also practice their skills on a regular basis. Microsoft, VMware, and Oracle provide free virtualization options where you can use Microsoft and Linux virtual machines to practice using the operating systems. Hackthebox and Tryhackme are two cybersecurity training platforms on which you can practice cybersecurity skills with free tiers. Both can help solidify skills and help you gain knowledge in areas of cybersecurity where you might want to expand your skill set. Some of the other ways that you can jump-start your career besides frequent practice include various networking opportunities within the cybersecurity community. Your college or community college may have a cyber team that you can join. Another option might be a local BSides conference (dedicated to advancing information security knowledge-sharing) or a local hackerspace like Unallocated in the Fort Meade, Maryland area. BSides events offer lock picking villages, capture the flag (CTF’s) competitions, and training sessions are all provided at a low cost.
What general advice would you give to an Information Security Analyst?
Syed Rizvi PhD: The field of cybersecurity is in a constant state of evolution, emphasizing the importance of continuous learning and staying abreast of the latest trends, technologies, and threats. Graduates should prioritize networking within the industry, as it can provide avenues for mentorship, collaboration, and career growth. Attending industry events, joining professional organizations, and connecting with established professionals are effective strategies. Practical experience holds significant value in cybersecurity; thus, seeking internships, participating in cybersecurity competitions, and engaging in personal projects are recommended to hone skills and build a robust portfolio. Additionally, while technical prowess is essential, soft skills such as communication, problem-solving, and teamwork are equally prized. Nurturing these skills alongside technical expertise is essential for professional success.
What Information Security Analyst skills would you recommend for someone trying to advance their career?
Syed Rizvi PhD: Proficiency in cloud security will be increasingly vital as cloud technologies see widespread adoption. Understanding how to secure cloud environments, data, and applications will be in high demand. Furthermore, the utilization of AI and ML technologies for both offensive and defensive cybersecurity strategies underscores the need for professionals well-versed in these areas. Familiarity with compliance frameworks such as GDPR, CCPA, and HIPAA is essential, given the evolving landscape of data privacy regulations globally. Additionally, the ability to swiftly gather, analyze, and respond to cyber threats in real-time will be paramount as threats become more sophisticated and prevalent.
What will help Information Security Analysts increase their earning potential?
Syed Rizvi PhD: Acquiring certifications such as CISSP, CISM, CEH, and CRISC can demonstrate expertise and potentially lead to higher salaries within the industry. Graduates should consider specializing in niche areas within cybersecurity, such as penetration testing, incident response, or security architecture, where demand for skilled professionals is particularly high. Pursuing leadership roles, such as team lead or manager positions, can also yield higher salaries and increased responsibility. During salary negotiations, it is crucial to research industry standards and market rates for the specific role and location. Articulating one's skills, experience, and value proposition effectively can help justify desired salary expectations.
Syed Rizvi
Professor, ChairPennsylvania State University - Altoona
Computer/Information Technology Administration And Management
What Information Security Analyst skills would you recommend for someone trying to advance their career?
Syed Rizvi: The field of cybersecurity is in a constant state of evolution, emphasizing the importance of continuous learning and staying abreast of the latest trends, technologies, and threats. Graduates should prioritize networking within the industry, as it can provide avenues for mentorship, collaboration, and career growth. Attending industry events, joining professional organizations, and connecting with established professionals are effective strategies. Practical experience holds significant value in cybersecurity; thus, seeking internships, participating in cybersecurity competitions, and engaging in personal projects are recommended to hone skills and build a robust portfolio. Additionally, while technical prowess is essential, soft skills such as communication, problem-solving, and teamwork are equally prized. Nurturing these skills alongside technical expertise is essential for professional success.
What general advice would you give to an Information Security Analyst?
Syed Rizvi: Acquiring certifications such as CISSP, CISM, CEH, and CRISC can demonstrate expertise and potentially lead to higher salaries within the industry. Graduates should consider specializing in niche areas within cybersecurity, such as penetration testing, incident response, or security architecture, where demand for skilled professionals is particularly high. Pursuing leadership roles, such as team lead or manager positions, can also yield higher salaries and increased responsibility. During salary negotiations, it is crucial to research industry standards and market rates for the specific role and location. Articulating one's skills, experience, and value proposition effectively can help justify desired salary expectations.
What will help Information Security Analysts increase their earning potential?
Syed Rizvi: The field of cybersecurity is in a constant state of evolution, emphasizing the importance of continuous learning and staying abreast of the latest trends, technologies, and threats. Graduates should prioritize networking within the industry, as it can provide avenues for mentorship, collaboration, and career growth. Attending industry events, joining professional organizations, and connecting with established professionals are effective strategies. Practical experience holds significant value in cybersecurity; thus, seeking internships, participating in cybersecurity competitions, and engaging in personal projects are recommended to hone skills and build a robust portfolio. Additionally, while technical prowess is essential, soft skills such as communication, problem-solving, and teamwork are equally prized. Nurturing these skills alongside technical expertise is essential for professional success.
Kermit Burley M.Ed.
Program Coordinator of Information Technology and Cybersecurity Analytics and OperationsPennsylvania State University - Lehigh Valley
Curriculum And Instruction
What general advice would you give to an Information Security Analyst?
Kermit Burley M.Ed.: I would tell any graduate who is just beginning their career to be certain to always give 100% effort and perhaps even just a bit more. You are doing this not only for your supervisor, but for yourself. This skill will eventually become a habit and will ultimately set you apart from your competition. Many graduates new to a job or position will frequently wait to have their supervisor tell them what to do. The truly successful graduate will always seek to solve problems and then do more than what is expected. And believe me, having been a supervisor many times in my career, this high effort person will be noticed and rewarded.
What Information Security Analyst skills would you recommend for someone trying to advance their career?
Kermit Burley M.Ed.: In my fields of Cyber and Information Technology we truly need the abilities to be always learning and always preparing for the next great breakthrough or the next big threat. So, adaptability and a willingness to always be learning are essential for success. Of course, our greatest challenge now and certainly in the next 3-5 years will be AI. (Artificial Intelligence) It is already upon us and has the potential to revolutionize our field and the entire landscape of what we do. The ability to stay ahead of that very steep hill will require constant innovation and an ability to accurately anticipate what is coming just around the corner. What I also see is an increased need for "people" skills, the ability to lead a team of people to achieve goals and budgetary requirements. All too often graduates in Cyber and IT are stereotyped as not having any people skills at all and preferring to work alone. This stereotype must end and those graduates who possess people skills will be in great demand not only in the next 3-5 years, but for decades to come.
What will help Information Security Analysts increase their earning potential?
Kermit Burley M.Ed.: In my fields of Cyber and Information Technology we truly need the abilities to be always learning and always preparing for the next great breakthrough or the next big threat. So, adaptability and a willingness to always be learning are essential for success. Of course, our greatest challenge now and certainly in the next 3-5 years will be AI. (Artificial Intelligence) It is already upon us and has the potential to revolutionize our field and the entire landscape of what we do. The ability to stay ahead of that very steep hill will require constant innovation and an ability to accurately anticipate what is coming just around the corner. What I also see is an increased need for "people" skills, the ability to lead a team of people to achieve goals and budgetary requirements. All too often graduates in Cyber and IT are stereotyped as not having any people skills at all and preferring to work alone. This stereotype must end and those graduates who possess people skills will be in great demand not only in the next 3-5 years, but for decades to come.
Professor David Sanford
Associate Professor an Department Chair (MIS, CS, CYB MGT, IS CYB)Northwood University
Computer And Information Sciences
What general advice would you give to an Information Security Analyst?
Professor David Sanford: Workers like that they are challenged to solve problems and lead technological innovations.
They appreciate the diversity of projects
They enjoy the need for continuous improvement and education
Many see the global impact of their work.
They also desire and appreciate the need for versatile skills
A competitive salary is also an item that employees like
Workers dislike that the work can be stressful
Dealing with tight deadlines and/ or cybersecurity concerns.
This is a positive and a negative: The need to constantly stay up to date with technology can be a bit overwhelming for some.
There may be times of isolation, and
The unexpected system failures can be frustrating as they often require extra hours or the need to be on-call.
The multiple responsibilities and managing repetitive tasks are also issues workers point out in this field.
In short, the workplace offers exciting opportunities but comes with its fair share of pressures and challenges. Different people have different experiences based on their roles and personal preferences.
Louis Bobelis
Part-Time FacultyThe University of Tampa
Information and Technology Management Department
What soft skills should all Information Security Analysts possess?
Louis Bobelis: I feel the most important soft skill is character. Being outspoken and able to explain technical cyber incidents decisively and clearly for non-IT-oriented people in your organization is especially important when you are in more senior-level positions.
What skills stand out on Information Security Analyst resumes?
Louis Bobelis: Cybersecurity is emerging as one of the hottest and most desirable job industries globally, so I feel student graduates must stick out far beyond just what their degree provides them with. As an IT-based profession, Industry Standard Certificates play a crucial role in the hiring process because it assures the individual as the basic knowledge set required to fulfill a "base-level" qualification. In the current job market, I would say it is almost mandatory to have a CompTIA Security+ in order to be competitive. SSCP, CEH, OSCP, CCSP, and CySA+ are other great options but may be more difficult for graduates.
What skills will help Information Security Analysts earn the most?
Louis Bobelis: In this industry, certificates truly do go a long way, and in some organizations, you cannot elevate or find growth without acquiring specific certifications. This is not always the case and showing your worth in your internal organization by coming up with ideas that can make the current processes more efficient is always a great way to attract promotion.
What hard/technical skills are most important for Information Security Analysts?
Louis Bobelis: An ability to triage events and understand a cyber investigation process. Understand how to sandbox a file and locate IOCs (Indicators of Compromise) within the file. Knowing and understanding the MITRE Kill Chain and other Cybersecurity standards.
David Garaventa
Director, Computer Information Systems and Cybersecurity Programs, Assistant Professor, CISAlbertus Magnus College
Business Administration and Management Department
What skills stand out on Information Security Analyst resumes?
David Garaventa: The skills/attributes required across a variety of jobs in the IT fields.
Dr. Steven MacMartin
Director, Associate ProfessorMedaille College
Homeland Security Program
What are the biggest trends we'll see in the Information Security Analyst job market given the pandemic?
Dr. Steven MacMartin: Overall, in general? Health care, elementary school teachers, daycare, researchers at the PhD level and also low level, entry/service jobs - fast food, restaurant, bar, etc. Homeland Security specifically - really none. Jobs in the Homeland Security field have remained largely unaffected by the pandemic, and the pandemic isn't really directly related to specific Homeland Security jobs. (Maybe in the research and technology fields.). A side effect of the pandemic has been to focus a little on cyber security issues and those jobs could expand in law enforcement and Homeland Security areas.
What soft skills should all Information Security Analysts possess?
Dr. Steven MacMartin: Absolutely - writing and oral presentation. A secondary skill that is helpful is academic research skills. But definitely writing skills.
How have salaries changed over time for Information Security Analysts?
Dr. Steven MacMartin: Salaries have steadily risen over time. A person at my level in government is currently making $20,000/year more than I was making when I retired 10 years ago. The same can be said for many areas of law enforcement, but not all.
What's a good job out of college for Information Security Analysts?
Izzat Alsmadi: It really depends on person interests, skills and expectations.
What are the biggest trends we'll see in the Information Security Analyst job market given the pandemic?
Izzat Alsmadi: For IT data science and cyber security will continue to grow for sure in the next few years.
Applications in smart phones, cloud computing, IoT will also see continuous interests.
What certifications/licenses/courses can have the biggest impact for Information Security Analysts?
Izzat Alsmadi: All certificates related to the earlier fields, specially data science and cyber security.
Paul Phillips CISA, CISM, MBA
IT Risk Professional Practices LeadISACA
Will there be an enduring impact of the coronavirus pandemic on Information Security Analysts?
Paul Phillips CISA, CISM, MBA: Yes, there will be an enduring impact on the entire global workforce and students. More graduates will be working remotely as companies undoubtedly shift to hiring more remote workers or shifting their current employees to work from home. Graduates who are technologically savvy and innovative thinkers will be more attractive as companies are looking for innovative ways to grow in the new normal. Given the evolving times and quickly changing landscape in many industries, graduates will need to also learn to be resilient, nimble and be able to quickly pivot in their new roles as needed.
What type of skills will young Information Security Analysts need?
Paul Phillips CISA, CISM, MBA: The recommended skillsets will vary depending on the type of role that the recent graduate is pursuing. In a research development team at a non-profit association like ISACA, for example, we look for candidates not only with specific knowledge or experience in a certain field - like IT risk or IT audit - but also with the ability to analyze data and communicate about research findings or best practices in these areas in a clear way in reports and other content to our members and the larger tech community.
Because our association serves tech professionals, we also have some interesting research around what they are looking for in employees too. Technology skills (especially those related to cybersecurity), as well as creative and communication skills are both attractive to these employers. ISACA's State of Cybersecurity 2020 survey report found that cybersecurity jobs are in high demand, and 78 percent of survey respondents expect an increased demand for technical cybersecurity positions. Among the skills they are looking for in their candidates are not just IT knowledge and cybersecurity technical experience but also business insight and soft skills (like communication).
What experience really stands out on Information Security Analyst resumes?
Paul Phillips CISA, CISM, MBA: Leadership and project management skills always stand out on a resume. Having any experience in leading a project and being able to demonstrate how this was profitable or made some impact for an organization is valuable, especially for a non-profit who may be looking for how to get the biggest value with sometimes limited resources. Again, technology skills coupled with marketing and/or business skills will be of particular interest. Employers are looking for candidates who will not only be able to bring relevant skills to perform their job, but who also have the communications skills and business savvy to be able to effectively engage with leadership and understand how their work ties in with the larger objectives of the organization.
Maric Boudreau
Department Head & Associate ProfessorUniversity of Georgia
Department of Management Information Systems
Will there be an enduring impact of the coronavirus pandemic on Information Security Analysts?
Maric Boudreau: Certainly - many businesses had to transform themselves to adjust to the current situation, and some of these changes will remain. For example, whereas we assumed that in-person interactions were always best, we now realize that virtual communications bring many benefits, such as greater efficiency and lower costs. Business processes have been streamlined and are more reliant on technology than ever before. MIS graduates are in a relatively good situation in that they have the necessary skill set allowing them to evolve very comfortably in a technology-based environment.
What type of skills will young Information Security Analysts need?
Maric Boudreau: Of course, we will continue to expect MIS graduates to have top-notch business and technology expertise, along with great analytical and problem-solving skills. But also, because of how businesses are transforming, these new recruits will need to be able to articulate the value they bring. In other words, they will need to make sure that, even as they might conduct a lot of their work via online means, their employer understands what they bring to the table and the contribution they make. They will also need to have self-discipline and time-management skills. Again, assuming they will not need to be physically present at all times as they conduct their work, this creates a greater requirement for self-management, both on the professional and personal fronts.
What experience really stands out on Information Security Analyst resumes?
Maric Boudreau: Internships and certifications are always considered positively by recruiters. Because of the pandemic, some of our students' summer plans fell apart (such as internships and study abroad). Those who can demonstrate that they made the best out of this situation and attempted to help others and improve their skills will stand out. For example, some of our students ended up working with small businesses and non-profit organizations in the Athens area to help them leverage technology so they could continue servicing their customers. These students developed websites, improved business processes, analyzed datasets - work that was non-compensated and done virtually. Not only did these students hone their technical skills, but also they felt quite good about helping out members of our community. Such experiences highlight students' resilience and determination when confronted with adversity, and these are the kind of things that stand out.
What type of skills will young Information Security Analysts need?
Jacob Chapman: It wasn't so long ago that I was a recent graduate - I graduated in 2014. So I try to reflect on my experience from the not-so-distant past when answering this question. Moving through roles at Grantek from an engineer to a director and regularly being in conversations around hiring and staffing needs reminds me how skewed my view of what makes a recent graduate successful was.
Something I've come to realize is how fast everything is changing. As students, we see that from a consumer perspective... such as the groundbreaking advances in wireless headphones, 5G, and TikTok. In the workforce, we experience that same change from a business perspective, and you feel it in the forms of company restructures, frequently changing roles and responsibilities, and endless experimentation.
So, I think the best recipe for success is to enter a field that you find interesting and engaging and welcome the chaos. Be willing - and excited - to throw yourself at something that's completely new and failing happily, then trying it again and getting better. Realize that tearing down old ways of thinking and re-building better ones, only to tear those down and re-build even better ones later, is an organic and flexible way of improving quickly. So focus on skills that facilitate being adaptable, excited, and collaborative. Communication skills, work-life balance skills, listening skills, and problem-solving skills are more essential than domain knowledge, in my humble opinion.
Are there any particularly good places in the United States for Information Security Analysts to find work opportunities?
Jacob Chapman: I would say the good news is there's a lot of flexibility. Working in the industrial automation field, manufacturing, and industrial operations are everywhere, and so are the vendors and service providers that support them. Additionally, remote access into the systems that need work done on them and employers' openness to working from home is accelerating. Finally, COVID-19 has made many organizations, which valued in-person interaction, learn that business can continue with a highly remote workforce.
With all of that being said, there are hotspots to be aware of. In life sciences, manufacturing, Raleigh-Durham, Philadelphia, New Jersey, Boston, and California come to mind. If you're open to working at an engineering services company or an OEM, your options are endless, and they're often located outside major U.S. and Canadian cities.
How do you envision technology impacting Information Security Analysts in the next 5 years?
Jacob Chapman: We are already well into an explosion of technology and innovation affecting manufacturing and industrial operations. Longstanding technology platforms and manufacturers regularly leapfrog each other in terms of performance and market dominance, making the technical landscape a constantly moving target. But one trend is currently the king of trends, which is IoT, with billions of devices being connected to the internet. The industrial space is being just as affected, and operations that were historically "simple" and mechanical will be increasingly data-driven, and manufacturers who hesitate to adopt higher-tech have a harder time being competitive.
It means professionals to implement systems, aggregate data, generate real-time insights from them, and translate those insights into business decisions will be increasingly in demand. This requires so many pieces to come together, such as networking, cybersecurity, computing, automation, smart manufacturing systems, and more. Even more important are technical professionals who also understand the business landscape, the underlying needs of industrial operations, so individuals who have had exposure to many of these areas, over time, are highly valuable.
What type of skills will young Information Security Analysts need?
Joé Lloyd: In the coming years, graduates can look to cyber/data security, AV over IP (compression and signal routing, network architecture, and artificial intelligence as areas for skill development and expertise.
Are there any particularly good places in the United States for Information Security Analysts to find work opportunities?
Joé Lloyd: Because AV is so tied to people, we're not an industry that has hotspots in the same way that tech, finance, and the defense industries do. Cities will have more AV jobs than rural areas, and areas with strong growth will outperform those without, but we do not predict hubs at this time.
What general advice would you give to an Information Security Analyst?
Joé Lloyd: In the AVIXA 2019 Q2 Macro-Economic Trends Analysis, we studied how tight or slack labor markets affect hiring. We found that the current economy is tough for those seeking to enter a skill-intensive industry like audiovisual (AV). Our data shows that when unemployment goes up, AV companies respond by raising hiring standards. Candidates will need a strong résumé to get hired, whether it’s in years of experience or a targeted technical degree or certification.