This month, we are thrilled to announce new research: Role Profile: Security Analyst. This research is both a necessary document as well as a labor of love. I often say that security analysts have the worst job in the world, and for good reason: The hours are long, a simple mistake can have ramifications across the organization, and there is a wealth of tribal knowledge needed to succeed.
Despite these factors, the security analyst is viewed as an entry-level role for most security teams. This, in part, makes it difficult for security leaders to find and retain talent — especially over security vendors that can often afford to pay more, provide better benefits, and offer better opportunities for advancement.
The skill required to succeed is one of the main barriers to entry in this industry. Interviewees unequivocally stated that to succeed as a security analyst, working 8 a.m. to 5 p.m. was not enough. And despite being an entry-level role, our research showed that the average security analyst job description listed:
One to three years of experience within cybersecurity: fewer years of experience required with a college degree, more years of experience with no college degree.
Preferred bachelor’s degree, with consideration of high school