Cyber Security Analyst
Job description:
Cybersecurity analysts are responsible for conducting risk assessments in support of technology initiatives to help identify IT-related cybersecurity risks and determine appropriate controls to mitigate them. Cybersecurity analysts support the analysis, classification, and response to cybersecurity risks within an organization.
Minimum Educational Qualifications:
A bachelor’s degree, usually in computer science, computer systems engineering, software engineering or mathematics or completion of a college program in computer science is usually required. A master’s or doctoral degree in a related discipline may be required.
Experience:
3-4 Years
Career Progression:
Cyber security analysts typically start either as a software developer, IT support, or desktop support technician, progressing towards becoming a cybersecurity technician/specialist, and then an analyst. The analyst can further specialize to become penetration and vulnerability tester or ethical hacker, and progress to mid and senior-level roles as cybersecurity manager/administrator and Chief Information Security Officer.
About the Assessment Tool:
The platform measures skills that are organized around 6 general areas of competence: Business Analysis and Management, Design and Architecture, Development and Implementation, Testing and Quality Assurance, Security and Standards, and Administration and Support. Not all sections within these competencies are relevant to the chosen occupation as there are several common – and some unique – competencies for each of the 5 occupations.
The user is asked to select their proficiency level as it relates to the stated competency. There are three proficiency levels to choose from: Levels 1, 2, and 3.
Level 1: Basic Level
The individual has some knowledge and experience to carry out standard, routine tasks under supervision. They can follow instructions, complete assigned tasks, manage their work, and assist other colleagues.
Level 2: Intermediate Level
The individual has the knowledge and experience to carry out both standard and non-standard tasks with minimal supervision. They can plan activities, make key decisions and work independently.
Level 3: Advanced Level
The individual has the knowledge and experience to carry out complex tasks confidently and consistently without any supervision. They apply specialized knowledge to design and implement strategies and provide guidance and supervision on the activity to others.
These levels are related to job proficiency and do not describe learning levels that are usually associated with training programs or the levels indicated in specific IT certificates or certifications. In addition, these levels do not link to organizational hierarchical levels that define competency levels based on responsibilities and accountabilities.
The results also show the criticality ratings for each competency. This describes the relative value or importance of each competency as identified by employers, HR professionals, and subject matter experts. Typically, the size of the organization, business or industry type, the specific skill and demand gap, etc. may influence the value/importance of each competency identified. The criticality rating may be based on the need and requirement for the specific job in question. Not Applicable means that a particular competency is not currently necessary for an individual to perform their job effectively. Desirable means that a particular competency would be beneficial, but not essential, for an individual to perform their job effectively. Essential means that a particular competency is necessary for an individual to perform their job effectively.
The following table outlines the recommended proficiency levels across the six competency areas based on primary and secondary research and the criticality ratings for each competency.
| Competency Area 1: Business Analysis and Management | Recommended Proficiency | Criticality Rating |
| 1.1 BUSINESS ENVIRONMENT ANALYSIS | — | |
| 1.2 BUSINESS NEEDS ANALYSIS | Level 1 | |
| 1.3 DATA ANALYTICS | Level 1 | |
| 1.4 EMERGING TECHNOLOGY SYNTHESIS | Level 2 |
| Competency Area 2: Design and Architecture | Recommended Proficiency | Criticality Rating | ||||
| 2.1 DATA DESIGN | — | |||||
| 2.2 SOFTWARE DESIGN | Level 1 | |||||
| 2.3 SOLUTION ARCHITECTURE | — | |||||
| 2.4 SYSTEM INTEGRATION | Level 2 | |||||
| 2.5 USER EXPERIENCE DESIGN | — | |||||
| 2.6 USER INTERFACE DESIGN | — | |||||
| Competency Area 3: Development and Implementation | Recommended Proficiency | Criticality Rating | ||||
| 3.1 APPLICATIONS DEVELOPMENT | Level 1 | |||||
| 3.2 APPLICATION INTEGRATION | Level 1 | |||||
| 3.3 CLOUD COMPUTING | Level 2 | |||||
| 3.4 SOFTWARE CONFIGURATION | — | |||||
| 3.5 DATA ENGINEERING | — | |||||
| 3.6 DATA VISUALIZATION | — | |||||
| Competency Area 4: Testing and Quality Assurance | Recommended Proficiency | Criticality Rating | ||||
| 4.1 SOFTWARE TESTING | — | |||||
| 4.2 TEST PLANNING | — | |||||
| 4.3 USABILITY TESTING | — | |||||
| Competency Area 5: Security and Standards | Recommended Proficiency | Criticality Rating | ||||
| 5.1 DATA ETHICS | — | |||||
| 5.2 AUDIT AND COMPLIANCE | Level 2 | |||||
| 5.3 CYBER AND DATA BREACH INCIDENT MANAGEMENT | Level 2 | |||||
| 5.4 CYBER FORENSICS | Level 2 | |||||
| 5.5 CYBER RISK MANAGEMENT | Level 2 | |||||
| 5.6 QUALITY STANDARDS | Level 2 | |||||
| 5.7 SECURITY ADMINISTRATION | Level 2 | |||||
| 5.8 SECURITY GUIDANCE | Level 2 | |||||
| 5.9 SECURITY GOVERNANCE | Level 2 | |||||
| Competency Area 6: Administration and Support | Recommended Proficiency | Criticality Rating | ||||
| 6.1 APPLICATIONS SUPPORT | — | |||||
| 6.2 DATABASE ADMINISTRATION | — | |||||
| 6.3 INFRASTRUCTURE SUPPORT | — | |||||
| 6.4 NETWORK ADMINISTRATION | Level 1 | |||||
| 6.5 PERFORMANCE MANAGEMENT | — | |||||
| 6.6 PROBLEM MANAGEMENT | — | |||||
| 6.7 USER SERVICE SUPPORT | — | |||||
Cyber Security Analyst Resources
Regulation and Certifications:
This occupation is not regulated in Canada. The following are some of the certifications and/or certificate programs that may be useful for this occupation:
CompTIA security+ Certification
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH) Certification
Certified Information Systems Auditor (CISA)
Certified Information Systems Manager (CISM)
Popular Courses and Learning Streams
The following is a curated collection of available resources that may be useful for this occupation:
“Cybersecurity Specialization”, Cousera and the University of Maryland
“Learn Ethical Hacking From Scratch”, Udemy
“Introduction to Cyber Security”, FutureLearn
“Cybersecurity Foundations”, Cybrary
“Cyber Security Accelerator”, NexGenT/NGT Academy
Locally Available Certificates, Diplomas, and Degrees
The following is a list of certificates, diplomas, and degrees available from Nova Scotia universities and colleges that may be useful/necessary for this occupation:
Certificates:
Cyber Security Program, Skills for Hire Atlantic
Cyber Security Program, Certstaffix Training
Communication Technologies and Cyber Security Certification, Dalhousie University
Diplomas:
Cyber Security Diploma, Nova Scotia Community College
Undergraduate Programs:
Bachelor of Computer Science, Dalhousie University
Bachelor of Applied Computer Science, Dalhousie University
Bachelor of Science/Arts with Major in Computer Science, St Francis Xavier University
Bachelor of Computer Science, Acadia University
Bachelor of Science with Major in Computer Science, Mount Saint Vincent University
Graduate Programs:
Master of Computer Science, Dalhousie University
Master of Applied Computer Science, Dalhousie University
Master of Applied Computer Science, St Francis Xavier University