According to the U.S. Bureau of Labor Statistics, demand for security analysts is expected to grow by more than 30% over the next decade, far outpacing the average for other roles.
That’s good news for those entering or advancing in the field. But with heavy workloads and constant pressure to keep up with evolving threats, professional development can easily fall by the wayside.
So how can security analysts stand out to hiring managers — and make sure their career path stays on track?
Insights from IDC white paper Voice of Security 2025, sponsored by Tines and AWS, offer some answers. The research reveals the top skills security leaders value most when evaluating analyst success.
The global study surveyed 915 senior security leaders across the U.S., Europe, and Australia on a range of topics - including the role of automation and AI in security strategy, the biggest challenges facing teams today, and what they look for when hiring analysts.
In this post, we’ll break down the key skills analysts need to stand out to hiring managers - and speak confidently to security leaders’ priorities when applying for jobs, interviewing, or planning their next career move.
About the data
Surveyed security leaders were asked the question: "What are the top five skills you feel will be the most important to succeed as a security analyst?” Participants were shown a list of 10 skills, and prompted to select their top five choices and rank them from 1 to 5 (with 1 being the most important).
Based on the responses gathered, the top seven skills hiring managers are looking for in security analysts are:
Keeping up to date on threat actors' TTPs
Threat hunting techniques
Advanced query language techniques and malware analysis techniques (tied)
Obtaining high-level training and certifications
Learning to code
Computer forensics techniques
Other skills listed were operationalizing Mitre ATT&CK, SOAR integration, and learning penetration testing.
Next, we’ll explore why these seven stand out — and how analysts can sharpen each of them.
The top 7 skills security analysts need for career advancement
1. Keeping up to date on threat actors' TTPs
The tactics, techniques, and procedures (TTPs) cybercriminals use to attack companies are continuously evolving. By keeping up with changing TTPs, security analysts can better anticipate potential attacks, preemptively search for potential issues based on TTP patterns, put stronger preventative security measures in place, and respond more nimbly and efficiently when attacks do occur to minimize the effects.
Building the skill
Analysts can stay sharp by following trusted industry news sources, subscribing to threat intel newsletters, joining professional communities, and attending leading security conferences.
2. Threat hunting techniques
Effective threat hunting requires analysts to spot subtle anomalies, develop strong hypotheses, and investigate threats before they escalate. As environments grow more complex and attacks become more sophisticated, sharp threat hunting skills help analysts zero in on the most relevant signals, filter out noise, and act with confidence. The ability to proactively search for threats - rather than simply reacting to alerts - is seen as a differentiator for analysts looking to grow in their careers.
Building the skill
Growing automation skills is a powerful way for analysts to strengthen their threat hunting techniques. By incorporating threat intelligence automation into their workflows, they can more efficiently flag suspicious activity, identify indicators of compromise, and open cases for investigation with greater speed and context. Tines offers free certification programs and bootcamps that helps security analysts experiment and grow these skills.
3. Advanced query language techniques (tied)
Query languages are essential for working with data across multiple sources — supporting threat intelligence, detection, vulnerability management, and incident response. Mastering advanced techniques enables analysts to extract deeper insights faster and handle complex queries with confidence.
Building the skill
Several online platforms offer targeted training in query languages. For example, Blu Raven provides a course on Kusto Query Language (KQL), commonly used in Microsoft Sentinel, Defender for Endpoint, and Microsoft 365 Defender XDR. Other platforms offer courses tailored to Elastic’s Lucene and more, allowing analysts to choose based on their tech stack.
4. Malware analysis techniques (tied)
Strong malware analysis skills help analysts detect, classify, and understand malicious software — including how it works, its potential impact, and the vulnerabilities it exploits. These skills also support post-incident investigations by helping analysts determine the damage caused, assess the sophistication of the attack, and trace potential threat actors. Ultimately, malware analysis enables teams to respond more effectively and put stronger defenses in place.
Building the skill
Online learning platforms like Udemy and Coursera offer foundational malware analysis courses. For more advanced or hands-on training, organizations like SANS Institute and GIAC Certifications provide specialized programs for practitioners at all levels.
5. Obtaining high-level training and certifications
Certifications remain a valuable way to signal expertise and open up new career opportunities. According to the National Initiative for Cybersecurity Careers and Studies (NICCS), they play an important role in career advancement. However, survey results suggest that hiring managers place even greater value on hands-on experience, seeing certifications as most impactful when paired with practical skills.
Building the skill
NICCS maintains a comprehensive directory of widely recognized cybersecurity certifications, covering a range of roles and skill levels to help analysts advance their careers.
6. Learning to code
Coding isn’t always required for security analysts, but it can be a strong differentiator, especially for those pursuing more technical or specialized roles. It supports advanced tasks like malware analysis, reverse engineering, and developing custom tools, making analysts more versatile and self-sufficient. While tools like Tines reduce the need to write code for workflow orchestration and automation, a basic understanding of programming logic remains valuable.
Building the skill
Analysts can explore coding courses designed specifically for security professionals through platforms like Skillsoft Global Knowledge, SANS Institute, and the National Initiative for Cybersecurity Careers and Studies (NICCS). Experimenting with the free version of a no-code or low-code automation platform like Tines can help develop automation skills without needing to learn a programming language.
7. Computer forensics techniques
Strong computer forensics skills help analysts investigate cyberattacks, uncover risks, identify threat actors, assess the impact of breaches, and respond more effectively. These techniques are critical for post-incident analysis and improving overall security posture.
Building the skill
To stay aligned with industry best practices, analysts can pursue training from organizations like EC-Council, Skillsoft, and GIAC, which offer courses on topics such as dark web forensics, handling digital evidence, incident investigations, and anti-forensics. For those looking to go deeper, many universities offer graduate certificate programs in digital forensics.
Beyond certifications: growing your security career for the long haul
In high-pressure environments, it’s easy for learning and development to fall by the wayside. But even small, consistent investments in your own growth can make a big difference over time.
While formal training and certifications are valuable, many security leaders also recognize the importance of hands-on experience and curiosity, whether that’s tinkering with security tools, pursuing side projects, or become an expert in topics that spark your interest. That kind of initiative not only builds skills, but also signals the enthusiasm and problem-solving mindset hiring managers are looking for.
Read more insights from IDC's research, sponsored by Tines in partnership with AWS, and watch the on-demand webinar.