InfoSec Institute has been training Information Security and IT professionals since 1998, and over 50,000 have trusted them for their professional development. This company defines cyber threat analysis as “a process in which the knowledge of internal and external information vulnerabilities pertinent to a particular organization is matched against real-world cyber attacks”. In this endeavor, it must be determined if the current defenses are solid enough to neutralize information threats in terms of availability, confidentiality and integrity. The analyst’s role is to ascertain what security measures need to be retained and which ones need to be removed as ineffective. The competent security analyst utilizes technical data to identify specific threat actors, promptly implements mitigation measures, and anticipates the emergence of similar cyber attacks in the future.
This ability to process large amounts of data and think critically is an invaluable skill for practicing cyber intelligence. Also, technical writing skills are necessary since analysts need to create security reports that will communicated to superiors within the organization. As important as the written skills is the ability to communicate effectively. For those not comfortable with public speaking, it is advisable to seek opportunities to bolster your speaking competency. Strong presentation skills are paramount, as you will be expected to brief others on your findings and recommendations.
Most job postings require experience in the field of threat analysis or cybersecurity, however there are entry-level positions available. For example, the National Security Agency Information Assurance organization hires with no experience into their Entry/Development program seeking Information Assurance/Security Professionals. Applicants with a Bachelor’s degree or an Associate’s degree plus 2 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.
Degree must be in Computer Science or a related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Mathematics, Computer Forensics, Cyber Security, Information Technology, Information Assurance, Information Security, and Information Systems). As with all governmental law enforcement agencies: U.S. Citizenship is mandatory.
A valuable source of job listings is available on the glassdoor.com website. As of October 2016, there are 2,661 jobs posted under the title of Cyber Threat Analyst with a diverse selection of companies seeking people with these qualifications. Here is a sampling of companies and the degree requirement:
- Raytheon: Bachelor’s in Computer Science, Computer Engineering, Information Technology or equivalent education/experience
- Intel: BA or BS degree in Computer Science, Security Studies, Intelligence Studies, Cyber Security, Information Management or related field
- Target: BA or BS degree in Computer Science, Information Systems, Cyber Security or related field
- First Fidelity: Bachelor degree in IT or related discipline
- General Dynamics: BS/MS or equivalent experience required
The list could on and on, but the educational requirements do favor computer science. Also, all of these positions do require experience that varies per posting. This sampling is meant to demonstrate the preferred degree for many cyber threat analyst jobs.
It is emphasized, within the threat analyst profession, that certifications are as career-enhancing as your education. One important certification is the Certified Information Systems Security Professional (CISSP) designation. Candidates seeking CISSP certification must have a minimum of five full years of experience in information security. It is the credential for Information Technology professionals who develop policies and procedures in information security. Another requiring less experience (minimum 1 year) is the Systems Security Certified Practitioner (SSCP). This training course is designed for those employed as: Network Security Engineers, Systems Engineers, Security Analyst, or Database Administrator. Both courses can be taken online; for more information, check the National Initiative for Cybersecurity Careers and Studies (NICCS) site.