Cyber security analysts help to protect an organisation by employing a range of technologies and processes to prevent, detect and manage cyber threats
As a cyber security analyst, you will protect IT infrastructure (including networks, hardware and software) from a range of criminal activity. You will monitor networks and systems, detect security threats ('events'), analyse and assess alarms, and report on threats, intrusion attempts and false alarms, either resolving them or escalating them, depending on the severity.
Broadly, you can work in one of the following areas:
- consulting, offering advisory services to clients
- working to protect the security of the organisation you work for.
Job titles vary and may include information security analyst, security analyst, information security consultant, security operations centre (SOC) analyst and cyber intelligence analyst.
As a cyber security analyst, you'll need to:
- keep up to date with the latest security and technology developments
- research/evaluate emerging cyber security threats and ways to manage them
- plan for disaster recovery and create contingency plans in the event of any security breaches
- monitor for attacks, intrusions and unusual, unauthorised or illegal activity
- test and evaluate security products
- design new security systems or upgrade existing ones
- use advanced analytic tools to determine emerging threat patterns and vulnerabilities
- engage in 'ethical hacking', for example, simulating security breaches
- identify potential weaknesses and implement measures, such as firewalls and encryption
- investigate security alerts and provide incident response
- monitor identity and access management, including monitoring for abuse of permissions by authorised system users
- liaise with stakeholders in relation to cyber security issues and provide future recommendations
- generate reports for both technical and non-technical staff and stakeholders
- maintain an information security risk register and assist with internal and external audits relating to information security
- monitor and respond to 'phishing' emails and 'pharming' activity
- assist with the creation, maintenance and delivery of cyber security awareness training for colleagues
- give advice and guidance to staff on issues such as spam and unwanted or malicious emails.
- Starting salaries for cyber security analysts typically fall between £25,000 and £35,000.
- Experienced and senior cyber security analysts can expect to earn from around £35,000 to in excess of £60,000.
- In higher-level leadership or managerial roles, you may receive salaries up to, and in excess of, £70,000.
Salaries vary depending on a range of factors including your skills, experience and qualifications, your location, the type of employer you work for (e.g. in-house or consultancy) and the sector you work in (e.g. financial services).
You'll usually receive a range of employee benefits that may include a bonus, company pension scheme, private medical insurance, gym membership, and sponsored training and development opportunities.
Income figures are intended as a guide only.
Working hours are typically 35 to 40 hours per week, Monday to Friday. You may need to work outside of 9am until 5pm depending on projects and the specific nature of the work.
Some companies may require you to work on a shift basis, which can include evenings, nights and weekends. You may need to work as part of a 24/7 call-out rota, to allow for quick responses to cyber security incidents.
Job sharing and part-time work are not common. However, some companies offer flexible working arrangements.
Short-term contract work is possible, particularly through recruitment agencies or if you work on a self-employed basis as a consultant.
What to expect
- Work is likely to be office-based and you'll typically be using a computer for extended periods of time. However, if you are a consultant then you may need to travel to meet with clients.
- Self-employment is an option for experienced analysts. You could set up your own cyber security company or work as an independent cyber security consultant. You could also work as a contractor through an agency.
- Some roles will require you to have security clearance, particularly if they're for a government agency or private organisation which handles highly-sensitive information. You may also be restricted in terms of what you can say about your work.
- There are a higher proportion of roles in major cities, with many roles based in the South East of England (including London). In Scotland, many roles are found in Edinburgh and Glasgow. In Wales, roles are typically found in Cardiff, Swansea and Newport. However, as a consultant working for a company you'll have to travel within the UK and possibly internationally. Independent consultants can be based anywhere and travel to meet clients.
- Women and ethnic minority groups are underrepresented in the profession. However, there are organisations which aim to promote greater workforce diversification, such as the Cyber Challenge Foundation. Other examples of initiatives aimed at attracting women into the industry include WISE (Women into Science, Technology, Engineering and Mathematics), WeAreTechWomen and Women in International Security (WIIS).
It's possible to enter the cyber security profession without a degree by starting in an entry-level IT position. You could then work your way up to a cyber security role by gaining experience and industry certifications.
Alternatively, you could undertake an apprenticeship in cyber security, where you combine employment and study to work towards a recognised qualification. Apprenticeships are available at various levels, including degree-level. Tech Partnership Degrees, for example, accredits the Digital and Technology Solutions Degree Apprenticeship, some of which have a cyber security analyst specialism.
Employers recruiting for a graduate position may require, or prefer, a degree in a science, technology, engineering or mathematics (STEM) subject. Exact requirements vary between employers. Relevant degree subjects include:
- cyber/information/network security
- computer science
- computing and information systems
- software/electrical/network engineering
- other IT/security/network-related degrees.
It's also possible to enter the profession with a non-technical/unrelated degree. Some graduate schemes or graduate roles, for example, welcome graduates from any degree discipline.
As you gain experience, your degree subject will be less important, and employers will be more interested in what you've done professionally.
There are also opportunities to move into a cyber security role after gaining experience in a more general IT role.
Although study at Masters level isn't essential, you could choose to undertake further study in a relevant subject area, particularly if your degree is in an unrelated subject. The National Cyber Security Centre - NCSC-certified degrees lists certified Masters degrees in cyber security and closely related fields. Some employers may sponsor you to undertake a relevant Masters course.
You'll need to have:
- a passion for cyber security and a keen interest in IT
- excellent IT skills, including knowledge of computer networks, operating systems, software, hardware and security
- an understanding of the cyber security risks associated with various technologies and ways to manage them
- a good working knowledge of various security technologies such as network and application firewalls, host intrusion prevention and anti-virus
- analytical and problem-solving skills to identify and assess risks, threats, patterns and trends
- teamworking skills in order to collaborate with team members and clients
- verbal communication skills, including presentation skills, with an ability to communicate with a range of technical and non-technical team members and other relevant individuals
- written communication skills, for example to write technical reports
- time-management and organisational skills to manage a variety of tasks and meet deadlines
- the ability to multi-task and prioritise your workload
- excellent attention to detail
- an ability to work under pressure, particularly when dealing with threats and at times of high demand.
You'll usually need relevant pre-entry work experience to get a job. However, there are a number of graduate schemes and internships (at student and graduate level) in cyber and information security which don't require pre-entry experience. Employers will expect you to demonstrate a passion for, and an understanding of, the cyber/information security field.
If it's an option on your course, you could undertake a 12-month industrial placement in a cyber security role. You could also contact an organisation which employs cyber security analysts and ask to undertake a period of work experience or shadowing. However, there may be restrictions on what you're allowed to do and see.
Making connections with those in the industry and attending relevant cyber and information security events could help you to access opportunities, which may not always be advertised.
You can join BCS, The Chartered Institute for IT as a student member for a small fee to access networking opportunities, mentoring and industry information. Other organisations you can join as a student include the Chartered Institute of Information Security.
The Cyber Security Challenge UK, a series of competitions designed to test your cyber security skills, is another source of opportunities including virtual areas designed to support and enhance cyber talents through gamification. This initiative has been set up to try and attract more individuals to this type of work.
Find out more about the different kinds of work experience and internships that are available.
Cyber security professionals are employed by a variety of organisations across both the public and private sector. You may be working on the security of your organisation and/or offering security services or consultancy to other companies.
These are just a few examples of the types of organisations you could work for:
- professional services
- security consultancies
- information technology companies and network providers
- financial services institutions
- transport companies, e.g. airlines
- the media
- schools, colleges and universities.
Look for job vacancies at:
There are also vacancies advertised on more general (non-specialist) job search sites. Keep an eye on LinkedIn and social media pages of potential employers as they may advertise roles this way.
There are graduate scheme opportunities related to cyber and information security. Do your research well in advance so you don't miss out on application windows.
Where no suitable job is advertised, you can make a speculative application to a company using a CV and cover letter. Seek support from your careers service and, ideally, have your application checked before sending it off.
Training often takes place on the job and you may receive mentoring support and advice from more experienced colleagues.
Once you're working in the field, it's important to keep up to date with developments. You may be able to access industry information, events and networking opportunities through, for example:
Some employers, such as those offering graduate training schemes, may fund you to complete an MSc in information/cyber security while you're on the programme.
The NCSC lists bodies which they have certified to assess information assurance professionals. The NCSC Certified Training scheme offers courses delivered by a range of training providers at different levels: an 'awareness' level for those new to cyber security and an 'application' level which is more in-depth.
There are also various industry-related qualifications, such as:
- Systems Security Certified Practitioner (SSCP) - an entry-level, IT certification for those with at least one year of experience.
- Certified Professional (CCP) scheme - the UK government's approved standard of competence for cyber security professionals. The scheme also provides those working in cyber security with a clearly defined career development path. There are different levels you can apply to - practitioner (entry level), senior practitioner and lead practitioner.
- Certified Information System Security Professional (CISSP) - for experienced security practitioners and managers.
For those wanting to develop leadership, management and supervisory capabilities, there are a number of different certifications, such as the Certified Information Security Manager (CISM) certification.
Other relevant courses include Certified Ethical Hacker (CEH), Cloud Security, Cyber Incident, Planning and Response (CIPR) and General Data Protection Regulation (GDPR) awareness.
It's a good idea to look at job adverts for cyber security analyst roles to get a feel for which certifications employers are looking for and to speak to your employer before choosing a certification.
Cyber security is a fast-growing field and cyber security skills are in demand. Career prospects are good for people with the right combination of skills, knowledge and experience.
You'll typically start in an entry-level or junior cyber security role. After building up several years of experience you could progress into roles such as senior cyber security analyst or consultant.
After significant experience in the field, you may be able to progress into higher-level leadership and managerial roles, eventually progressing to become a director or head of cyber security. Achieving relevant certifications is helpful for your development and progression as many employers specify these as role requirements.
There is likely to be more scope for career progression within larger organisations and financial services institutions.
Self-employment is an option, but most people first gain experience in the field. You could set up a cyber security company or work as an independent cyber security consultant.