Skip to main content

Job: Information security analyst

The Role: To protect computer networks and systems from attack. While the role was once limited to large information technology (IT) companies, its presence has expanded in recent years to companies of all shapes and sizes.

Information security analysts can have many different tasks in an average day – including coding, programming and monitoring information networks – but the primary focus for many is on protecting consumer data.

Story continues below advertisement

“Most security analysts are responsible for monitoring the system and preventing cyberattacks,” said Sheri Ladoucier, the program co-ordinator for Seneca College’s Faculty of Continuing Education and Training. “The biggest thing in the industry right now is to protect their customer’s data.”

Ms. Ladoucier adds that IT companies were historically the only ones protecting data, but now, most companies have some valuable digital assets to protect.

Salary: Ranges from $35,000 to $82,000 annually, with a national average of approximately $68,000, according to career resource website Glassdoor.ca. Where an employee falls within that range is often determined based on their years of experience in the industry and level of certification, according to Denis Gravelle, the chair of continuing education for Seneca College of Applied Arts and Technology. “Industry-recognized certifications, coupled with your college education, would make you a lot more marketable,” he said.

Education: While practitioners can be self-taught, formal education and certification is becoming more of a requirement for employers as attacks and threats become more sophisticated.

“Most of the experts right now were self-taught, but because they’re now fighting expert coders, they need some expertise,” Ms. Ladoucier said. Mr. Gravelle added: “The attackers are so cunning and they’re coming out with a lot of really leading-edge code that you need more formal education to understand.”

Some of the primary industry-recognized certifications include CISSP and Security+. Certification prep courses are available through colleges and universities countrywide and can be acquired through continuing education programs or optional undergraduate credits.

Those pursuing certification typically have an IT or computer science-related educational background from a postsecondary institution or some relevant work experience.

Story continues below advertisement

Job prospects: With more companies handling sensitive information and with threats growing more advanced, the need for information security analysts has never been higher and is only expected to grow. In fact, experts predict a shortage of 1.5 million security positions by 2020, and Canada’s 2018 budget allocated at least $500-million for investment into cybersecurity over the next five years, although that number could reach as high as $1-billion.

Recent high-profile data breaches at major companies, including Equifax, Uber and Target, underscore the increasing need for information security analysts within the technology industry and beyond. “The cybersecurity field is so key to any business now, even a mom-and-pop shop,” Mr. Gravelle said.

Challenges: One of the most significant challenges faced by information security analysts is the ever-changing threat landscape, which requires continuing education in the field. Furthermore, cyberattacks are not limited to the 9-to-5 hours and those working to prevent them are typically expected to be available at all hours of the day. “Attacks can come at any time,” Ms. Ladoucier said. “Depending on your level of seniority, companies will be contacting you frequently.”

Why they do it: With the world becoming more interconnected through digital technology, information security analysts take pride in providing a vital service. Furthermore, as a role that doesn’t necessarily require a physical presence, they often enjoy a high degree of work flexibility and freedom. “It’s a global job, it’s highly transferrable,” Ms. Ladoucier said. “I think it’s also kind of fun, personally.”

Misconceptions: One of the biggest misconceptions about the cybersecurity industry as a whole is that many companies believe an out-of-the-box antivirus or firewall solution can do the same job as a dedicated cybersecurity specialist.

“An anti-virus is being reactive, but you have to be proactive in defending your network,” Mr. Gravelle said. “A lot of the times when they’ve been hit, being reactive can be devastating to companies financially,” Ms. Ladoucier added.

Story continues below advertisement

We’ve launched a new weekly Careers newsletter. Sign up today.

Report an error Editorial code of conduct
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter