Information Security Analyst & Cybersecurity Analyst Onboarding Plan - The Easy Way

Hiring information security and cybersecurity analysts is a victory in itself, considering they're some of the hardest roles to fill.

According to the 2021 (ISC)² Cybersecurity Workforce Study, 60 percent of respondents said cybersecurity staffing shortage is a major challenge their companies face. There simply aren't enough cybersecurity professionals to go around, not to mention they have to acquire some pretty technical skills.

So congratulations on nabbing your new information security or cybersecurity analyst! If you're looking for ideas to make the onboarding process as painless as possible for your security analysts, we got you covered.

We'll walk you through the essential steps. Plus, we included a free information security analyst & cybersecurity analyst onboarding plan to get you started.

✈️ Why is onboarding important for information security analysts & cybersecurity analysts?

New employee onboarding is the crucial stage where companies can make a lasting impression. And it better be a good one! 

For security analysts, there is so much to learn about a firm's infrastructures and processes, and it's easy to get overwhelmed in the first few weeks.

To avoid this, let's first clearly define the similarities and differences between an information security and a cybersecurity analyst to ensure role clarity. 

Information security covers data protection in general, while cybersecurity focuses on online or digital information. An information security analyst would have to ensure that they have measures also to protect onsite data, such as those stored in safes or possessed by employees.

Meanwhile, a cybersecurity analyst monitors information stored on hard drives, computers, and the cloud. Plus, they must know how to identify digital threats or any weak areas that cybercriminals can attack.

However, information security and cybersecurity analysts need to understand the company's information technology (IT) systems, including application firewalls, antivirus, and proxies, to safeguard networks effectively.

Given these analysts' very technical and complex tasks, it's vital that they are well informed about the company's security challenges and standards, technologies, and personnel. 

Without a comprehensive and organized onboarding plan to guide them, they might miss very crucial information that would prevent them from doing their jobs well.

Austin Harman, a Cybersecurity professional and CEO of consulting firm The Penn Group, emphasizes the importance of building up talent:

‍"One of the most valuable lessons I've learned over the years is that you cannot buy great people. They have to be developed. If you want people who are bought into your culture, your systems, and your mission, they have to be sold on your culture, systems, and mission."

Tip: The employee experience is king. Everything about your onboarding plan must be working toward making your new analysts feel welcomed and supported.

📝  Information security analyst & cybersecurity analyst onboarding 30-60-90 day plan template

A 30-60-90 day plan ensures your security analyst's first three months go smoothly.

Tip #1: Using a standardized plan helps People Ops and Managers create a consistent experience for future hires.

Tip #2: However, customizing your employee onboarding template based on specific roles, teams, or departments is essential.

Below is an information security analyst and cybersecurity analyst onboarding 30-60-90 day checklist to help you get started.

Preparation and preboarding: Day 0

Preboarding is crucial as it sets the environment and vibe for the new hires. So don't skip this one!

• Send out necessary onboarding documents to be signed, company policies, and handbook. (You could use a new employee onboarding paperwork checklist to make the pocess easier to track)
• Prepare accounts and access rights, particularly to the firm's IT software and systems (IT onboarding).
• Notify colleagues and book onboarding meetings.
• Send a welcome email and package. These are the small gestures that make a big difference.
• Plan out the first week of orientation and a rough draft of the 30-60-90-day plan. Ensure that all key stakeholders contribute to setting priorities and goals, such as team leader, mentor, department manager, etc.

The first 30 days: Focus on compliance and clarity

The first month on the job is all about getting to know the company's business goals, clients, and technology stack or systems.

Tip: You can also use this period to encourage networking.

Day 1: Provide a worthy reception

• Celebrate with a team intro message. Here's a team introduction sample.
• Say hi in person (or on a call).
• Host a (virtual) lunch.
• Hand out the access card/ID/key, hardware, and other tools.
• Introduce new hires to their onboarding buddy or mentor.

💡 Create positive initial experiences with 17 exciting ideas to make orientation fun. Engaging your new hires from the very start will have a long-term impact. 

Week 1: Get new employees on track

• Have them sign off on compliance policies.
• Introduce them to company goals and projects, including recurring challenges.
• Carry the first 1:1 conversations focusing on role clarity and setting expectations.
• Finalize the 30-60-90-day plan, including suggesting day-to-day resources like internal chat rooms and cyber defense resources.
• Create an initial assignment and encourage them to start familiarizing themselves with the firm's security policies, potential threats, and collection of security tools.
• Celebrate the first week with a small message.

First 30 days

• Introduce team and collaborators from other departments (e.g., software and infrastructure engineers, data scientists).
• Ensure analysts attend all relevant meetings, particularly among different IT teams.
• Deliver regular day-to-day tips, such as bite-sized messages via Slack, Teams, or mail, to deliver useful just-in-time info. This will facilitate learning in the flow of work.
• Start setting goals and onboarding metrics for success.

A key goal is to develop a deeper understanding of the technical areas of security, such as incident response, forensic analysis, network monitoring, and breach detection. 

• Start providing new employee feedback. Schedule regular feedback meetings.
• Ask for onboarding feedback as well. Onboarding surveys are an excellent method you can use.

Days 30-60: Focus on training

After the first month, your information security or cybersecurity analyst should be able to work more independently and start to explore other tasks.

In the second month, it's time for your analysts to have more hands-on exposure to the company's digital assets and automated processes. Training becomes crucial at this stage, particularly in information security, where new cyber defense practices and software are constantly being developed.

• Identify the skill set each analyst has and what information they would need to learn. Other considerations:

• Domain knowledge (e.g., security engineering, threat analysis)
• Software and technology exposure (e.g., artificial intelligence/machine learning tools, cloud computing security)

Tip #1: You can implement interactive exercises like malware and log analyses during training to discover potential skill gaps.

Tip #2: Don't assume that because these are highly trained professionals, they know all existing systems, even the popular ones. Some of them might have specialized in a specific domain, which can also be an advantage.

• Learn about the company's past security incidents, particularly the solutions implemented.
• Evaluate if your analysts need to train for additional certifications or renew annual certifications (e.g., (ISC) 2 Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Implementer, CompTIA Security+). Investing in their upskilling will make them feel more valued.

➡️ Check out our in-depth information on the best practices for training new employees.

Activities for the 60-day milestone:

• Reflect on 60-day goals. What went well? What did not go as expected?
• Set goals for the next 30 days.
• Address any significant areas of concern or improvement.
• Prepare your new security analyst to participate in a live project or system update.

Days 60-90: Focus on accountability and role proficiency

In the last onboarding phase, your new joiners take on even more autonomy. They should take full responsibility for their work while also being proactive in improving the team, process, or company.

You can decide whether day 90 will end your formal onboarding. From there, you transition your new information security and cybersecurity analysts into ongoing training and development to get them ready for continued success in their role.

Main objectives for this period:

• Troubleshoot issues independently.
• Contribute to brainstorming or process improvements.
• Participate in quarterly extensive cybersecurity training to keep updated on the latest information defense technologies.

Day 90 milestone activities:

• Assess onboarding goals and onboarding metrics.
• Look at the big picture of performance so far.
• Identify and discuss any areas of concern and interest, particularly training.
• Set new goals for the next 6-months. Consider also adding goals to reach until concluding the first year in your organization.

➡️ If you need other templates, we have you covered. Check out our free and essential onboarding templates. From other role-based checklists to communication samples and an onboarding presentation template, you will find something for your needs.

👀 What does an effective information security analyst and cybersecurity analyst onboarding process look like?

A well-integrated security analyst should know your company's entire IT ecosystem, the cyber threats that need addressing, and long-term career development plans. This ensures your new hire's longevity within the firm.

Founder and CEO of online training firm CyberVista, Simone Petrella, says that when an experienced security analyst leaves a company, it typically takes eight months to replace them and almost four months to train a new analyst. This is equivalent to nearly a full year of productivity lost.

A successful onboarding covers four major phases: preboarding, orientation, role-specific training, and ongoing development.

Preboarding is the time to consider how to ease them into the roles.

Tip #1: As you are preparing the first draft of their onboarding plan, consider the following questions:

What kinds of projects should they handle first? How do their roles and expertise fit into the overall business goals?

Tip #2: Enlist your main stakeholders to find the answers to these questions.

Tip #3: Make sure you document all details. You can include all elements in the onboarding checklist or use an onboarding portal.

Tip #4: The critical thing to remember is to keep the new analysts engaged at every step of their onboarding journey. This includes knowing their work preferences and how the company can best support them.

In particular, remote work is becoming the go-to option for most information security professionals. 

According to the 2021 (ISC)² Cybersecurity Workforce Study, only 15% of cybersecurity analysts would like to return to the office fully. 

Tip #5: Ensure you cover your firm's remote work policies with your new joiners. We created a Work from Home Policy template you might find helpful. 

➡️ Discover 11 ways to engage new employees starting from day one.

⚙️ Why you need to automate your security analyst onboarding process

Save time and resources

The greatest benefit of an automated onboarding process is that it saves time and costs.

➡️ Storyblok, for example, saves 15+ hours every week while taking their remote onboarding experience to the next level.

Because the process follows customized journeys or workflows, new joiners have a clear map to follow.

"What surprised me most was that you can automate so much without sacrificing experience. We are sending people trackable tasks, engaging content, fun reminders via Slack, and connecting them to their onboarding buddies. All with a single click." Markus Schwarz, People Experience Manager at Storyblok.

💡 Remember that you can also quickly start onboarding before Day 1 with an automated preboarding workflow.

➡️ Access our preboarding template to help you get started.

Increased productivity and motivation

Positive onboarding experiences result in increased productivity and motivation.

➡️ You don't have to take our word for it. Check out how Zavvy helped Alasco cut time-to-productivity in half with a structured and fun onboarding process.

Tip: Automation avoids unpleasant surprises or uncommunicated expectations.

Instead of feeling nervous and confused about navigating their new roles, your security analysts will feel empowered when they know exactly how to progress and meet expectations.

Enhanced new hire experiences

Structured journeys create better experiences for new security analysts.

When your onboarding touches on the 5 Cs of onboarding, compliance, clarification, confidence, connection, and culture, your employees will feel genuinely welcomed into your organization.

Tip: Positive experiences are great for your employer branding. But that's not the sole benefit.

➡️ Set up your IT department's new hires for success with Zavvy

Offer proper guidance to your new analysts by automating your onboarding workflows.

You can create a detailed employee onboarding plan to inform and engage through employee onboarding software.

Plus, through our preboarding software, you can set up a welcoming environment that can soothe first-day jitters.

With Zavvy's templates, you get a jump start on structured, enlightening, and fun onboarding plans.

And, to cap it all off, you'll be able to track new hire progress, automatically schedule events and send onboarding journeys, and include interactive features.

Once onboarding ends, Zavvy helps you smoothly transition into long-term training and development plans and feedback cycles for your information security team.

Book a demo to discover how our automated workflows can take your employee experience to the next level.