Updated · Dec 02, 2022
How To Become a Cybersecurity Analyst [All You Need To Know]
Updated · Oct 13, 2022
According to Chuck Brooks’ Forbes article, “Alarming Cyber Statistics From Mid-Year 2022 That You Need To Know,” the number of cyber attacks on US businesses in 2021 increased by 15.1% from 2020. The resulting cost was over $6.9 billion in 2021 alone.
If you’re reading this, you know what many businesses and governments have learned the hard way: the need for robust cyber security is constantly increasing.
This is where you can step in.
Cybersecurity Analyst is an exciting and financially rewarding career with many paths and specializations. Here, we’ll discuss what the job entails, what skills you need to develop, the certifications to pursue, and how to break into this industry.
What Is a Cybersecurity Analyst?
Put simply, a cybersecurity analyst works to identify threats and defend a network or system.
This can involve:
- Monitoring and analyzing network traffic for security issues
- Responding to and documenting incidents or breaches
- Installing and maintaining security infrastructure, such as firewalls and intrusion detection systems
- Performing forensic analysis on systems
- Performing penetration testing
- Evaluating an organization’s current security posture
- Fixing and patching vulnerabilities
- Designing recovery plans and promoting best practices across the organization
- Reverse engineering and malware analysis
And much more.
As you can see, the job offers various career paths. Saying you’re getting into it is like saying you’re entering the trades. That could mean any number of specific professions.
A cyber forensic investigator is as much a cybersecurity analyst as an ethical hacker, yet those are two very different day-to-day jobs. Since you’re likely reading this to learn how to break into this field, we won’t focus too heavily on the more advanced specializations.
Instead, we’ll discuss the roles of a blue team incident responder and a red team penetration tester (pentester).
Blue Team – Incident Responder
As a cybersecurity incident responder, you must monitor a network and react to any sign of breach or intrusion. Once spotted, you’ll need to document and contain the incident, gather information for analysis, and notify the necessary people within your organization.
The job contains four steps:
- Detection and Analysis
- Containment, Eradication, and Recovery
- Post-Incident Activities
Made By Kris Morrison
This requires the ability to effectively understand system and network logs, use intrusion detection systems and SIEM solutions, problem-solve under pressure, and have excellent communication skills.
Red Team – Penetration Tester
As a penetration tester (or ethical hacker), you’ll utilize the same tools, tricks, and techniques the bad guys use to attack your employer. In this job, you emulate the enemy to effectively audit a company’s security posture and put its blue team to the test.
This job consists of five steps:
- Scanning and Enumeration
- Gaining Access
- Maintaining Access
- Covering Tracks
Created By Kris Morrison
A successful penetration tester has a solid understanding of:
- Security infrastructure
- Linux and Windows administration
- Scripting languages like Bash and PowerShell
- Scanning tools like Nmap and Nessus
- Exploit and C2 frameworks like Metasploit, Covenant, or Cobalt Strike
Regardless of the direction you take in your Cybersecurity Analyst career, you’ll need certain foundational skills.
Let’s take a look at some of the must-haves:
Obviously, a strong understanding of enterprise-level networking is necessary. This means diving deep into LANs and WANs, the difference between switches and routers, and troubleshooting common networking issues.
Considering Microsoft’s Active Directory is used by 90% of Global Fortune 1000 companies, learning Windows Server 2016 and 2019 is important for both attackers and defenders. As more and more companies move to the cloud, you should consider adding Microsoft Azure to your knowledge base as well.
Linux plays a role in both offensive and defensive security. Linux distributions such as Security Onion are used for networking monitoring, while Kali and Parrot are used by hackers (ethical and otherwise). Many common tools pentesters and incident responders work with are open-sourced and designed for Linux systems.
Whether you’re reporting on a security breach or presenting the results of your pentest, you need to be able to clearly and concisely organize the information in a professional and easy-to-digest manner. Often, you’ll be writing for both technical departments and c-level executives. So you must be capable of speaking to both audiences.
You don’t need to be an expert in any programming or scripting language. However, a basic understanding of Python, Bash, and PowerShell will go a long way. Learn enough about how they work and what their syntax looks like. Ideally, you want to be able to look at a basic script and tell what it’s doing and how you might tweak it to your needs.
Among the most fun parts of being a cyber analyst is playing with all the tools you keep in your digital arsenal. While countless programs are available and many overlap in features, here are some of the better-known and more widely used.
Blue Team Tools:
- Suricata: open-source intrusion detection and intrusion prevention system
- GRR Rapid Response: incident response framework for remote live forensics
- Velociraptor: digital forensics and incident response (DFIR) framework
- Snort: considered the foremost open source intrusion detection system
- WireShark: network protocol and packet analyzer
- Zeek: open-source network monitoring system
Red Team Tools:
- Metasploit: exploitation and enumeration framework
- Burp Suite: a suite of tools for pentesting web applications
- Nmap: a network mapper and vulnerability scanner
- Covenant: a command and control framework
- SQLMap: an open-source tool used to detect and exploit SQL injection vulnerabilities
- Nessus: a mass vulnerability scanner
- Hydra: a password cracker that supports a massive range of password types
There are many great resources online. A good case in point is this course library available with VIP membership at StationX. It’s designed to develop your skills and teach you the ins and outs of these particular tools.
How To Become a Cyber Security Analyst
Now that we’ve established what this career entails and some of the skills required, let’s talk about the actual steps you need to take.
Is a degree from a college or university required to enter this field?
While there’s certainly no harm in pursuing a degree in cyber security, Cyber Analyst is a rare case of a high-paying and highly technical career that doesn’t require one.
What you do want to pursue are certifications. While a college degree looks good on a resume, it doesn’t tell a potential employer what you know unless they’re familiar with that school’s program.
We’ve seen many cyber security programs from colleges and universities which are simply prep courses for certifications such as CISSP, CEH, or Security+. An employer can’t be sure what that program covers in its curriculum, what’s expected of the students, or if the instructors are qualified to teach this subject matter.
Certifications are standardized worldwide. If you have a CCNA, CySA+, OSCP, CISSP, or any other recognized industry certification, the material and knowledge required is the same in New York as it is in London, Tokyo, or Rio de Janeiro. Having such credentials tells your potential employer exactly what you know.
But with so many programs available, which should you pursue?
Made By Kris Morrison
Start with a foundational networking certification. Either the CompTIA Network+ or Cisco Certified Network Associate (CCNA).
Next, get a foundational security certification. We recommend the CompTIA Security+ or the (ISC)2 Systems Security Certified Practitioner (SSCP).
From here, decide which path you want to take, red team or blue team.
Blue Team Certifications
- GIAC Information Security Fundamentals (GISF)
- GIAC Security Essentials Certification (GSEC)
- eLearnSecurity Certified Incident Responder (eCIR)
- eLearnSecurity Certified Threat Hunting Professional (eCTHPv2)
- CompTIA Cybersecurity Analyst (CySA+)
Red Team Certifications
- eLearnSecurity Junior Penetration Tester (eJPT)
- TCM Academy’s Practical Network Penetration Tester (PNPT)
- OffSec’s Offensive Security Certified Professional (OSCP)
- Pentester Academy Certified Red Team Professional (CRTP)
- Zero Point Security Certified Red Team Operator (CRTO)
Down the line, you’ll want to pursue more high-level certifications, like CISSP, CISA, and CISM, but those are more advanced and aimed at seasoned professionals.
While it’s certainly possible to be hired directly into a role with the correct certifications, it’s more likely that you’ll start in a more introductory position and work your way up.
Jobs as Stepping Stones
Often, companies will be more interested in hiring for entry-level networking or IT support positions. Both of these job types will provide hands-on experience in troubleshooting, learning the technology that particular employer uses, and can expose you to some of the other departments you’re seeking to join.
With some experience to your name, move to an entry-level security analyst position. Here, you’ll be monitoring computer systems and escalating potential threats to responders.
The next step is to move into your preferred path. Look to an Incident Responder or Penetration Tester role, either within your current company or outside of it.
From there, it becomes a choose your own adventure. Do you want to get into forensic analysis? Do you want to focus on Active Directory pentesting? Maybe you’re interested in learning how to write and/or analyze malware? Once you’re in, you can take any direction you like.
Made By Kris Morrison
Other Ways to Move Up
The above is just one example of how to become a cybersecurity analyst. You can take much longer to get there, or you can get your dream position without taking on a help-desk or networking role first.
It’s not a one-size-fits-all journey.
While we stress certifications as a way of demonstrating your skills and knowledge, many of the adversaries you’ll be defending against do what they do without those credentials to their name. And this doesn’t make them any less efficient.
A great way to springboard yourself is to become known to the community. Write a blog about your journey. Publish opinions on what you’re studying, walkthroughs for online challenges like Hack The Box – anything industry-related.
If you’ve written some simple Bash or Python scripts, put them on a GitHub page. Let others benefit from and share your work.
YouTube is another free way to get exposure. Even if many have covered the same thing, it doesn’t mean you can’t. How many times have you tried to learn something and watched multiple videos until coming across the one that clicked for you?
You can get involved in industry meetups and Capture the Flag tournaments or join Discord communities to make connections. Make sure to post your accomplishments on LinkedIn and share your thoughts on Twitter.
All of these things add to your reputation in the same way that time in an entry-level position does and can help you bypass some of the early steps.
According to ZipRecruiter, the US salaries for the more well-known cybersecurity job titles tend to be quite impressive, even for junior positions.
I’ll state some caveats, however.
First, these salaries are the averages. Some have swings showing lows of $25,000 and highs of $151,000 for the same position. Where in the country you’re working, the size of the company, and the job’s scope all make a big difference.
Second, we already discussed how terms are often malleable. Some companies will use “analyst” and “incident responder” interchangeably, while others will consider “incident response” to be one facet of a security analyst position.
Lastly, consider the role may be named by human resources, but the responsibilities are dictated by a technical manager. As a result, the job title and actual position might not be exact matches.
With all of that in mind, ZipRecruiter lists the average salary in the United States for the following job titles.
Made By Kris Morrison
No one said getting into cyber security was easy (and if they did, they were wrong), but it’s an enriching and well-paying career with many different and fascinating paths to choose from. For more information, look at this guide to starting a career in cyber security, which discusses paths and certifications for specific cyber security roles in detail.
What qualifications do I need to be a cybersecurity analyst?
Start with a networking certification (Network+ or CCNA). Then a security certification (Security+ or SSCP). Next, decide which direction you want to take.
If red team, your goal should be the OSCP, though there are several others you can also look into.
For blue team, the eCIR isn’t the most well-known, but it’s both hands-on and reasonably priced. GSEC is more sought after but much more expensive, so weigh your options.
How long does it take to become a cybersecurity analyst?
Cybersecurity is unlike the trades where you have a standard number of years in school, then as an apprentice, then as a journeyman.
You’ll be learning at your own speed. Then, you may need to work up to the position you’re after, or if you’re fortunate, be hired directly to it. No two journeys are the same.
How do I start a career as a cybersecurity analyst?
Don’t be afraid to start in a help desk or networking role.
Attend events and Capture the Flag competitions to network with professionals. Blog, keep a GitHub page, join Discord communities, or start a YouTube channel to gain exposure.
Never stop applying.
Is it hard to become a cybersecurity analyst?
It’s certainly not easy to become a cybersecurity analyst. However, it’s a career that doesn’t require a college degree.
You can self-train with online courses, use paid and free labs, and take certification exams to prove your skillset. You’ll need to dedicate lots of time and recognize that you can never stop learning, even after getting into your career.
If you need a more in-depth explanation of the process, feel free to check out our comprehensive guide on how to become a cybersecurity analyst.
Deyan has been fascinated by technology his whole life. From the first Tetris game all the way to Falcon Heavy. Working for TechJury is like a dream come true, combining both his passions – writing and technology. In his free time (which is pretty scarce, thanks to his three kids), Deyan enjoys traveling and exploring new places. Always with a few chargers and a couple of gadgets in the backpack. He makes mean dizzying Island Paradise cocktails too.
Latest from Author
Your email address will not be published.