The Security Analyst: An expert in the guise of a novice

top cybersecurity companies

The requirements of a beginner in cyber security are currently more in line with those of an advanced user. Analyst Allie Mellen, Forrester Research, provides an overview of the role profile of security analysts in a guest article.

This month, Forrester Research is pleased to announce a new study, Role Profile: Security Analyst. I often say that security analysts have the worst job in the world, and for good reason: the hours are long, a simple mistake can impact the entire organization, and it takes a wealth of knowledge to succeed.

Despite these factors, security analyst is considered an entry-level position by most security teams. This sometimes makes it difficult for security leaders to find and retain talent, especially when compared to security vendors, who often pay more, offer better service, and have better advancement opportunities.

The skills required for success are one of the main barriers to entering this industry. Respondents clearly stated that working 8am to 5pm is not enough to be successful as a security analyst. And while it’s an entry-level position, our research found that the average security analyst job description includes:

One to three years of cybersecurity experience: fewer years of college degree experience required, more years of non-college degree experience required.

A bachelor’s degree is preferred, although a high school degree with a few years of experience or certifications is also considered.

Preferred certifications in one or more of the following areas: Certified Ethical Hacker (CEH), CompTIA CySA+, GIAC Certified Incident Handler.

Familiarity with technical topics including a programming or scripting language, firewalls, proxies, security information and event management, antivirus, intrusion protection systems/intrusion detection systems concepts, technical knowledge of networks, operating systems, enterprise integrations, WAN/LAN concepts, ethical Hacking tools and TCP/IP protocols.

The bottom line is that the requirements for a novice in cybersecurity are currently more in line with those of an intermediate position. We hear time and again how difficult it is to find and hire security analysts, but the hiring requirements require experiences that most potential candidates simply don’t have.

This study gives security professionals clues as to what to look for in qualified applicants, going beyond – and often beyond – traditional qualifications such as degrees, certifications, and previous experience. Security leaders should highlight core and unique skills in job descriptions, such as: e.g.:

Previous experience in related areas such as IT, infrastructure, networks or managing and deploying IT tools.

Previous experiences in stressful situations, e.g. B. as a paramedic, firefighter, in the armed forces or in other functions.

Previous customer support experience.

It’s important to remember that half of the job description is designed to entice the candidate to apply to the company. Many job descriptions do not state exactly what the applicant can expect from the position. To avoid this pitfall, include development opportunities directly in the job description to show applicants what they will get from working with your team. Security leaders should highlight valuable investments in their team in job descriptions, such as: e.g.:

A training grant toward CompTIA, SANS, GIAC, or equivalent training certification.

Percentage of time in the function spent on expanding skills across teams: Governance, Risk and Compliance, Incident Response, Threat Hunters, Pentesters, etc.

Leave a Reply

Your email address will not be published.