The activities that absorb the attention of the business analyst seem to go in cycles. Sometimes the business analyst is involved with more technically oriented work and other times the business analyst is more strategically involved with business planning. Much of course depends on the events and circumstances of the times. Right now there seems to be a significant emphasis on security, especially business and information security and disaster recovery and business continuity.
Granted the experienced business analyst should be able to pick up any business area in a short amount of time applying his or her skills and abilities as communicators and analyzers which equate to fast learning. But the areas of business continuity, disaster recovery, and information security, even when not talking about the technical aspects, are not necessarily what might be considered business lines.
Perhaps there will be business analysts who specialize in the business aspects of disaster recovery and business continuity. Unfortunately these areas are not full-time long-term jobs because once the business continuance and disaster recovery plans are created they are turned over to the people who will test them and then in the unfortunate event that they may be needed, to execute them.
Business security should be a constant and ongoing concern of the business analyst, but seems to only draw the attention of the business in general and the business analyst in particular when there has already been a security breach. Prior to that most businesses, and unfortunately business analyst as well, seem to have either an “it won’t happen here” or “it’s somebody else’s job” attitude. Each of us as business analyst has to be aware of the risks and potential for security breaches from all sorts of threats and attackers.