Cyber security is quite the trending topic lately. We’ve always known how problematic data vulnerability is, but with headlines about the U.S. government suffering an unnoticed breach for most of 2020 and hackers attempting to poison a Florida city’s water supply, cyber security has sprung into everyday news and conversations.
In reality, data vulnerability’s been a huge problem for a long time.
- A recent study shows ransomware increased 131% from 2018 to 2019
- There’s expected to be a cyber-attack on businesses every 11 seconds in 2021
- Cyber breaches worldwide are expected to cost over $6 trillion in 2021 and reach $10.5 trillion by 2025
- 59% of consumers are likely to avoid a company that suffered a data breach in the past year
- 70% of consumers believe companies aren’t securing their data well enough
- Lastly, the chance that organized cyber-crime is detected and prosecuted could be as low as .05% in the U.S.
Cyber security is a growing problem both at home and abroad. Fortunately, all of these headlines are catching the attention of U.S. leaders.
At the forefront of these efforts are those people in the cyber weeds, working to ward off cyber threats and vulnerabilities. These are the SOC teams, analysts, responders, and — perhaps most of all — cyber security engineers.
Who is a cyber security engineer?
The title of cyber security engineer — sometimes called an information security engineer, data security engineer, or web security engineer — is someone who comes up with ways to protect devices, services, and networks from malicious digital attacks. A cyber security engineer also designs and implements secure networks and ensures that the network and its attendant resources (databases, printers, smartphones, etc.) are protected from cyber-attacks.
The security engineer also regularly tests and monitors the security systems to ensure they are up to date and functioning properly. Organizations and/or individuals hire these engineers to help protect organizational data, sensitive and confidential information, financial/transactional information, and the reputation of the organization as a whole. To this end, they primarily protect data from data breaches.
Responsibilities of a cyber security engineer
The responsibilities of a cyber security engineer have a lot of overlap with cyber security analysts, who are also tasked with protecting sensitive information. The duties of a security engineer include:
- Planning, implementing, managing, monitoring, and upgrading security measures and infrastructure to protect organizational data and resources
- Making sure adequate security measures and protocols are in place to secure organizational data
- Troubleshooting network and security issues
- Testing and identifying network and system vulnerabilities
- Responding to security breaches with their SOC team comprised of cyber security analysts, pen testers, security consultants, cyber threat analysts, and sometimes compliance analysts.
- Liaising with the appropriate departments of the organization in the course of security duties
- Administrative duties and report writing
Job opportunities for a cyber security engineer
As mentioned earlier, the big headlines about governmental and private data breaches have caught the attention of leaders and business owners across the globe.
According to statistics from the US Bureau of Labor, job opportunities in cyber security are projected to grow by 31% between 2019 and 2029, with unemployment in the field is nearly zero. Spending on cyber security is also projected to reach $6 trillion annually in 2021.
These roles are going to be right in line for people with cyber security engineering skills.
Cyber security engineers can work as network security engineers, IT security engineers, security analysts, penetration testers, information assurance engineers, and information systems security engineers, to mention a few. All of these jobs are high-paying, future-proof careers, too.
Required skills of a security engineer
Cyber security jobs are skill-intensive. They require a high degree of training and experience to get into. As such, most organizations require at least a bachelor’s degree in cyber security, computer science, or a related field. Some employers give preference to applicants with a master’s degree.
A cyber or CS degree is just the starting point, though. A cyber security engineer requires several hard/analytical and soft skills to succeed in the field.
The hard skills you need to become a cyber security engineer
Hard technicals skills are a critical skill set for cyber security engineers to have. Whereas analysts require slightly less technical expertise, engineers are valued for their hard skills. These skills are a requirement for anyone looking to enter and succeed in the cyber security space — and especially engineers.
Proficiency in cyber programming languages like C/C++, Java, Python, Go, and Ruby, is a huge advantage. Each has its own use case.
- Python’s used to automate tasks and malware analyses
- It can also be used in pen testing and scanning
- Python’s a general-purpose language used in most cyber security situations
- Python’s also easier to learn than most other cyber coding languages
- C in reverse engineering helps develop antivirus programs because a cyber team can dissect and diagnose malware
- C is essential for QA’ing code integrity
- C can be used for secure network solutions
- Bad actors use Java to reverse-engineer proprietary software apps and to exploit security vulnerabilities.
- Pen testers can use Java to organize high-scaling servers
- Java, just overall, is widely helpful in pen testing
- Ethical hackers use Java to build and develop sophisticated
- Java is highly dynamic compared to languages like C++, making it popular among cyber experts.
- Go is perfect for discovering malware
- Go is also simple and scalable
- It’s also popular among bad actors because Golang malware is large, making intrusion detection by antivirus software harder
- Go has extensive libraries that make malware creation easier
- This also implies that, due to the widespread use of the language, applications and systems using it are prominent targets.
- Ruby’s syntax is essentially identical to Perl and Python and was written in C.
- It’s used to manage massive code projects, making it a popular language.
- Ruby manages complex information, making it easier to develop applications with less code.
Learn more about the cyber security programming languages cyber engineers need experience with.
This includes routing protocols, subnetting, Voice over IP(VoIP), DNS, encryption techniques and technologies, Virtual Private Networks (VPN), and secure network architectures. You also need to know about network security technologies like firewalls and encryption.
Cyber security concerns itself with the protection of data. Therefore cyber engineers need extensive knowledge about how data is structured, stored, and disseminated will surely help in that task.
Knowledge of operating systems:
Software systems typically run on operating systems, with each having its own vulnerabilities and idiosyncrasies. Familiarity with the operating systems you’re analyzing is crucial for diagnosing the problem.
The soft skills you need to become a cyber security engineer
In addition to the hard skills mentioned above, a security engineer needs soft skills to carry out the job well. The major ones the engineer needs are:
Security engineers often need to explain complex ideas simply. Their audiences are often laymen who have no experience or knowledge of the cyber security field. Though analysts are more likely to liaise with other departments, engineers are sometimes tasked with interdepartmental comms.
Ingenuity in the response of the security engineer to breaches and attacks are an advantage.
Cyber security engineers often read up on trends and vulnerabilities so they can quickly adapt and apply those skills against new threats.
While hard skills are vital, employers hire cyber security engineers that showcase both hard and soft skills. These soft skills are referred to as risk-mitigating factors, making them essential for any security engineer.
Cyber security certifications
While skill expertise and qualifications are often enough to start a cyber security career, further industry qualifications are important for advancing. These certifications can help you gain new skills, learn new techniques and technologies, and reliably demonstrate your abilities.
The following is a list of our recommendations for certifications:
Offered by CompTIA (one of the most reputable tech certifiers), the certificate offers the following: knowledge in attacks, threats, and vulnerabilities; architecture and design; implementation; operation and incident response; and governance, risk, and compliance. The certificate is universally recognized. More information about Sec+ can be found here.
Certified Informations System Security Professional (CISSP):
This certification is offered by ISC2 and is considered by many to be one of the foremost cyber security certifications. The ISC2 has a wide variety of certifications for different concentrations. Their site offers information on who the certifications are best suited for and how you can benefit from them.
CompTIA Advanced Security Practitioner (CASP+):
This is another certification by CompTIA. To pass the certification exam, you must understand Risk Management, Enterprise Security Architecture & Operations, enterprise security integration, research, development, and cooperation. See more details on their website.
SysAdmin, Networking, and Security (SANS) Institute:
The SANS Institute offers various cyber security training packages and offers certifications in collaboration with the Global Information Assurance Certification (GIAC). They offer over 35 technical certifications, Master’s, undergraduate, and graduate certificate programs. More details are outlined on the SANS site.
Certified Ethical Hacker (CEH) Certification offered by the EC Council:
This certification will keep you up to date with commercial hacking techniques, tools, and methodologies used by modern hackers. The program offers tons of hands-on hacking challenges that can be an eye-opener. This certification is very important for penetration testing and ethical hacking.
The 3 learning paths to becoming a cyber security engineer
With all this information at your disposal, a cyber security career might just be within your grasp. The path to being a security engineer can be arduous, but the people who have experienced it can offer us some valuable insight to help us reduce wasted effort and simplify our work.
Each of these paths has its advantages and pitfalls. Before you embark on your journey, take some time to understand your goals and future ambitions. That way you can select the one that uniquely suits your situation.
These are the 3 ways to become a cyber security engineer:
Path 1: The college path (4 years)
This path is more traditional. It involves enrolling yourself in a college and studying computer science or a related like computer engineering. These degrees tend to take 2–4 years, depending on your concentration, and can often be expensive. That said, this is the most comprehensive and path, giving you the most philosophical background into cyber security.
Cyber security degrees have recently become more commonplace, and you can get all the necessary knowledge for an entry-level cyber security position. Institutions like Messiah University, Drexel University, and Seton Hall offer excellent cyber security programs. Here’s a list of the best cyber security university programs.
- Many employers require a college degree
- The formal education environment can be a proving ground to learn important soft skills
- Ideal for younger engineers
- Colleges are expensive
- Takes a while before results can be seen (4 years)
Path 2: The bootcamp path (9 weeks – 1 year)
This path is more for professionals in other tech fields who would like to change their career and enter cyber security. The Bootcamp path is not for total tech newbies, though. It requires at least some proficiency with a scripting language and some networking knowledge as well. Fortunately, many cyber bootcamps offer introductory cyber security courses to get you up to speed.
Depending on the program you enroll in, a bootcamp can take you anywhere from a few weeks to just under two years. The longer programs are part-time and/or virtual programs. Bootcamps cover everything from networking to security concepts and even soft skills through career guidance, interview preparation, and resume assistance.
If you have an idea of the cyber path you’d like to pursue, research the curriculum for a bootcamp you’re considering to make sure they focus on topics that align with your goals.
- Takes less time
- Less expensive than the college route
- Less important concepts are done away with
- Prior knowledge/experience is required
- Even though it is cheaper than college, it can be still expensive — especially upfront
The bootcamps we recommend are:
Evolve Security Academy offers a 20-week course with the option of either live (Chicago) or remote attendance. The curriculum covers Introduction to Cyber security, Networking, Security Program, Social Engineering, and a host of other topics. The program also offers career coaching, mock interviews and even gives the students a chance to network with industry professionals.
This 13-week intensive bootcamp offers students training in services and protocols of Windows enterprise networks, advanced Linux OS, Windows OS, security operations, SIEM, and the chance to earn a Cyber Defense Certified Professional (CDCP) certificate. The final week offers a capstone project where students take on the role of a Cyber Defense Analyst.
This course is 20 weeks of hands-on labs, guided product training, and essential certifications (CISSP and Security+). SecureSet is offered in Denver and Colorado Springs.
Flatiron School offers two programs: the Cybersecurity Engineering course, which is designed for students with a more technical background, and the Cybersecurity Analytics course, which is designed for students with strong critical thinking, research, and analytical skills. Cybersecurity Analytics is also offered online. Each course also offers individual career coaching and access to Flatiron’s vast network of recruiters and professionals.
Path 3: Self-teaching (time varies)
The internet offers myriad opportunities to learn and develop. This fact, combined with the high cost of college, has caused more and more people to travel the self-learning route. The rise of online learning platforms such as Coursera, EDX, and Flatiron has formalized self-learning and has made it easier than ever.
These days, you can learn virtually anything online, and cyber security is no different. Reputable courses can be found on a variety of platforms. The following are our favorites:
- Coursera’s Introduction to Cyber security
- EdX’s Introduction to Cyber security
- Flatiron School’s Intro to Cyber security
Any of these courses will give you a thorough grounding in the field of cyber security.
- Cheaper than the other alternatives
- Self-paced learning
- You can pick the program that suits you
- Not constrained by location
- Requires a lot of self-discipline
- Cyber security engineers protect devices, services, and networks from malicious digital attacks.
- They also design and implements secure networks and infrastructure to protect from cyber-attacks.
- Cyber security is an exciting field that is bound to keep growing and is virtually recession-proof.
- Cyber engineers can work under many different titles, all of which are lucrative and have a very favorable future job outlook.
- Industry certifications are important, especially if you’ve been in the field for a while and want to pursue a specific concentration
- You have three typical paths to becoming a cyber security engineers: college, bootcamps, self-teaching
For more information about entering the cyber security field, read about becoming a cyber security analyst, becoming a compliance analyst, becoming a cyber threat intel analyst, becoming a security consultant, or becoming a pen tester.
To introduce yourself to cyber security, try out free introductory cyber security workshop.
For more information about the differences between cyber analytics and engineer, hear from the President of Education at SecureSet, Dr. James Borders: