Security analysts are the eyes and ears of your organization’s cyber security operations, they are the watchers on the wall. They are responsible for piecing together various indicators and threat intelligence to fully understand the various threats against your organization and how best to respond.

According to the U.S. Bureau of Labor, the median security analyst makes $92,600 per year. Skilled analysts come at a high operational cost, but selecting the wrong person for the job can cost a lot more than that if a data breach occurs, with averages of over $4 million according to a 2016 study published by IBM.

Technical skills are just one attribute required of security analysts, and merely focusing on that single attribute is a mistake. Proficient security analysts are well-rounded professionals that have experience that spans multiple security realms and are adept at problem-solving and working in close collaboration with incident response. This is a profession that is best mastered in practice, not in theory. Which is why education and certifications can only tell you so much about a candidate. It’s necessary to dig deeper to truly understand their cyber security skill set.

What to ask security analyst candidates

When hiring a security analyst, organizations also need to look for traits that aren’t so easily visible on a resume. For example, their education and number of degrees are great conversation starters, however, don’t mean much if the candidate can’t demonstrate experience leveraging them. In essence, real on-the-job experience > education.

A great security analyst is tenacious, detailed-oriented, and knows how to differentiate true security threats from the false positives because they’ve done it many times before.

There are 10 questions to ask about each candidate to determine if they can be a good fit for your security organization or that they just “look good on paper.”

  1. How have they leveraged their education and security certifications, in a real-world setting?
  2. Is this person methodical and detail-oriented?
  3. Are they interested in really digging deep into technical questions and examining tech issues from all possible sides?
  4. Are they also capable of perceiving the big picture and adapting accordingly?
  5. Can this person adapt to change easily?
  6. Has this person demonstrated a penchant for innovation in previous endeavors?
  7. Could this person work well with others on our team? Collaboration is key to successfully thwarting and responding to attacks.
  8. Is this person willing to put in the ongoing effort necessary for staying up to date on new technology and threats?
  9. Is this person willing to take initiative and assume new responsibilities, or are they content to wait for jobs to come to them?
  10. Can this individual communicate technical concepts effectively to stakeholders who are less tech savvy?

If you’re able to answer “yes” more often than “no” for each question, then you likely have a candidate capable of playing an integral role in your security team.