Skip to main content

Job: Information security analyst

The Role: To protect computer networks and systems from attack. While the role was once limited to large information technology (IT) companies, its presence has expanded in recent years to companies of all shapes and sizes.

Information security analysts can have many different tasks in an average day – including coding, programming and monitoring information networks – but the primary focus for many is on protecting consumer data.

“Most security analysts are responsible for monitoring the system and preventing cyberattacks,” said Sheri Ladoucier, the program co-ordinator for Seneca College’s Faculty of Continuing Education and Training. “The biggest thing in the industry right now is to protect their customer’s data.”

Ms. Ladoucier adds that IT companies were historically the only ones protecting data, but now, most companies have some valuable digital assets to protect.

Salary: Ranges from $35,000 to $82,000 annually, with a national average of approximately $68,000, according to career resource website Where an employee falls within that range is often determined based on their years of experience in the industry and level of certification, according to Denis Gravelle, the chair of continuing education for Seneca College of Applied Arts and Technology. “Industry-recognized certifications, coupled with your college education, would make you a lot more marketable,” he said.

Education: While practitioners can be self-taught, formal education and certification is becoming more of a requirement for employers as attacks and threats become more sophisticated.

“Most of the experts right now were self-taught, but because they’re now fighting expert coders, they need some expertise,” Ms. Ladoucier said. Mr. Gravelle added: “The attackers are so cunning and they’re coming out with a lot of really leading-edge code that you need more formal education to understand.”

Some of the primary industry-recognized certifications include CISSP and Security+. Certification prep courses are available through colleges and universities countrywide and can be acquired through continuing education programs or optional undergraduate credits.

Those pursuing certification typically have an IT or computer science-related educational background from a postsecondary institution or some relevant work experience.

Job prospects: With more companies handling sensitive information and with threats growing more advanced, the need for information security analysts has never been higher and is only expected to grow. In fact, experts predict a shortage of 1.5 million security positions by 2020, and Canada’s 2018 budget allocated at least $500-million for investment into cybersecurity over the next five years, although that number could reach as high as $1-billion.

Recent high-profile data breaches at major companies, including Equifax, Uber and Target, underscore the increasing need for information security analysts within the technology industry and beyond. “The cybersecurity field is so key to any business now, even a mom-and-pop shop,” Mr. Gravelle said.

Challenges: One of the most significant challenges faced by information security analysts is the ever-changing threat landscape, which requires continuing education in the field. Furthermore, cyberattacks are not limited to the 9-to-5 hours and those working to prevent them are typically expected to be available at all hours of the day. “Attacks can come at any time,” Ms. Ladoucier said. “Depending on your level of seniority, companies will be contacting you frequently.”

Why they do it: With the world becoming more interconnected through digital technology, information security analysts take pride in providing a vital service. Furthermore, as a role that doesn’t necessarily require a physical presence, they often enjoy a high degree of work flexibility and freedom. “It’s a global job, it’s highly transferrable,” Ms. Ladoucier said. “I think it’s also kind of fun, personally.”

Misconceptions: One of the biggest misconceptions about the cybersecurity industry as a whole is that many companies believe an out-of-the-box antivirus or firewall solution can do the same job as a dedicated cybersecurity specialist.

“An anti-virus is being reactive, but you have to be proactive in defending your network,” Mr. Gravelle said. “A lot of the times when they’ve been hit, being reactive can be devastating to companies financially,” Ms. Ladoucier added.

We’ve launched a new weekly Careers newsletter. Sign up today.

Interact with The Globe