A cyber security analyst is likely to have a broad range of responsibilities, depending on the size and scope of the organisation.
In general, they will have responsibility for monitoring organisations IT and network systems, with a view to detecting and preventing cyber threats and all types of criminal activity that may impact on the organisation itself.
These threats may be external, and sometimes internal as well.
A cyber analyst may work on their own, or in a team with people having similar roles. These are sometimes referred to as an information security consultant or a cyber intelligence analyst.
Cyber Security Analyst Salaries
Any salary figures should always be treated with a degree of caution. They can vary considerably depending upon the company, the industry, the company itself and the experience of the individual.
Industry experts indicate that a starting salary should be around approx US$ 30,000 / US$35000, rising to approx US$ 80,000 / US$ 90,000.
In addition to salary, many companies will offer a range of employee benefits, depending upon the industry sector, whether the job is remote or in-house and the individuals levels of skill and experience.
Common benefits can include : a bonus, a pension scheme, medical insurance, travel allowances, expenses, relocation or housing allowance, gym membership, mentoring, training and qualification assistance.
These benefits are often negotiable, and many companies are now being a lot more flexible in how they can help employees maximise their work/life balance.
For current trends in cyber security analyst salaries, it is a good idea to have a quick browse through common job openings on sites such as Indeed or Monster.
Cyber Security Analyst Working Hours
One of the aspects to a lot of cyber security jobs is that the company will expect some of their employees to do shiftwork.
This is often true of big companies, or companies in sectors such as financial services. This is simply that their systems need continual monitoring 24 /7, 365 days a year.
Where this applies, the role of cyber security is likely to be deemed a high priority, with the understanding that any data breach has to be dealt with as soon as possible.
The role of a cyber security analyst will be part of this process of continual monitoring of systems, either remotely or in-house
Cyber Security Analyst Qualifications
A cyber security analyst will need to understand and have experience of a wide range of different IT systems, an understanding of computer science, and broad experience of cyber and information security.
Organisations will differ as to what they deem to be appropriate qualifications.
Some will place a heavy emphasis on degrees that are computer-based, but may be willing to take people who have degrees in subjects such as maths or physics.
Other organisations will be happy to hire people who can prove that they have the relevant experience and skills, but are lacking in formal qualifications.
This is one of the job roles in cyber security that would be deemed by most people to be available through an entry-level route.
Cyber security entry-level jobs tend to be those that people can work their way towards by starting off in relatively straightforward IT jobs, and working their way up.
Many companies are now offering some type of formal training, either in-house or online that people can work towards doing their day job as well
In addition, there are many online courses, both degrees and different levels of certificationt hat people can work on in their own time, and gain valid qualifications that will be acceptable to most employers.
The best entry-level jobs in cyber security tend to be those that are commonly referred to as some type of IT administrator, or similar position. This is a very broad term and can encompass other job titles as well.
The logic behind entry-level jobs is that they mean people have some level of computing experience.
This can be in areas such as IT systems and networks, hardware and software, an understanding of cyber security and a willingness to help sort out technology related problems and issues.
Even entry-level jobs are likely to require some degree of experience and skills related to computers and technology.
They will be seen as a building block towards more detailed and specialised roles in cyber security, with additional training and qualifications needed on top.
Role of an IT administrator
This job will in theory, do everything, depending upon the size and scope of the organisation, but does offer unique opportunities in terms of learning the intricacies of an IT infrastructure.
This normally involves understanding and managing business systems and software, software and system licenses, network and network boundaries, i.e. the procedures and processes and data entry and recording.
In addition, an IT administrator is likely to be required to communicate and negotiate with all members of the organisation, at all levels, which provides valuable experience, and can increase confidence considerably in the employees understanding of their role.
Cyber Security Entry Level Job Training
Traditionally, most entry-level jobs in IT do not provide formal training training in cyber security, or very many related technology qualifications.
This is changing quite considerably as companies recognise the need to hire and retain talent, and they recognise the ever-changing nature of the cyber security landscape.
However it is a slow work in progress for a lot of organisations, and the gaining of qualifications and certifications is something that most individuals will need to take responsibility for themselves.
There are many courses, degree and certification courses, that include a significant level of practical work experience.
Training providers recognise that employers are looking for practical proof that prospective employees have experience in solving cyber security problems, and this is one way for people to do it.
Some degrees offer an industry placementas as part of their course, and some online courses offer what they refer to as laboratories, which people can use to gain experience and get certification for their practical skills.
This type of training can be an invaluable add-on to someone working in an entry-level job, and gives them valuable academic qualifications and practical experience, allowing them to move up the ladder.
Quite often, it is a good idea to progress from an entry-level job to a more significant role in cyber security within the same organisation is possible.
This makes moving from one organisation to another easier in the long-term, as the individual will have significant relevant experience that should match whatever a new organisation is requiring
Many people who work in the field of cyber security like jobs that give them flexibility to work from home, some of the time, and in the office for the rest of the week. Others do prefer to work permanently from home, or permanently in the office.
Employers on the whole have traditionally prefered people to come into the office, but have in recent years shown a willingness to let you work from home.
Cyber security jobs tend to be more flexible on the whole, because employers recognise that much of the work is done online, and can be done remotely as well.
One of the reasons for this, is that a lot of cyber security work needs to be done 24/7, 365 days a year, and most staff involved in this type of work will need to do different shift patterns.
This can be easier to manage if the work can be done from home, or if it does need to be done in an office, people will want jobs close to where they live.
This does of course come with challenges in terms of network security itself, but these issues tend to be well known in advance and are normally easily resolvable.
The value to an employee of remote working is that they can work from home. People on the whole like to work near to where they live, for ease of commute and because it gives them more leisure time
Being able to work from home is a good option where it is practicable to do so.
The world of covid has made remote working normal for a lot of people, both in cyber security jobs and from many organisations and companies as well.
Peoples mindsets have been forced to switch to remote working as being normal, and the idea of working in an office has almost become the abnormal.
Whether or not this remains the case once covid has receded is obviously not known at the moment.
What is clear, if both employers and employees have experienced more flexibility in this area than previously, and any future job openings should be able to reflect this.
It is something that should be open to negotiation, and is likely to become a more normal part of people’s work life balance going forward.
The job of a cyber security engineer is one of the more clearly defined ones within the overall orbit of cyber security jobs..
Allowing for this, there is still a lot of scope for different aspects of the work, and a high degree of overlap with cyber security analysts, and other roles.
A cyber security engineer is likely to have responsibility for developing, maintaining and overseeing an organisation’s entire network system.
They may do this on their own, or with other cyber security professionals depending upon the size of the organisation. However, they are likely to have primary responsibility for this work.
Such work normally involves performing assessments of how effective the company network is, various scenarios of penetration testing and the development and implementation of secure network solutions.
Cyber security engineers may also be known as IT security engineers, application security engineers, web security engineers or data security engineers.
Whatever their title, their primary responsibility will be the integrity of the network the organisation they are working for.
This work will have numerous aspects, some very technical which the cyber security engineer will be expected to have the necessary qualifications and experience to deal with.
Cyber security engineer salaries
According to industry experts, the average salary for a cyber security engineer is around US$98,000. A quick look at job listings online confirms this, with many jobs being advertised with salaries around this figure.
It is important to remember the any salary is in theory negotiable, and may vary depending upon whether the job is remote or on-site.
In addition, job salaries may vary depending upon other benefits that are offered, including bonuses, profit share, relocation expenses and other standard industry inducements.
It is worth noting that salaries in the military services for cyber security engineers are significantly lower than in the commercial sector.
This in part it is the nature of public service, but is also likely to reflect the fact that the military are in a position to provide some, if not all, of the training required, which may be an attractive proposition for some people unable to afford or get a university degree.
Cyber Security Engineer Qualifications
A cyber Security engineer will definitely need some formal qualifications, most commonly a degree in computer science, a degree in electrical engineering and proficiency in a number of programming languages such as Java, Python, C++/etc
Some universities offer specific degrees in cyber security engineering, which will combine elements of computer science with electrical engineering, and may include some practical placements as well.
In addition to formal qualifications, cyber security engineers will be expected to have considerable experience in understanding networks, how they work and the various protocols need to function properly.
The engineer will also need to demonstrate a willingness to quickly adapt to new trends, threats and understandings within the world of cyber security and cyberspace.
An internship is normally an unpaid position within a company or organisation. It differs from voluntary work in that it is normally more structured and more focused, often with specific job responsibilities outcomes and goals.
Although unpaid, some organisations do offer a type of stripend, although this is normally fairly minimal, and are likely to offer expenses as well.
Internships originated in political circles, where they were seen as an opportunity for people to gain valuable experience within a political organisation, in return for the voluntary work they did for that party.
The idea of internships moved into the commercial sector quite slowly, but has gathered pace over the last few years. In some industries it is rife, and has come in for a lot of criticism for the way it has developed as a working practice.
The reason internships have come in for a lot of criticism, is that increasingly they are seen as being quite exploitative. From a company point of view it means they can use unpaid staff, who have no or very few legal rights or benefits, to do jobs that the company would otherwise have to employ people to do.
From the point of view of someone looking for a job, if there are few job openings, but there are some internships, people may feel pressured or obligated to go down that route, in order to gain experience, and hopefully get a job at the end of it
It is worth making a distinction between internships and placements. Many university and college courses do offer some element of practical experience. This sometimes is done as a placement within an organisation, or in a virtual setting with some type of online laboratory.
When it is done as a placement within an organisation it is a perfectly legitimate use of resources, both for the organisation and the university.
Whether an individual should apply for a cyber security internship is really a question only they can answer. It may well depend to an extent on how desperate they are for a job or work experience.
This desperation, can of course only act to feed the more immoral employers who sees internships as a way of cheap or unpaid labor.
Training for any job is really important, partly to make sure that the person can do the job effectively, but also to give the person the confidence to do it.
Traditionally, formal training has been quite common in public sector jobs, but in private and commercial work, most training tended to be informal or on the job, with the exception of certain professions.
This need for more formal and ongoing training has become more obvious in certain industries, and is a crucial element of most jobs in cyber security.
A lot of the formal training is done through universities and colleges, and increasingly specialised websites, which are themselves training companies.
The quality of training can vary, like training in any industry, and largely depends upon the experience and skill of the trainer themselves.
When it comes to training, there is a very important principle to follow.
The applicant, or employee, needs to have a very clear idea of what job they want to do, and what training, either formal or informal, is needed in order to do the job properly.
Once this has been established, then the applicant is in a position to assess who offers the best training available to them, either online or on campus.
This assumes that the individual is arranging their own training, either in order to get a job in cyber security, or as part of on-going professional development.
If the employer is providing the training, then it’s obviously a different matter.
The employee still has a responsibility to make sure that the training does cover what it is meant to, as that is an assumption that the employer will make, unless told otherwise.
There is one caveat that needs to be made regarding all types of training establishments, be they universities or online companies.
They will all to an extent offer a sales pitch to their training, with the pitch being, generally, that this training will lead to certain career paths.
This pitch well give the impression that the training provider is on the side of the individual applying for the training, and is working with them to get what the individual wants.
This may be true to an extent, but it should be remembered that the training provider is first and foremost interested in selling their own training.
The overlap between the needs of the individual, and the content of the course itself may well be high, but individuals should always remember that they are two separate needs.
There are certain jobs in cyber security that do require specific formal training. These are normally gained through a university or college degree, or some other alternative qualification.
Cyber Security Degrees
At a degree level, most universities have traditionally offered some type of computer science degree, or degree in a related technology field. Alternatively, degrees in subjects such as mathematics or physics, or electrical engineering have been an appropriate alternative.
Degrees are now becoming more specialised, including in areas such as digital health, and more frequently degrees, both undergraduate and postgraduate, in cyber security itself.
There is an obvious attraction for anyone wanting to work in cyber security to look at gaining a degree in that very subject.
The caveat, is that these degrees can vary quite widely in terms of their subject matter, which may or not being appropriate for the work the individual wants to do.
While most of these degrees or have as their endpoint a career in cyber security, most of them can have a very different focus in terms of content.
Some will be very clearly computer science-based, with a heavy emphasis on programming, networking and information security, mathematics specifically for computers, databases and operating systems.
Other degrees will have more of a focus through the lens of cyber crime, with a strong emphasis on major cyber security, ethical hacking, data mining, online privacy and penetration testing.
All these are perfectly valid areas of work in the field of cyber security jobs, but again it is important that the individual starts off knowing what type of work they want to do, and then make sure that the degree they are going to do is a fit for that job in terms of the course content.
Cyber Security Certification
Certificationin the world of cyber security has usually referred to specific industry certification, such as a Microsoft Certified IT Professional (MCITP) or a Cisco Certified Network Associate ( CCNA)
These types of certification do not specifically relate to cyber security directly, but obviously can be of real benefit indirectly, either in terms of the work itself, or as a lead in to qualifying in some other aspect of cyber security.
In addition, there are many online providers, such as Cybrary, which offer online certification in a variety of different cyber security roles, such as security fundamentals, ethical hacking, digital forensics, incident response and web app security.
These courses can be taken online, and once completed, gain certification. Many employers now recognise the value of these certificates and are willing to accept them as proof of knowledge and experience in a particular area.
Other areas of online certification
There are a significant number of online course providers who offer free courses in cyber security and other related subjects. The caveat is that they charge a fee for a certificate at the end of it.
It is debatable whether or not these types of certification are of any real value, especially if an individual can demonstrate to a prospective employer that they have gained the experience and knowledge needed simply through the course itself.
Unsurprisingly, one of the first things anyone looks for when looking for a job in cyber security is the salary.
A quick search on Indeed for cyber security job will bring up approximately a dozen different categories of work, ranging from entry-level jobs through to cyber security engineers and analysts to cyber security managers.
Many entry-level job openings do not show any salary information at all, normally a fairly good indication that the pay rate is quite low.
Some entry-level jobs do have official job titles, such as cyber associate data engineer, which is a job as an entry-level software engineer, showing salaries of between US$ 50,000 and US$ 75,000.
Many jobs listed in the cyber security industry do not salaries at all. This is not because they are low, but because they expect to negotiate salaries directly with any individual who wants a job position, once it has been agreed.
As an example, job sites list openings for cyber intelligence analysts, risk management analysts, information security analysts, cyber audit analysts, cyber threat intelligence analysts etc.
It is likely that much of the experience and qualifications needed for these jobs is very similar, and the ones that do show salaries, indicate a range of between US$ 50,000 to US$ 120,000.
Similarly, salaries for penetration testers are often not listed, although a salary for a senior vulnerability specialist is currently listed on Indeed at a salary of US$ 135000.
There is a moral to this. That in order to work out what sort of salary one can expect for a particular job in cyber security it is sometimes necessary to do a bit of research to find comparable jobs that to have salaries advertised
This is one of the confusing areas of cyber security jobs – that there are a myriad of different job titles used for different roles, many of which have essentially the same job responsibilities. It does make searching for a job a bit harder, and changes the focus of the job search.
What it means for the job applicant is that they cannot simply rely on the job title of the position advertised. They need to have a clear understanding of their own qualifications and experience, and see to what extent this fits the needs of the company advertising the job.
The important thing is to look at what benefits are offered alongside the salary. All market indicators suggest that there is a significant imbalance between jobs and applicants, in the applicants favour.
This puts most job applicants in a much stronger position to negotiate salary and benefits for any position they are applying for.
Aside from traditional benefit packages, one of the most common areas of negotiation nowadays is that of remote/on-site working.
Many people prefer flexibility of mixing their ability to work from home with working in an office, and value the worklife balance that it brings.
Many employers are willing to be more flexible in this area nowadays, and see this as an important element in both recruiting and retaining valuable staff.