What Does A Cyber Security Analyst Do?

Posted February 25, 2020

According to the Bureau of Labor Statistics (BLS), employment of cyber security analysts or information security analysts is projected to grow by 32% through 2028. This is due to the increasing utilization of the internet for the transmission and storage of sensitive data along with the increase in cyber threats worldwide.

A cybersecurity analyst’s main job functions include:

Managing security policies
Monitoring IT systems and networks for breaches or potential threats
Updating IT systems to ensure policy compliance
Educating teams on recent security trends, threats and compliance

The role of the Information Security Analyst is constantly changing and will continue to evolve as cyber threats increase. Currently, banks, governments, financial institutions and healthcare organizations lead the industries utilizing security analysts as they each strive to protect sensitive information, patient data and capital. However, the security analyst role continues to penetrate nearly all industries and organizations as identity theft, data breaches and wire fraud become more prevalent for all businesses.

Managing the security policy

The security analyst is responsible for not only managing the general security policy but may also be required to oversee network, server and application policies. A general security policy may also include sub-policies for:

Acceptable Encryption Policy
Acceptable Use Policy
Clean Desk Policy
Data Breach Response Policy
Disaster Recovery Plan Policy
Digital Signature Acceptance Policy
Email Policy
Ethics Policy
Pandemic Response Planning Policy
Password Construction Guidelines
Password Protection Policy
Security Response Plan Policy
End-User Encryption Key Protection Policy

Policies document specific requirements that must be met by all users of the system. Along with overseeing the creation of the initial policies, the security analyst is also likely involved in the enforcement of the polices. In the case of a network security policy, this might also include:

Acquisition Assessment Policy
Bluetooth Baseline Requirements Policy
Remote Access Policy
Remote Access Tools Policy
Router and Switch Security Policy
Wireless Communication Policy
Wireless Communication Standard

Knowing what policies are necessary and what requirements are needed in each policy is a significant portion of the security analysts’ role along with ensuring the policies remain up-to-date as systems change.

Monitoring IT systems and networks for breaches or potential threats

Whether in a cloud, hybrid or on-premise environment, a critical role of the security analyst is also to monitor the IT systems to identify breaches and real-time threats. When a potential breach or hacking attempt is discovered, the security analysts pulls in the appropriate teams to mitigate any loss or possible damage to system integrity. The analyst will commonly monitor software, hardware, and resource utilization. But unlike a systems analyst or database analyst who monitors for resource planning and performance, the security analyst is monitoring for signs of a potential breach or policy infringement.

Updating IT systems to ensure policy compliance

Policy updates not only help to mitigate risks as threats and systems change over time, but they also are required for policy compliance. Many organizations review policies annually or as needed when there are major changes in a business. Along with knowing what requirements to cover in a policy, a security analyst also helps to identify the appropriate policy review timeframe to ensure compliance.

Educating teams on recent security trends, threats and compliance

Sometimes the greatest threat to IT security is a culture problem more than an IT problem. If the CEO is lackadaisical towards security, a carelessness can easily trickle down throughout the organization. In many businesses, the security analyst is the one who is creating awareness and helping to shift the culture. This can be done through regular communications of recent threats and how they have negatively impacted other similar businesses. Often the best way to get a CEOs attention on a topic is to show how ignoring the topic can create a significant loss for the company. Many businesses have a schedule of regular security briefings where the cybersecurity team can present industry trends and heighten awareness throughout the organization. But often, the communication and education coming out of the security team is less formal and accomplished through timely emails or even a dedicated Slack channel.

The reason the BLS sees significant growth in Information Security over the coming years is quite clear. Security analysts play a critical role in protecting systems and data to ensure compliance, protect users and secure assets. Contact us to find out how a security analyst can help protect your business.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.