What Do Cybersecurity Analysts Do?

Simon Backwell
Author: Simon Backwell, Information Security Manager, Benefex, and member of the ISACA Emerging Trends Working Group
Date Published: 5 July 2023

Cybersecurity analyst is among the more common job roles in the field. But what does a cybersecurity analyst do?

Cybersecurity analysts will typically review alerts and logs for a number of requirements, including data loss prevention (DLP), event logs, suspicious activities (e.g., brute force attempts, sign-in attempts from risky countries), endpoint logs (if necessary) and attempts to use non-sanctioned software or applications (e.g., cloud storage, personal email). Furthermore, they may assist with incident investigation, supplier due diligence, answering security questionnaires from clients and other work as required.

All of these are dependent on the nature of the organization and items tailored to that job but are typical requirements for this role. As an information security analyst, which essentially was a similar role, I was involved heavily in these requirements and more.

How much does a cybersecurity analyst make?

According to Glassdoor as of June 2023, the average salary for a cybersecurity analyst is £59,020, or around $US75,000, per year. This could of course vary based on the region (for example, working in or for a company based in London tends to increase the salary) and experience. In my time as an information security analyst (three years), I did not earn this salary based on the region I work in and my experience at the time.

What are some examples of cybersecurity analyst skills that would be required?

A keen attention to detail; ability to look for patterns or trends based on the alerts/logs being analyzed; ability to work individually as well as part of a wider team; ability to provide any statistics or concerns to stakeholders in a clear manner; ability to address concerns with employees who are non-compliant in a clear and polite manner; if necessary, escalating to their line manager for investigation; and lastly, the ability to pick up new tasks and prioritize accordingly.

What industries do cybersecurity analysts work in?

Typically, cybersecurity analysts work in security operations centers (SOCs) monitoring for suspicious activities and reporting these to the appropriate clients. However, more organizations are hiring cybersecurity analysts internally to fulfill these roles and other information security requirements. Sectors including the one I currently work in (software as a service, or SaaS), as well as banking, retail, travel and tourism, and insurance are all looking for these roles, based on the increased threat to their organizations from attackers.

How can you become a cybersecurity analyst?

Some may be hired from university into junior roles, as the specific work requirements can be taught and there is a keen focus on soft skills for the role. More senior positions may require previous experience and qualifications, depending on the organization and their requirements. I began my role as a systems analyst in another area of the business, but I was volunteered to join the internal audit team. Based on my work within that team and the skills I demonstrated, when a position was coming up for an information security analyst, I was successful, as I brought the skills from auditing but also my wider knowledge of the business and other departments to assist with policymaking decisions.

Editor’s note: For more cybersecurity insights and resources from ISACA, visit our cybersecurity resources page.