Although graduates often have many different career paths available, it is not always clear how to pursue them. Every issue, I will seek to explain the best way to give oneself a chance of securing a position in one of these professions. This week, my aim is to answer the question , “how do I become an information security analyst”?
A job in this sector fundamentally involves being one step ahead of cyber criminals. With a rise in security breaches across the globe each year, this field is only going to continue to grow in the future. From universities to the government to celebrities, there are people employed to create safeguards for electronically saved personal information.
Although most of the work of such analysts often goes unnoticed, this is essentially the goal. As when their occupation does get recognition, it is often from the front pages of national newspapers reporting a failure to thwart stealthy cyber invasions.
Some recent high profile cases include Wikileaks and Citigroup. The former has been a topical issue for eight years with its dedication to publishing secret information from anonymous sources. Its ability to provide a continuous flow of classified data is not only a concern for those affected, but also political systems across the world. With regards to Citibank, the vast quantities of sensitive information and financial transactions passing through the financial giant daily were compromised in 2011. The details of over 200 thousand customers were illegally accessed resulting in a $2.7 million loss for the company.
The irony of illicit online attacks is that some offenders actually get a job out of their malicious attempts to expropriate data. Government agencies occasionally choose to adopt the philosophy of using the once criminals as an asset.
Selections of the most astute database hackers are recruited as information security analysts. They are used to anticipate the next moves of their counterparts, and develop complex, multi-layered systems to protect the integrity and privacy of information.
Information security is a field that is extremely skills-orientated. Due to the nature of the job, people must have a strong foundation in both problem solving and analytical skills. Identifying risks and subsequent defence planning is at the very core of the job. One needs to have knowledge of what they are protecting and solve any vulnerability that it may possess. Thus, the vitality of gaining vocational experience in a company is invaluable.
Although there are very little internship and apprenticeship opportunities catering directly to information security, there are many analytical and data management positions open to undergraduates. Most of the summer programmes open for applications during the autumn and are looking for students in their penultimate year of study. The primary reason for this is that those who show promise during their time at a company may well be offered a job contract dependent on the completion of their degree. In other words, the internships actually serve as a simple, but comprehensive form of graduate recruitment.
However, if looking to start early, there are first year programmes available at certain corporations. Additionally, it is always worth asking smaller businesses whether they would be able to provide a potential trainee position, but do not expect to receive the same remuneration as that offered by the larger firms.
In terms of education, a bachelor’s degree is the typical minimum requirement. The most suitable topics are obviously those orientated around computing with most applicants graduating from a degree in computer science, programming or engineering.
However, people from a variety of disciplines have a chance if they have acquired a substantial amount of experience in this area. The most popular and helpful IT course is the Certified Information Systems Security Professional (CISSP). Yet certifications of knowledge are not as helpful in providing evidence for training as they are in making the individual more marketable. At the end of the day, there have been people working at the forefront of data security for years without certifications.
Some employers will set the bar a little higher by asking for a master’s degree in business administration or a similar alternative. When acting upon major threats, there are often legislative requirements that guide protocol and procedure. While some knowledge of this will come through on-the-job training, a background understanding of the administrative and legal side of the profession is advantageous.
Although not immediately obvious, there are more facets to information security than just the technical side. Jobholders need to be able to communicate system flaws effectively to business administrators and fellow IT professionals.
In return for holding a position of such responsibility, workers in this profession are often rewarded with both job security and a healthy salary. According to the Bureau of Labor Statistics in the United States, the demand for information security analysts is projected to increase 36.5% over the next eight years, while the median salary is equivalent to about £53,000. This is approximately 25% higher than the average for all job postings.
So overall, it is a rare sector where supply for jobs outweighs demand and above all, one’s application can be successful if they have built a set of relevant skills and experience.