Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems.
Information security analysts typically do the following:
Information security analysts are heavily involved with creating their organization’s disaster recovery plan, a procedure that IT employees follow in case of emergency. These plans allow for the continued operation of an organization’s IT department. The recovery plan includes preventive measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. Analysts continually test the steps in their recovery plans.
Information security analysts must stay up to date on IT security and on the latest methods attackers are using to infiltrate computer systems. Analysts need to research new security technology to decide what will most effectively protect their organization.
Information security analysts held about 163,000 jobs in 2021. The largest employers of information security analysts were as follows:
| Computer systems design and related services | 27% |
| Finance and insurance | 15 |
| Information | 14 |
| Management of companies and enterprises | 8 |
| Administrative and support services | 5 |
Many information security analysts work with other members of an information technology department, such as network administrators or computer systems analysts.
Most information security analysts work full time, and some work more than 40 hours per week. Information security analysts sometimes have to be on call outside of normal business hours in case of an emergency.
Information security analysts typically need a bachelor’s degree in a computer science field, along with related work experience. Employers may prefer to hire analysts who have professional certification.
Information security analysts typically need a bachelor’s degree in computer and information technology or a related field, such as engineering or math. However, some workers enter the occupation with a high school diploma and relevant industry training and certifications.
Information security analysts may need to have work experience in a related occupation. Many analysts have experience in an information technology department, often as a network and computer systems administrator.
Many employers prefer to hire candidates who have information security certification. Some of these certifications, such as Security+, are for workers at the entry level; others, such as the Certified Information Systems Security Professional (CISSP), are designed for experienced information security workers. Certification in specialized areas, such as systems auditing, also is available.
Information security analysts may advance to become chief security officers or another type of computer and information systems manager. Information security analysts also may advance within the occupation as they gain experience. For example, they may lead a team of other information security analysts or become an expert in a particular area of information security.
Analytical skills. Information security analysts study computer systems and networks and assess risks to determine improvements for security policies and protocols.
Communication skills. Information security analysts must be able to explain information security needs and potential threats to technical and nontechnical audiences within their organizations.
Creative skills. Information security analysts must anticipate information security risks and implement new ways to protect their organizations’ computer systems and networks.
Detail oriented. Because cyberattacks may be difficult to detect, information security analysts must pay careful attention to computer systems and watch for minor changes in performance.
Problem-solving skills. Information security analysts must respond to security alerts and uncover and fix flaws in computer systems and networks.
Median annual wages, May 2021
The median annual wage for information security analysts was $102,600 in May 2021. The median wage is the wage at which half the workers in an occupation earned more than that amount and half earned less. The lowest 10 percent earned less than $61,520, and the highest 10 percent earned more than $165,920.
In May 2021, the median annual wages for information security analysts in the top industries in which they worked were as follows:
| Information | $128,970 |
| Finance and insurance | 104,790 |
| Management of companies and enterprises | 101,350 |
| Computer systems design and related services | 101,170 |
| Administrative and support services | 95,270 |
Most information security analysts work full time, and some work more than 40 hours per week. Information security analysts sometimes have to be on call outside of normal business hours in case of an emergency.
Percent change in employment, projected 2021-31
Employment of information security analysts is projected to grow 35 percent from 2021 to 2031, much faster than the average for all occupations.
About 19,500 openings for information security analysts are projected each year, on average, over the decade. Many of those openings are expected to result from the need to replace workers who transfer to different occupations or exit the labor force, such as to retire.
High demand is expected for information security analysts. Cyberattacks have grown in frequency, and these analysts will be needed to create innovative solutions to prevent hackers from stealing critical information or creating problems for computer networks.
As businesses focus on enhancing cybersecurity, they will need information security analysts to secure new technologies from outside threats or hacks. A shift to remote work and the rise of e-commerce have increased the need for enhanced security, contributing to the projected employment growth of these workers over the decade.
Strong growth in digital health services and telehealth will also increase data security risks for healthcare providers. More of these analysts are likely to be needed to safeguard patients' personal information and data.
| Occupational Title | SOC Code | Employment, 2021 | Projected Employment, 2031 | Change, 2021-31 | Employment by Industry | ||
|---|---|---|---|---|---|---|---|
| Percent | Numeric | ||||||
SOURCE: U.S. Bureau of Labor Statistics, Employment Projections program |
|||||||
Information security analysts |
15-1212 | 163,000 | 219,500 | 35 | 56,500 | Get data | |
For more information about computer careers, visit
Association for Computing Machinery
Computing Research Association
For information about opportunities for women pursuing information technology careers, visit:
National Center for Women & Information Technology