What it takes to become an information assurance analyst
After spending 13 years working in systems administration and network and desktop support, Simeon Holloway had reached a crossroads in his career.
“I had capped out on the knowledge” required for the positions, Holloway says. “Salary-wise, I was capping out, too. I wanted to move in a different direction — something challenging and that was in high demand.” Cybersecurity was at the top of his list. In 2014, he set out on a self-guided journey toward a new career. Today, Holloway is an information assurance analyst for the Georgia Lottery in Atlanta.
Getting serious about security
While still a senior systems administrator for the Centers for Disease Control, Holloway kicked into overdrive, spending his evenings and weekends researching cybersecurity online. “I watched YouTube videos, joined webinars, things like that,” Holloway says. He spent four months studying for and earning his CompTIA Security+ certification, and attended a five-day Certified Ethical Hacker Bootcamp course that helped him get his CEH certification six months later. “I also built my own virtual lab — taking some of the free cyber tools available online, like BackTrack and Kali Linux, and practiced pen testing,” he adds.
His job search took about year. “I had a lot of interviews and interest; I just didn’t have the experience,” Holloway recalls. In September 2015, the Georgia Lottery took a chance on Holloway and made him its information assurance/cybersecurity analyst. “I had the foundation to fit right in,” he says. “It was more of just learning the organization and the products.”
Victor Janulaitis, CEO of management consulting firm Janco Associates Inc. says that demand for information assurance analysts is fairly high right now “because C-level executives are concerned about the quality of the information that’s being transmitted and the extent of how much information is being made public.” The information assurance analyst is a bridge between other security staff and users, says Janulaitis.
On the job
In general, an information assurance analyst conducts ongoing vulnerability management activities to assess potential treats, coordinates and leads technology staff in identifying and remediating system vulnerabilities, and works with IT to ensure appropriate procedures and processes are in place for detecting and preventing system intrusions, according to the Janco job description report.
The position also requires above-average communication and critical-thinking skills, says Kory Patrick, head of the information security practice at TEKsystems Global Services LLC. “They have to understand the why behind what they’re doing,” he says. “You may also have to wake up someone at 3 a.m. or deliver bad news to management, so those critical thinking and communication skills become especially important.”
The career ladder for the information assurance analyst would probably include a move up to a senior information assurance analyst and then to a project manager or a systems and programming position, Janulaitis says.
Holloway’s next goal is to move into engineering or design, he says, adding that “obtaining a few more certifications would help.”
In the meantime, Holloway continues with his self-guided cybersecurity education. “I continue to do what got me here — [going to] conferences, a lunch-and-learn, networking with other peers, reading online articles, anything related to cyber.” And he earned a GIAC Security Essentials certification from the SANS Institute earlier this year. “It’s still a learning experience,” he says. “In cybersecurity, you don’t know everything.”