网络安全 analyst is among the more common job roles in the field. But what does a cybersecurity analyst do?
网络安全 analysts will typically review alerts and logs for a number of requirements, including data loss prevention (DLP), 事件日志, 可疑活动(e).g., 暴力尝试, sign-in attempts from risky countries), endpoint logs (if necessary) and attempts to use non-sanctioned software or applications (e.g.、云存储、个人电子邮件). 此外, they may assist with incident investigation, 供应商尽职调查, answering security questionnaires from clients and other work as required.
All of these are dependent on the nature of the organization and items tailored to that job but are typical requirements for this role. As an information security analyst, which essentially was a similar role, I was involved heavily in these requirements and more.
How much does a cybersecurity analyst make?
According to Glassdoor as of June 2023, the average salary for a cybersecurity analyst is £59,020, 或75美元左右,000, 每年. This could of course vary based on the region (for example, working in or for a company based in London tends to increase the salary) and experience. In my time as an information security analyst (three years), I did not earn this salary based on the region I work in and my experience at the time.
What are some examples of cybersecurity analyst skills that would be required?
A keen attention to detail; ability to look for patterns or trends based on the alerts/logs being analyzed; ability to work individually as well as part of a wider team; ability to provide any statistics or concerns to stakeholders in a clear manner; ability to address concerns with employees who are non-compliant in a clear and polite manner; if necessary, escalating to their line manager for investigation; and lastly, the ability to pick up new tasks and prioritize accordingly.
What industries do cybersecurity analysts work in?
通常, cybersecurity analysts work in security operations centers (SOCs) monitoring for suspicious activities and reporting these to the appropriate clients. 然而, more organizations are hiring cybersecurity analysts internally to fulfill these roles and other information security requirements. Sectors including the one I currently work in (software as a service, 或SaaS), 还有银行业, 零售, 旅游及旅游业, and insurance are all looking for these roles, based on the increased threat to their organizations from attackers.
How can you become a cybersecurity analyst?
Some may be hired from university into junior roles, as the specific work requirements can be taught and there is a keen focus on soft skills for the role. More senior positions may require previous experience and qualifications, depending on the organization and their requirements. I began my role as a systems analyst in another area of the business, but I was volunteered to join the internal audit team. Based on my work within that team and the skills I demonstrated, when a position was coming up for an information security analyst, 我成功了, as I brought the skills from auditing but also my wider knowledge of the business and other departments to assist with policymaking decisions.
编者按: For more cybersecurity insights and resources from ISACA, visit our 网络安全资源页面.
