This month, we are thrilled to announce new research: Role Profile: Security Analyst[1]. This research is both a necessary document as well as a labor of love. I often say that security analysts have the worst job in the world, and for good reason: The hours are long, a simple mistake can have ramifications across the organization, and there is a wealth of tribal knowledge needed to succeed.
Despite these factors, the security analyst is viewed as an entry-level role for most security teams. This, in part, makes it difficult for security leaders to find and retain talent -- especially over security vendors that can often afford to pay more, provide better benefits, and offer better opportunities for advancement.
The skill required to succeed is one of the main barriers to entry in this industry. Interviewees unequivocally stated that to succeed as a security analyst, working 8 a.m. to 5 p.m. was not enough. And despite being an entry-level role, our research showed that the average security analyst job description listed:
-
One to three years of experience within cybersecurity: fewer years of experience required with a college degree, more years of experience with no college degree.
-
Preferred bachelor's degree, with consideration of high school degrees with several years of experience or certifications.
-
Preferred certifications in one or more of the following: Certified Ethical Hacker (CEH), CompTIA CySA+, GIAC Certified Incident Handler.
-
Familiarity with technical subjects, including a programming or scripting language, firewalls, proxies, security information and event management, antivirus, intrusion protection system/intrusion detection system concepts, technical knowledge of networking, operating systems, enterprise integrations, WAN/LAN concepts, ethical hacking tools, and TCP/IP protocols.
The bottom line is that right now, an entry-level cybersecurity role has requirements much closer to an intermediate one. Time and time