So, you’re thinking about a career as an information security analyst.

Well, that’s awesome!

You are in good company. According to the Bureau of Labor Statistics, the information security analyst workforce is currently made up of 100,000 people in the United States.

And don’t worry, there is plenty of room for you to find a steady job. According to the Bureau of Labor Statistics, over 28,500 new information security analyst jobs are expected in the next few years.

Let us cover the initial steps on this exciting career path together so you can get a better understanding of what you’re getting into.

We are talking here about your career for possibly the next 10 years, at the very least, and even the rest of your life. That is exciting and nerve-racking at the same time.

Let’s get to it then.

How do you become an information security analyst?

Most information security analyst positions require a bachelor’s degree in a computer-related field. Employers usually prefer analysts to have experience in a related occupation.

For more information, read How to Become an Information Security Analyst.

What type of schooling does an information security analyst need?

Information security analysts usually need at least a bachelor’s degree in computer science, information assurance, programming, or a related field.

Some employers prefer applicants who have a Master of Business Administration (MBA) in information systems. Programs offering the MBA in information systems generally require 2 years of study beyond the undergraduate level and include both business and computer-related courses.

Is there any work experience required to become an information security analyst?

Information security analysts generally need to have previous experience in a related occupation. Many analysts have experience in an information technology department, often as a network or computer systems administrator. Some employers look for people who have already worked in fields related to the one in which they are hiring. For example, if the job opening is in database security, they may look for a database administrator. If they are hiring in systems security, a computer systems analyst may be an ideal candidate.

What are the types of certifications and requirements needed to become an information security analyst?

There are a number of information security certifications available, and many employers prefer candidates to have certification, which validates the knowledge and best practices required from information security analysts. Some are general information security certificates, such as the Certified Information Systems Security Professional (CISSP), while others have a more narrow focus, such as penetration testing or systems auditing.

How long does it take to become an information security analyst?


  • Bachelor’s degree (compulsory) – 4 years
  • Master’s degree (optional) – 2 years

Work Experience – To qualify for the CISSP, you must have a minimum of five years of cumulative work experience in two or more of the eight specified domains (see categories below).

How much does it cost to become an information security analyst?

According to, the median tuition fees are:

  • In-state public tuition – $6,563
  • Out-of-state private tuition – $28,900

The CISSP Test fee is $699. Rescheduling the test costs $50 and canceling costs $100.

Recertification is required every three years and is accomplished through earning Continuing Professional Education credits and paying an Annual Maintenance Fee of $85.

What is the CISSP Test?

Certified Information Systems Security Professional (CISSP) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)². It is the most widely recognized global certification in the field of information security.

Earning the CISSP proves you have what it takes to effectively design, implement, and manage a best-in-class cybersecurity program. With a CISSP, you validate your expertise and become an (ISC)² member, unlocking a broad array of exclusive resources, educational tools, and peer-to-peer networking opportunities.

How many questions are on the CISSP Test?

The CISSP CAT (or adaptive) test has between 100 and 150 multiple choice and advanced innovative questions. The CISSP Non-English linear test has 250 questions.

What are the Categories on the CISSP Test?

The CISSP Test covers 8 domain areas. These are:

  • Software development security – 10%
  • Security and risk management – 15%
  • Asset security – 10%
  • Security architecture and engineering – 13%
  • Communication and network security – 14%
  • Identity and access management (IAM) – 13%
  • Security assessment and testing – 12%
  • Security operations – 13%

How long does the CISSP Test typically last?

Candidates get a maximum of 3 hours to complete the adaptive test. The time for the non-English linear test is 6 hours.

What is the passing grade needed for the CISSP Test?

Candidates need a score of 700 out of a maximum of 1000 to pass the test.

How many times can you take the CISSP Test?

If you fail to pass the test on your first attempt, you will have to wait 30 days before you can re-take it. If you do not pass a second time, you will have a 90-day waiting period before you can take the test again. Failing a third time requires a 180-day waiting period. You cannot attempt this exam more than three times in a calendar year.