Information Security Analyst: What They Do and How to Become One

Written by Coursera Staff • Updated on

Information security analysts protect data from cyber threats. To become one, you’ll need key cybersecurity skills, a relevant degree, or certifications.

[Featured image] An information security analyst wearing black headphones and a patterned tank top works at a monitor with a printer to their right and colleagues in the background.

Security breaches can expose sensitive data such as credit card information, passwords, and social security numbers. Organizations hire information security analysts to protect this data from cyber threats, that can evolve into hacks and breaches. In this article, you'll learn more about this career path, including what InfoSec analysts do, how much they earn, and how to become one.

Ready to prepare for your first information security analyst position? Take the next step in your career with EC-Council's Information Security Analyst Professional Certificate program. In as little as four months, you can gain in-demand skills like risk analysis, cloud security, and cryptography through hands-on lessons with industry standard tools.

What is an information security analyst?

An information security analyst is a professional in the cybersecurity field who specializes in securing data within an organization's computer networks, systems, and databases. They play a crucial role in designing and implementing security policies designed to mitigate cybersecurity risks.

What do information security analysts do?

An information security analyst job description is likely to include:

  • Detecting, monitoring, and mediating various aspects of security—including physical security, software security, data security, and network security

  • Performing compliance control testing

  • Developing recommendations and training programs to minimize security risk and build security awareness in the company

  • Staying current with evolving threats in cybersecurity space by communicating with external sources

  • Collaborating with other teams and management within a company to implement best computer security procedures

InfoSec analysts are needed in companies that keep sensitive data and information. This can include almost any field—including business, governance, technology, finance, energy, and many more.

Information security analyst salary and job outlook

InfoSec analysts received a median salary of $124,910 according to the Bureau of Labor Statistics (BLS). The hourly equivalent is about $60.05 per hour [1]. Job prospects in the information security field are expected to grow rapidly in the next decade. The BLS estimates that information security analyst positions will grow by 33 percent from 2023 to 2033. That’s much faster than the average for all occupations.

Information security vs. cybersecurity

Information security is often confused with cybersecurity—which is understandable, because there is significant overlap, and many use the two interchangeably. Cybersecurity, however, refers more broadly to preventing cyberattacks that come from unauthorized electronic sources.

Information security focuses specifically on protecting the data and information of an organization, employees, or users, which can exist in both physical and electronic form. Information security also means making sure data is accessible to those who are authorized to use it.

How to become an information security analyst

Ultimately, you’ll need to gain the following skills:

  • IT security basics: This includes knowledge of firewalls, routers, operating systems, and other security infrastructure, as well as an understanding of risk management frameworks. Some information security jobs might ask for ethical hacking or penetration testing experience.

  • Familiarity with privacy laws: InfoSec analyst positions can call for a familiarity with data privacy laws in your region. Working in specific sectors, like health care or finance, might also call for an understanding of those sector’s privacy laws and security standards.

  • Communication and teamwork: Knowing where and how security threats happen, and responding to them once they do, means you’ll be communicating frequently about security measures with your team and other stakeholders. 

You can build out these skills through the following means:

IT certifications: Earning a cybersecurity certification can give you a solid knowledge base in security issues, while also giving you the credentials to show employers your competency. Certifications in security or networks are a good place to start.

Degrees: InfoSec analyst positions typically call for at least a bachelor’s degree. According to Zippia, 62 percent of information security analysts have a bachelor's degree, and 20 percent have an associate degree [2]. Majoring in computer science or computer engineering can set you up to be a competitive job candidate for information security jobs upon graduation.

Don’t have a computer science degree? 

If you don’t have a bachelor’s degree in a computer-related field, make sure you have relevant skills and look for entry-level positions that don’t call for specific degrees. You can work your way up to being an analyst from there. With a few years of experience under your belt, hiring managers may waive degree requirements. Getting an entry-level IT certification may also give you the experience needed.

Learn more: 10 Popular Cybersecurity Certifications

Take the next step toward an InfoSec analyst position with Coursera

Gain the skills you need to succeed in an entry-level InfoSec analyst role with EC-Council's Information Security Analyst Professional Certificate program. In as little as four months, you'll learn to conduct forensic investigations, analyze digital evidence, and protect against cyber threats. By the end, you'll have earned a certificate for your resume and LinkedIn profile.

Looking to transition into security from your current IT role? Consider earning a certificate from the International Information System Security Certification Consortium (ISC2). In as little as one month, you can complete the Certified in Cybersecurity Specialization to master key skills like risk management and incident response.

Article sources

1

US Bureau of Labor Statistics. "Information Security Analysts, https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm." Accessed August 6, 2025.

Updated on
Written by:

Editorial Team

Coursera’s editorial team is comprised of highly experienced professional editors, writers, and fact...

This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.