How to become a Security Analyst


by Gina Roberson, Analyst

This post is inspired by Bally Kehal‍s series on “how to become X”.

What is a security analyst?

Security analyst is a very broad job description containing a lot of sub-categories. In theory it’s someone analyzing something security, right? Security analyst can cover everything from someone looking at APTattacks (type 1) to someone working in a SOC (type 2) to someone assisting a CISO or project managerwith project guidance on how to improve security controls for an organization (type 3). These are at least the types of security analysts I have run into in my life.

How much does it pay to be a security analyst?

As you can see you should expect around 60-80k USD per year if you work here in the US, with higher salaries being possible for those very qualified or senior.

What are the background and experience requirements of a security analyst

Type 1 job requirements:

A lot of OSINT research and malware analysis skills are needed as well as analytical skills that you best get through for example university Ba or MSc. You also need high levels of personal and corporate OPSEC.

Type 2 job requirements:

SOC work requires as a minimim skills at incident response‍, basic malware analysis‍ and preferably some experience working with the tools of the trade within incident response. Scripting and technical skills are also highly required. It’s possible to learn this trade from scratch if you get lucky and get in the door through for example an intern position.

Type 3 job requirements:

For this type of job you need experience with project management and an ability to understand how the tools from different vendors work, how they would interface with your existing infrastructure and the deficiencies or shortcomings of different tools. Technical skills to work with and implement different tools and security controls are important.

How to become a security analyst?

Type 1. The security analyst position of working with and taking apart APT malware‍ is not something you just do. For this type of work – start out as a malware analyst‍, see Bally Kehal‍s post here.

Type 2. SOC Security analyst is a position that you can enter from almost any level of experience and background, depending on the company. SOCs are expanding very rapidly nationally and companies will need to let people in the door here without the ability to “hit the ground running” or simply not be able to hire enough. Willingness to learn and an aptitude for Infosec should be enough, any experience you have with tools, system administration or programming should be an advantage.

Type 3. Security vendor interfacing position with project management advisory role – for this position you should have experience working with vendors and implementing security controls in some capacity. I would not recommend type 3 as an entry level position, since experience here really adds a lot of value. A university level education in computer science or similar would be a great additional thing to have.

What do they do on the job?

Type 1:

Malware analysis, honeypot setup and administration, log analysis and sample gathering and investigation. OSINT research. Report writing!

Type 2:

Investigating alerts, checking logs, implementing security controls, checking checkboxes, talking to users and basic malware analysis. Incident response tasks suh as forensic analysis and responding to malware. Threat hunting.

Type 3:

Security control and tool research. Meeting with vendors, reading a lot. Building business cases and assisting in implementation projects.

What types of certifications help?

For all of the above positions, certifications such as CISSP‍, CEH‍, CIH‍ and basically all of the GIAC‍ certifications are of value. Even C|CISO and CISM wouldn’t be bad for the ambitious individual.

How to start?

Get a fomal degree in Infosec somewhere. This is definitely the best way to start. Do internships somewhere where they will let you get your feet wet and touch upon the role of security analyst.

This article was originally posted on Peerlyst.