BY Sydney LakeDecember 08, 2022, 2:26 PM
The University of Virginia campus, as seen in October 2022 in Charlottesville, Virginia. (Photo by Daxia Rojas—AFP/Getty Images)
No company nor individual is immune from the growing number of cyber attacks. During the third quarter, which ended September 30, just one type of cyber attack—data breaches—exposed 15 million data records, a 37% increase compared with the previous quarter, according to Statista.
The growing number of data breaches and other cyber attacks is placing mounting pressure on companies to hire more professionals to both prevent and react to these attacks. With more than 700,000 open cybersecurity jobs, even the White House is making a greater push to fill cyber positions and develop a pipeline.
“It’s confirmation that cybersecurity needs to be front-and-center if you’re a large enterprise—especially if you’re a public business where you’ve got a bigger responsibility to protect shareholders,” Jim Dolce, CEO of cybersecurity firm Lookout, told Fortune in a recent interview. “Cybersecurity has become a focal point for every large business. It has become a board-level discussion.”
Among the fastest-growing and most in-demand jobs in the U.S. is the role of information security analyst, according to the U.S. Bureau of Labor Statistics (BLS). Between 2021 and 2031, the number of information security analysts is projected to grow 35%, making it the eighth-fastest-growing occupation in the U.S.
While it may be a more entry-level to mid-career position in cybersecurity, these workers plan and execute security measures at an enterprise level—and get paid for the gravity of their work. The median base pay for information security analysts in 2021 was $102,600, data from the BLS shows.
How to become an information security analyst
Other common titles for an information security analyst include cybersecurity analyst, compliance analyst, and compliance analyst. Essentially, these workers are focused on protecting a company’s hardware, software, and data from outside attacks by cyber criminals.
Cybersecurity workers in security analyst roles typically need a bachelor’s degree in computer science, cybersecurity, or a related field to get a job, but some people enter the industry with a high school diploma and industry-relevant certifications and/or trainings, according to the BLS.
Certifications required to become an information security analyst depend on the speciality and sector that the job is in, Casey Marks, chief qualifications officer at (ISC)², tells Fortune. The Certified Information Systems Security Professional (CISSP) is one of the most popular certifications for these workers; CyberSeek reports that it’s the top-requested certification for cybersecurity or information security analysts. (ISC)² oversees and administers cybersecurity certifications.
“Not only can certifications enable higher salaries for cybersecurity professionals, but they can also help individuals land a job in the first place,” Marks says. “Employers widely recognize certifications like CISSP as it helps validate the candidate’s skill set.”
How to earn even more money as an information security analyst
While many information security analysts either undertake a non-degree route or study the field in undergrad, there are other opportunities to boost cybersecurity salaries. As Marks mentioned, earning a certification can be one way to increase earnings potential.
Cybersecurity workers who have earned at least one certification can see their annual salary increase by more than $33,000, (ISC)²’s 2021 Cybersecurity Workforce Study shows. Earning a certification does require an investment of both time and money, however—and some even require work experience to pursue.
For example, the exam registration for the CISSP certification is $749, and an online, self-paced course to prepare for the exam starts at $941, Marks says. Preparation time will vary by test taker based on their experience levels and background in cybersecurity concepts.
“However, the CISSP certification is an exam you cannot cram for, and many schedule the exam three to eight months in advance to allow for ample prep and study time,” Marks adds. “To even pursue the CISSP certification, individuals need five years of paid work experience in two or more of the eight domains of the CISSP CBK [Common Body of Knowledge].”
Earning a master’s degree in cybersecurity can also be an effective way to increase pay packages. The University of California—Berkeley, which Fortune ranks as having the No. 1 online master’s degree program in cybersecurity, sees grads land $200,000 pay packages. Students from other top cybersecurity master’s programs make between $126,000 and $150,000.
“In terms of salary impact, a master’s degree has been proven to help the earning potential of cybersecurity professionals,” Mike Morris, Western Governors University, College of IT associate dean and director of academic programs in cybersecurity, previously told Fortune. WGU is ranked No. 3 on Fortune’s list of best online cybersecurity master’s programs.
Check out all of Fortune’s rankings of degree programs, and learn more about specific career paths.