An information security analyst is someone who takes measures to protect a company’s sensitive and mission-critical data, staying one step ahead of cyber attackers. They do this by coming up with innovative solutions to prevent critical information from being stolen, damaged or compromised by hackers.
Note the differences between a Security Analyst and a Security Administrator:
Security Analysts – are responsible for analyzing data and recommending changes to higher ups, but do not authorize and implement changes. Their main job is keeping attackers out.
Security Administrators – ensure that systems are working as designed by making changes, applying patches and setting up new admin users. Their main job is keeping systems up.
The information security analyst is responsible for protecting all sensitive information within a company. With the rise in hackers and data breaches sweeping throughout companies and the government, there’s a greater need to keep personal and top-secret information safe from cyberattacks. Information security analysts help develop, implement, and ensure compliance of policies to protect an organization’s data from being inappropriately accessed or used, by erecting firewalls and encrypting data transmissions to secure confidential information as it is being received or transmitted. These attacks may come from inside or outside the company.
Information security analysts focus on three main areas:
Information security analysts promote security awareness in the company. This works with improving the security of its computer data and improving network and server efficiency. They document tests, security and emergency policies, and procedures. Information security legal requirements may change, therefore the analyst must stay abreast of regulatory requirements.
An information security analyst remains current on reports of computer viruses, decides if updated protection is needed, and shares this information with the company or customer. The security analyst also organizes and conducts training for all employees regarding company security and information safeguarding. They also maintain or modify computer security files to add or incorporate new software, change a person’s access status, and correct errors.
Information security analysts create plans to prevent any malicious or inadvertent use of data, create plans for emergency use, train users on security measures, and monitor access to data. Along with these duties, they may also be tasked with going over information on viruses and ensuring virus protection is in place. They may be asked to take a look at risks of data exposure as well as make sure that security systems are in place and working as designed. They may also serve as experts on application development project teams to ensure the application complies with the organization’s information security standards.
The information security analyst may be included in planning for other threats to the organization’s data, such as threats caused by severe weather, maintaining power to servers in case of a local outage, and planning for continuing operations at alternate sites in case the main operations site needs to be shut down.
Many analysts work in IT departments and manage the security of their companies computer networks. Many information security analysts work with other members of an information technology department, such as network administrators or computer systems analysts.
Information security analysts find employment in many different industries. Large corporations and small startups alike demand skilled information security workers, and some cybersecurity professionals even work as independent contractors.
A person working as an Information Security Analyst in Kenya typically earns around KSH172,000 KES per month. Salaries range from KSH89,400 (lowest) to KSH263,000 (highest).
The minimum requirement for becoming an information security analyst is typically a bachelor’s degree in computer science, computer programming, engineering or another closely related discipline. Many community colleges and technical school are beginning to offer two-year associate degrees and certificates in information security designed specifically to prepare students for careers as information security analysts. However, a bachelor’s level education in computer technology or science is still the career path of choice.
Earning an MBA in information systems with an undergraduate degree in computer science, or a closely related discipline, is an attractive combination since many employers are seeking candidates with expertise in both business management and information security. Earning a MBA typically requires an additional two years of schooling beyond a bachelor’s degree.
At the end of the day what employers really care about is what you’re able to do. Many employers not only want to see that you have a degree, but that you have relevant work experience. In fact, many employers are looking for individuals who already have experience in the field for which they’re hiring.
