role

Cybersecurity Analyst

Source-cited RoleMath page about Cybersecurity Analyst.

Build my personalized career plan

Researched by RoleMath Research. Every figure on this page traces to the official source shown next to it.

What the numbers say about this work

Government occupation data for the role this maps to Information Security Analysts (SOC 15-1212). This is planning context for the occupation, not a salary or a job this role guarantees you.

Median pay (occupation)
$129,180 / yr · $75,090 to $199,850 (10th–90th percentile)
Projected change (2024–34)
+28.5% · ~16k openings/yr
Typical entry education
Bachelor's degree

BLS OEWS — occupation-level, national BLS Employment Projections 2024–34 This role has a high-confidence mapping to the listed O*NET-SOC/BLS occupation.

What it pays by metro

The national median hides a wide geographic spread. Below is the occupation’s median in some of the highest-paying and largest-employment metros, adjusted for local prices — regional price-level context, not take-home pay or a salary this role guarantees you.

MetroNominal medianCost-adjusted
San Jose, CA$176,120$159,496
Raleigh, NC$143,640$146,337
Seattle, WA$161,780$145,573
San Francisco, CA$162,310$140,391
Huntsville, AL$130,330$140,031
Washington, DC$148,950$136,797

See all metros and how this is calculated → Sources: BLS OEWS (May 2025), occupation-level metro median ÷ BEA Regional Price Parities (2024, US=100).

What this work involves

The tasks the U.S. Department of Labor’s O*NET lists most central to this occupation — role-fit evidence to weigh against your background, not a measure of employer demand.

  • Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
  • Monitor current reports of computer viruses to determine when to update virus protection systems.
  • Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
  • Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
  • Modify computer security files to incorporate new software, correct errors, or change individual access status.
  • Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.

O*NET — occupation-level

Skills that matter

The skills O*NET rates most important for this occupation. A starting map for what to build — weigh it against the specific job you’re targeting.

  • Reading Comprehension
  • Critical Thinking
  • Active Listening
  • Speaking
  • Writing
  • Monitoring
  • Active Learning
  • Learning Strategies

O*NET — occupation-level

What employers ask for right now

The skills and certifications employers most often name in a sample of 59public job postings for this role. Treat it as a to-learn list — it’s dated hiring language, not a count of open jobs, demand, or salary.

Most-named skills

  • Cybersecurity 37
  • NIST 22
  • CISSP 21
  • SIEM 19
  • Incident response 15
  • threat intelligence 12
  • FedRAMP 11
  • Python 10
  • AWS 10
  • Azure 10
  • vulnerability management 8
  • Splunk 8

Certifications named

  • Security+ 11
  • CySA+ 6
  • CCNA 4
  • Network+ 1
  • PMP 1

Compare what employers ask across roles → Qualitative employer-language sample only; do not use as official demand, market-size, salary, or certification ROI evidence.

Certification decision support

Certifications mapped to Cybersecurity Analyst

Certifications mapped to this role from cited OEM target-role data and the RoleMath role mapping, ordered by relationship strength and then Difficulty Score. This is planning context — not a guarantee, not an employer requirement, and not a claim that any one certification is best for everyone. Your fit depends on your background; pay/outlook context is occupation-level on the role page.

Start here signalSplunk Certified Cybersecurity Defense Analyst40/100 · Moderate

Core security foundations

13 mapped

Baseline cybersecurity, systems security, and security-fundamentals credentials.

CredentialDifficultyCostRelationshipWhy it appears here
CompTIA Security+CompTIA · foundation
45/100Moderate$439 examstrong signalSecurity+ is a common baseline security credential for entry and early cybersecurity analysis routes.Official source
GIAC Security Essentials (GSEC)GIAC (SANS) · associate
50/100Moderate$999 examstrong signalGIAC Security Essentials (GSEC) maps to Cybersecurity Analyst as a strong role signal based on its cited name keyword:security:general security signal.Official source
55/100Moderate$249 examstrong signalSSCP - Systems Security Certified Practitioner maps to Cybersecurity Analyst as a strong role signal based on its cited name keyword:security:general security signal.Official source
Cybersecurity FundamentalsISACA · foundation
20/100Foundational$120 examfoundationCybersecurity Fundamentals maps to Cybersecurity Analyst as a foundation credential based on its cited name keyword:security:general security signal.Official source
20/100Foundational$250 examfoundationKubernetes and Cloud Native Security Associate (KCSA) maps to Cybersecurity Analyst as a foundation credential based on its cited name keyword:security:general security signal.Official source
20/100Foundational$399 examfoundationGIAC Foundational Cybersecurity Technologies (GFACT) maps to Cybersecurity Analyst as a foundation credential based on its cited name keyword:security:general security signal.Official source
20/100Foundational$499 examfoundationGIAC Information Security Fundamentals (GISF) maps to Cybersecurity Analyst as a foundation credential based on its cited name keyword:security:general security signal.Official source
25/100Foundational$199 examfoundationCC - Certified in Cybersecurity maps to Cybersecurity Analyst as a foundation credential based on its cited name keyword:security:general security signal.Official source

5 later-step or lower-priority mappings are kept in the data payload for review.

Detection and security operations

6 mapped

Credentials for monitoring, alert triage, SIEM workflows, and defensive security operations.

CredentialDifficultyCostRelationshipWhy it appears here
40/100Moderate$130 examstrong signalSplunk Certified Cybersecurity Defense Analyst maps to Cybersecurity Analyst as a strong role signal based on its cited name keyword:security:general security signal.Official source
40/100Moderate$500 examstrong signalRed Hat Certified Specialist in Security: Linux maps to Cybersecurity Analyst as a strong role signal based on its cited name keyword:security:general security signal.Official source
GIAC Python Coder (GPYC)GIAC (SANS) · specialist
40/100ModerateCost not verifiedstrong signalGIAC Python Coder (GPYC) maps to Cybersecurity Analyst as a strong role signal based on its cited cybersecurity keyword:general security signal.Official source
60/100Hard$130 examadvanced adjacentSplunk Certified Cybersecurity Defense Engineer maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
CompTIA CySA+CompTIA · intermediate
75/100Hard$439 examstrong signal after foundationCySA+ should be positioned after Security+ or equivalent knowledge for analyst work.Official source
CompTIA SecurityXCompTIA · advanced
90/100Expert$544 examadvanced adjacentSecurityX is relevant only after substantial security experience.Official source

Network security

5 mapped

Network, firewall, intrusion, and vendor infrastructure security credentials.

CredentialDifficultyCostRelationshipWhy it appears here
Security, Specialist (JNCIS-SEC)Juniper Networks · specialist
40/100Moderate$300 examstrong signalSecurity, Specialist (JNCIS-SEC) maps to Cybersecurity Analyst as a strong role signal based on its cited name keyword:security:general security signal.Official source
Cisco CCNA CybersecurityCisco · associate
50/100Moderate$300 examstrong signal after foundationCisco's cybersecurity associate exam covers security concepts monitoring host analysis network intrusion analysis and security policies.Official source
Security, Professional (JNCIP-SEC)Juniper Networks · professional
60/100Hard$400 examadvanced adjacentSecurity, Professional (JNCIP-SEC) maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
CCNP CybersecurityCisco · professional
75/100Hard$700 examadvanced adjacentCCNP Cybersecurity maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
CCIE SecurityCisco · expert
80/100Expert$2,000 examspecializedCCIE Security maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source

Cloud and platform security

10 mapped

Cloud, Kubernetes, private-cloud, and platform-security credentials.

CredentialDifficultyCostRelationshipWhy it appears here
Security, Associate (JNCIA-SEC)Juniper Networks · associate
40/100Moderate$200 examstrong signalSecurity, Associate (JNCIA-SEC) maps to Cybersecurity Analyst as a strong role signal based on its cited name keyword:security:general security signal.Official source
40/100Moderate$999 examstrong signalGIAC Cloud Security Essentials Certification (GCLD) maps to Cybersecurity Analyst as a strong role signal based on its cited name keyword:security:general security signal.Official source
40/100ModerateCost not verifiedstrong signalMicrosoft Certified: Information Security Administrator Associate maps to Cybersecurity Analyst as a strong role signal based on its cited name keyword:security:general security signal.Official source
60/100Hard$250 examadvanced adjacentVMware Certified Professional - Private Cloud Security Administrator maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
60/100Hard$445 examadvanced adjacentCertified Kubernetes Security Specialist (CKS) maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
60/100HardCost not verifiedadvanced adjacentOracle Cloud Infrastructure Certified Security Professional maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
AWS Certified Security - SpecialtyAmazon Web Services · Specialty
85/100Expert$300 examspecializedAWS Certified Security - Specialty maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
85/100Expert$599 examspecializedCCSP - Certified Cloud Security Professional maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source

2 later-step or lower-priority mappings are kept in the data payload for review.

Offensive security and testing

2 mapped

Ethical hacking, penetration testing, and adversary-emulation credentials; not general first steps.

CredentialDifficultyCostRelationshipWhy it appears here
Certified Ethical Hacker (CEH)EC-Council · intermediate
60/100HardCost not verifiedadvanced adjacentCertified Ethical Hacker (CEH) maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
CompTIA PenTest+CompTIA · intermediate
65/100Hard$439 examadjacent after foundationPenTest+ supports offensive security but should be gated behind stronger security foundations.Official source

Governance, identity, and management

6 mapped

Identity, governance, risk, compliance, and security-management credentials.

CredentialDifficultyCostRelationshipWhy it appears here
GIAC Security Leadership (GSLC)GIAC (SANS) · specialist
45/100Moderate$999 examstrong signalGIAC Security Leadership (GSLC) maps to Cybersecurity Analyst as a strong role signal based on its cited name keyword:security:general security signal.Official source
65/100Hard$459 examadvanced adjacentAAISM - Advanced in AI Security Management maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
80/100Expert$575 examspecializedCISM - Certified Information Security Manager maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
80/100Expert$599 examspecializedISSEP - Information Systems Security Engineering Professional maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
80/100Expert$599 examspecializedISSMP - Information Systems Security Management Professional maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source
80/100Expert$749 examspecializedCISSP - Certified Information Systems Security Professional maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source

Secure software

1 mapped

Secure software lifecycle and application-security credentials adjacent to analyst work.

CredentialDifficultyCostRelationshipWhy it appears here
80/100Expert$599 examspecializedCSSLP - Certified Secure Software Lifecycle Professional maps to Cybersecurity Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source

Difficulty is the RoleMath Difficulty Score, not a pass rate. Certification mappings are planning context, not employer requirements, job guarantees, salary claims, or ROI claims.

Answer blocks

Common Questions

What certifications do I need to become a Cybersecurity Analyst?

Certifications commonly mapped to a Cybersecurity Analyst role, ordered from the lowest-difficulty starting point: Splunk Certified Cybersecurity Defense Analyst; GIAC Cloud Security Essentials Certification (GCLD); GIAC Python Coder (GPYC); Microsoft Certified: Information Security Administrator Associate — with advanced credentials such as Splunk Certified Cybersecurity Defense Engineer, VMware Certified Professional - Private Cloud Security Administrator as later steps.

Entry options, lowest difficulty first: Splunk Certified Cybersecurity Defense Analyst (Splunk; Difficulty Score 40/100, Moderate; exam ~$130); GIAC Cloud Security Essentials Certification (GCLD) (GIAC (SANS); Difficulty Score 40/100, Moderate; exam ~$999); GIAC Python Coder (GPYC) (GIAC (SANS); Difficulty Score 40/100, Moderate; exam fee pending vendor verification); Microsoft Certified: Information Security Administrator Associate (Microsoft; Difficulty Score 40/100, Moderate; exam fee pending vendor verification); Red Hat Certified Specialist in Security: Linux (Red Hat; Difficulty Score 40/100, Moderate; exam fee pending vendor verification). Advanced or later-step credentials: Splunk Certified Cybersecurity Defense Engineer (Splunk; Difficulty Score 60/100, Hard; exam ~$130); VMware Certified Professional - Private Cloud Security Administrator (VMware (Broadcom); Difficulty Score 60/100, Hard; exam ~$250); Certified Ethical Hacker (CEH) (EC-Council; Difficulty Score 60/100, Hard; exam fee pending vendor verification).

Citations: Source rows are visible in the page citation ledger; certification source URLs are linked in the decision table.

Use the RoleMath planner to adapt this sequence to your background, budget, and timeline. RoleMath sells nothing.

What is the easiest certification to start a Cybersecurity Analyst career?

The lowest-difficulty cited certification for starting a Cybersecurity Analyst path is Splunk Certified Cybersecurity Defense Analyst (RoleMath Difficulty Score 40/100, Moderate, exam ~$130). It is a starting signal, not a guarantee of a role.

Entry options, lowest difficulty first: Splunk Certified Cybersecurity Defense Analyst (Splunk; Difficulty Score 40/100, Moderate; exam ~$130); GIAC Cloud Security Essentials Certification (GCLD) (GIAC (SANS); Difficulty Score 40/100, Moderate; exam ~$999); GIAC Python Coder (GPYC) (GIAC (SANS); Difficulty Score 40/100, Moderate; exam fee pending vendor verification).

Citations: Source rows are visible in the page citation ledger; certification source URLs are linked in the decision table.

Use the RoleMath planner to adapt this sequence to your background, budget, and timeline. RoleMath sells nothing.

How much do Cybersecurity Analyst certifications cost and how hard are they?

Cited Cybersecurity Analyst certification exam fees range roughly $125–$999, spanning from Moderate entry options to Expert credentials on the RoleMath Difficulty Score. Pay and outlook are reported at the occupation level on the Cybersecurity Analyst page, never per certification.

Entry options, lowest difficulty first: Splunk Certified Cybersecurity Defense Analyst (Splunk; Difficulty Score 40/100, Moderate; exam ~$130); GIAC Cloud Security Essentials Certification (GCLD) (GIAC (SANS); Difficulty Score 40/100, Moderate; exam ~$999); GIAC Python Coder (GPYC) (GIAC (SANS); Difficulty Score 40/100, Moderate; exam fee pending vendor verification); Microsoft Certified: Information Security Administrator Associate (Microsoft; Difficulty Score 40/100, Moderate; exam fee pending vendor verification).

Citations: Source rows are visible in the page citation ledger; certification source URLs are linked in the decision table.

Use the RoleMath planner to adapt this sequence to your background, budget, and timeline. RoleMath sells nothing.

Cybersecurity Analyst

Quick Verdict

Cybersecurity Analyst maps to the BLS occupation Information Security Analysts (SOC 15-1212), which has a national median of $129,180. Pay is occupation-level and location-driven - not caused by the job title or a certification. Below are the full cited labor-market context, the skills the role draws on, and the certification paths that map to it. This role has a high-confidence mapping to the listed O*NET-SOC/BLS occupation.

Fit Signals

  • Conventional (6.08)
  • Investigative (5.4)
  • Realistic (3.56)

Skills & Tools

*Tools and technologies ONET associates with this occupation* - role-specific examples with ONET hot/in-demand flags, not employer requirements:

  • Amazon Web Services AWS software (hot technology, in demand)
  • Linux (hot technology, in demand)
  • Microsoft Azure software (hot technology, in demand)
  • Microsoft Excel (hot technology, in demand)
  • Microsoft Office software (hot technology, in demand)
  • Microsoft PowerPoint (hot technology, in demand)
  • Microsoft PowerShell (hot technology, in demand)
  • Python (hot technology, in demand)

*Foundational ONET skills** (broadly shared across occupations, not unique to this role): Reading Comprehension, Critical Thinking, Active Listening, Speaking, Writing, Monitoring.

AI & this career

What we can — and can’t — tell you about AI and this role

Cited context only: an occupation-level outlook, descriptive usage data, an employer-language sample, and attributed research — kept separate. No RoleMath AI score, no automation timeline, no job-loss prediction. How we source this →

Occupation outlook · BLS

Where the occupation is projected to go

BLS projects Information security analysts at 28.5% employment change for 2024-2034, with 16 thousand annual openings. U.S. Bureau of Labor Statistics

A forecast, not a guarantee; occupation-level, not about you - and BLS does not model rapid AI adoption, so this is never an AI prediction.

How AI shows up in the work

Descriptive usage, not demand or loss

For this shared SOC, the May 2026 usage sample reports 23.90% augmentation-labeled and 76.10% automation-labeled Claude conversations. Anthropic Anthropic Economic Index dataset, CC-BY.

Across all occupations the same dataset splits 51.4% augmentation / 48.6% automation (May 2026) — shown so a single role’s number is never read as an outlier.

Descriptive Claude usage data, not employment demand, not job loss, and not a personal forecast; CC-BY attribution required.

Employer language · sample

What a posting sample mentions

a sample of 3 postings (as of 2026-06-12) mentions these AI-related terms RoleMath public ATS employer-language pilot

Employer-language sample only; not official demand, market-size, salary, or certification ROI evidence.

Published research · attributed

What independent research says (not RoleMath’s claim)

  • Eloundou et al. estimate that about 80% of U.S. workers have at least 10% of their work tasks exposed to large language model capabilities (Science 2024). American Association for the Advancement of Science exposure = task overlap, not job loss.
  • Eloundou et al. estimate that about 19% of U.S. workers have at least 50% of their work tasks exposed to large language model capabilities (Science 2024). American Association for the Advancement of Science exposure = task overlap, not job loss.
  • Eloundou et al. explicitly disclaim any forecast of AI adoption or timing, describing their measure as capability overlap with tasks rather than a prediction of job loss (Science 2024). American Association for the Advancement of Science exposure = task overlap, not job loss.
  • OECD reports that high-skill occupations are the most exposed to AI on task-overlap measures (OECD Employment Outlook 2023). Organisation for Economic Co-operation and Development exposure = task overlap, not job loss.
  • OECD reports that, as of 2023, there is little empirical evidence of negative employment effects from AI (OECD Employment Outlook 2023). Organisation for Economic Co-operation and Development exposure = task overlap, not job loss.
  • OECD and the AIOE research find that AI exposure and automation risk often run in opposite directions, with the most-exposed high-skill occupations tending to be the least at risk of automation. Organisation for Economic Co-operation and Development exposure = task overlap, not job loss.
  • Felten, Raj and Seamans construct an occupation-level AI Occupational Exposure index by linking AI capabilities to O*NET occupational abilities (Strategic Management Journal). Strategic Management Journal (Wiley) exposure = task overlap, not job loss.
  • Stanford Digital Economy Lab researchers find a roughly 16% relative decline in employment for workers ages 22-25 in the most AI-exposed occupations, based on high-frequency ADP payroll data (Canaries in the Coal Mine, working paper). Stanford Digital Economy Lab correlational usage data, not proof.
  • The ILO notes that AI-exposure indicators measure potential task overlap and cannot by themselves establish job loss (Workers' exposure to AI). International Labour Organization exposure = task overlap, not job loss.
  • The Anthropic Economic Index reports no measured systematic rise in unemployment attributable to AI in its usage data. Anthropic correlational usage data, not proof.

Tier A research stays attributed and separate from BLS outlook and employer-language samples.

Every figure on this page, sourced

The claims above trace to these records — the source, and when it was last checked. If a figure has no row here, we did not publish it.

IDSupportsSourceChecked
SCHEMA-CIT-1Schema citationCybersecurity Analyst BLS OEWS wage sourceLogged in source packet
SCHEMA-CIT-2Schema citationCybersecurity Analyst BLS Employment Projections sourceLogged in source packet
SCHEMA-CIT-3Schema citationCybersecurity Analyst O*NET sourceLogged in source packet

Ready to see how this fits your background?

Get my fit score