Monster.com, one of the leading job listing sites, recently reported that the unemployment rate for cybersecurity analysts is 0%. Yes, zero percent. So, if you want to push your career in that direction, you're making a good decision. However, this begs the question: What does a cybersecurity analyst do? Below, we'll break down what a cybersecurity analyst does and describe some of the tools they use to protect IT systems.
A cybersecurity analyst serves as a guardian of an organization's entire IT system. Most of the time, this involves monitoring threats to the networks, applications, computers, and other endpoints used by the organization.
In some organizations, a cybersecurity analyst is also in charge of supporting the safety of end-users outside the company, such as customers and partners that use the organization's network.
However, in some situations, a cybersecurity analyst may also have to implement and manage physical security measures, particularly when it comes to keeping passwords, authentication devices, and servers secure from thieves, saboteurs, and other hackers.
Installing and managing firewalls
Firewalls filter a network's traffic by examining the data sent to and from it. A major part of a cybersecurity analysts' job involves installing and managing firewalls. This often involves more than just plugging a firewall in at the network's edge. A cybersecurity analyst has to:
- Decide the best places to put firewalls, which may include within the network to prevent the lateral movement of threats
- Choose the settings that best protect the company's and users' data
- Periodically update the configurations of firewalls to suit the evolving threat landscape
- Configure firewalls as gateways for virtual private networks (VPNs)
Installing encryption tools
Encryption is, in many ways, a failsafe measure for sensitive information and communications. Encrypted data can't be read by anyone without the decryption key, so even if it's stolen, it'll be useless to the thief. A cybersecurity analyst uses encryption tools for:
- Encrypting company secrets, such as proprietary information, blueprints, and emails
- Securing communications within a virtual private network (VPN)
- Using secure socket layer (SSL) encryption to secure the company's websites
- Hiding the banking information of customers using the company's online payment system
Mitigating and reporting breaches
Depending on the monitoring tools used in the network's security portfolio, a cybersecurity analyst may receive an alert signaling an imminent breach. So what comes next? At this point, a cybersecurity analyst has to:
- Decide which systems need to be shut down to prevent the attack from spreading
- Choose which resiliency and continuity measures to enact, such as spinning up servers, connecting to backup devices, or migrating employees to different workstations
- Inform the necessary stakeholders within the company about the breach
- Make data-based recommendations to workers and executives regarding a course of action
Identifying and addressing vulnerabilities
A cybersecurity analyst's job is far easier when vulnerabilities are discovered and mitigated before they get exploited by an attacker. Identifying vulnerabilities often involves a few different tactics, such as:
- Conducting penetration testing to see which kinds of attacks can get through and where
- Checking the dependencies of applications for vulnerabilities. Dependencies are what an app uses to provide outputs for the user, such as databases, caches, message queues, or application programming interfaces (APIs)
- Restructuring the flow of data in a system to avoid a vulnerability
- Replacing vulnerable code with secure code
- Adjusting the architecture of the network or applications to eliminate vulnerabilities
Implementing anti-malware solutions
Anti-malware solutions prevent viruses, Trojans, and other malware from penetrating a network. Often a hardware or software solution will come with anti-malware measures. But, as a cybersecurity analyst, you'll have to carefully study each anti-malware solution to ensure it suits your organization's needs.
For example, you may need a malware solution that gets updated regularly with information gathered from global threat intelligence systems. Otherwise, known threats may sneak through and impact your organization's network.
Implementing SIEM tools and other security software
SIEM (Security Information and Event Management) tools can provide several cybersecurity solutions under one umbrella. These include:
- Threat intelligence
- Threat monitoring systems
- Correlating event logs
- Analyzing event logs
- Intrusion detection
Some cybersecurity software includes a more comprehensive list of capabilities, such as the ability to quarantine devices, show device histories, display the locations of various endpoints, and scan for vulnerabilities. A cybersecurity analyst has to decide which tools best protect the organization.
Keeping up-to-date with IT trends
The threat landscape, attack vectors, and defense tools are constantly changing, so cybersecurity analysts need to keep up with the latest methodologies and technologies impacting the industry. This may involve some or all of the following:
- Reading peer-reviewed journals about cybersecurity
- Attending conferences
- Researching the latest malware-based threats on the landscape
- Keeping up-to-date with the latest tools hackers are using to penetrate networks
Educating others about cybersecurity
Educating the rest of the company should be a top priority in your role as a cybersecurity analyst. Even if they never specifically ask, you should be sure they understand what your job entails and how they can support your efforts. By ensuring that everyone in the company has a basic knowledge of cybersecurity, you empower the organization because:
- Employees will better understand how to secure their login credentials
- Everyone in the organization will gain a better appreciation for the value of strong passwords and other cybersecurity practices
- Employees and other stakeholders can be encouraged to keep access devices, including physical keys to server rooms, secure
- All stakeholders will gain a better appreciation of the importance of logging out of sessions and workstations to prevent unauthorized access after they finish work
Education can significantly decrease the severity of many organizations' biggest vulnerability: its people.
The job of a cybersecurity analyst involves finding and implementing the tools and techniques needed to protect any element of an organization's infrastructure that could interface with the internet. In a business world that hinges on connection, this often includes every aspect of a company's IT environment.
Along with the responsibilities listed above, many cybersecurity analysts use programming languages like Python, SQL, and PHP to perform penetration testing, mitigate security breaches, and more. To learn more, check out our article on cybersecurity programming languages.
If you're ready to pursue a career with a 0% unemployment rate, take your first steps into the field with our introduction to cybersecurity course.