How To Become A Cybersecurity Engineer

Cybersecurity is quite the trending topic lately. We’ve always known how problematic data vulnerability is, but with headlines about the U.S. government suffering an unnoticed breach for most of 2020 and hackers attempting to poison a Florida city’s water supply, cybersecurity has sprung into everyday news and conversations. 

In reality, data vulnerability’s been a huge problem for a long time. 

• A recent study shows ransomware increased 131% from 2018 to 2019
• There’s expected to be a cyber-attack on businesses every 11 seconds in 2021
• Cyber breaches worldwide are expected to cost over $6 trillion in 2021 and reach $10.5 trillion by 2025
• 59% of consumers are likely to avoid a company that suffered a data breach in the past year
• 70% of consumers believe companies aren’t securing their data well enough
• Lastly, the chance that organized cyber-crime is detected and prosecuted could be as low as .05% in the U.S.

Cybersecurity is a growing problem both at home and abroad. Fortunately, all of these headlines are catching the attention of U.S. leaders.

At the forefront of these efforts are those people in the cyber weeds, working to ward off cyber threats and vulnerabilities. These are the SOC teams, analysts, responders, and — perhaps most of all — cybersecurity engineers.

Who is a cybersecurity engineer?

The title of cybersecurity engineer — sometimes called an information security engineer, data security engineer, or web security engineer — is someone who comes up with ways to protect devices, services, and networks from malicious digital attacks. A cybersecurity engineer also designs and implements secure networks and ensures that the network and its attendant resources (databases, printers, smartphones, etc.) are protected from cyber-attacks. 

The security engineer also regularly tests and monitors the security systems to ensure they are up to date and functioning properly. Organizations and/or individuals hire these engineers to help protect organizational data, sensitive and confidential information, financial/transactional information, and the reputation of the organization as a whole. To this end, they primarily protect data from data breaches. 

Responsibilities of a cybersecurity engineer

The responsibilities of a cybersecurity engineer have a lot of overlap with cybersecurity analysts, who are also tasked with protecting sensitive information. The duties of a security engineer include: 

• Planning, implementing, managing, monitoring, and upgrading security measures and infrastructure to protect organizational data and resources
• Making sure adequate security measures and protocols are in place to secure organizational data
• Troubleshooting network and security issues
• Testing and identifying network and system vulnerabilities
• Responding to security breaches with their SOC team comprised of cybersecurity analysts, pen testers, security consultants, cyber threat analysts, and sometimes compliance analysts.
• Liaising with the appropriate departments of the organization in the course of security duties
• Administrative duties and report writing

Job opportunities for a cybersecurity engineer 

As mentioned earlier, the big headlines about governmental and private data breaches have caught the attention of leaders and business owners across the globe.

According to statistics from the US Bureau of Labor, job opportunities in cybersecurity are projected to grow by 31% between 2019 and 2029, with unemployment in the field is nearly zero. Spending on cybersecurity is also projected to reach $6 trillion annually in 2021. 

These roles are going to be right in line for people with cybersecurity engineering skills.

Cybersecurity engineers can work as network security engineers, IT security engineers, security analysts, penetration testers, information assurance engineers, and information systems security engineers, to mention a few. All of these jobs are high-paying, future-proof careers, too.

The mean salary for security analysts nationally is ~$100k. For pen testers, that number is ~116k. 

Required skills of a security engineer

Cybersecurity jobs are skill-intensive. They require a high degree of training and experience to get into. As such, most organizations require at least a bachelor’s degree in cybersecurity, computer science, or a related field. Some employers give preference to applicants with a master’s degree.

A cyber or CS degree is just the starting point, though. A cybersecurity engineer requires several hard/analytical and soft skills to succeed in the field.

The hard skills you need to become a cybersecurity engineer

Hard technical skills are a critical skill set for cybersecurity engineers to have. Whereas analysts require slightly less technical expertise, engineers are valued for their hard skills. These skills are a requirement for anyone looking to enter and succeed in the cybersecurity space — and especially engineers. 

Programming: 

Proficiency in cyber programming languages like C/C++, Java, Python, Go, and Ruby, is a huge advantage. Each has its own use case.

Python

• Python’s used to automate tasks and malware analyses
• It can also be used in pen testing and scanning
• Python’s a general-purpose language used in most cybersecurity situations
• Python’s also easier to learn than most other cyber coding languages

The charts above and below show the relative popularity based on how many GitHub pulls are made per year for that language. They are based on data from GitHut 2.0, created by littleark.

C/C++

• C in reverse engineering helps develop antivirus programs because a cyber team can dissect and diagnose malware
• C is essential for QA’ing code integrity
• C can be used for secure network solutions

Java

• Bad actors use Java to reverse-engineer proprietary software apps and to exploit security vulnerabilities.
• Pen testers can use Java to organize high-scaling servers
• Java, just overall, is widely helpful in pen testing
• Ethical hackers use Java to build and develop sophisticated 
• Java is highly dynamic compared to languages like C++, making it popular among cyber experts.

Go (Golang)

• Go is perfect for discovering malware
• Go is also simple and scalable
• It’s also popular among bad actors because Golang malware is large, making intrusion detection by antivirus software harder
• Go has extensive libraries that make malware creation easier

JavaScript

• JavaScript is useful for capturing cookies, exploiting handers, and cross-site scripting
• Node.js, React.js, jQuery are all JavaScript libraries.
• This also implies that, due to the widespread use of the language, applications and systems using it are prominent targets.

Ruby

• Ruby’s syntax is essentially identical to Perl and Python and was written in C.
• It’s used to manage massive code projects, making it a popular language.
• Ruby manages complex information, making it easier to develop applications with less code.

Learn more about the cybersecurity programming languages cyber engineers need experience with.

Networking: 

This includes routing protocols, subnetting, Voice over IP(VoIP), DNS, encryption techniques and technologies, Virtual Private Networks (VPN), and secure network architectures. You also need to know about network security technologies like firewalls and encryption. 

Database platforms:

Cybersecurity concerns itself with the protection of data. Therefore cyber engineers need extensive knowledge about how data is structured, stored, and disseminated will surely help in that task. 

Knowledge of operating systems: 

Software systems typically run on operating systems, with each having its own vulnerabilities and idiosyncrasies. Familiarity with the operating systems you’re analyzing is crucial for diagnosing the problem. 

The soft skills you need to become a cybersecurity engineer

In addition to the hard skills mentioned above, a security engineer needs soft skills to carry out the job well. The major ones the engineer needs are: 

Communication skills 

Security engineers often need to explain complex ideas simply. Their audiences are often laymen who have no experience or knowledge of the cybersecurity field. Though analysts are more likely to liaise with other departments, engineers are sometimes tasked with interdepartmental comms.

Problem-solving skills 

Ingenuity in the response of the security engineer to breaches and attacks are an advantage. 

Learning capacity

Cybersecurity engineers often read up on trends and vulnerabilities so they can quickly adapt and apply those skills against new threats. 

While hard skills are vital, employers hire cybersecurity engineers that showcase both hard and soft skills. These soft skills are referred to as risk-mitigating factors, making them essential for any security engineer.

Cybersecurity certifications

While skill expertise and qualifications are often enough to start a cybersecurity career, further industry qualifications are important for advancing. These certifications can help you gain new skills, learn new techniques and technologies, and reliably demonstrate your abilities. 

The following is a list of our recommendations for certifications: 

Security+

Offered by CompTIA (one of the most reputable tech certifiers), the certificate offers the following: knowledge in attacks, threats, and vulnerabilities; architecture and design; implementation; operation and incident response; and governance, risk, and compliance. The certificate is universally recognized. More information about Sec+ can be found here.

Certified Informations System Security Professional (CISSP): 

This certification is offered by ISC2 and is considered by many to be one of the foremost cybersecurity certifications. The ISC2 has a wide variety of certifications for different concentrations. Their site offers information on who the certifications are best suited for and how you can benefit from them. 

CompTIA Advanced Security Practitioner (CASP+): 

This is another certification by CompTIA. To pass the certification exam, you must understand Risk Management, Enterprise Security Architecture & Operations, enterprise security integration, research, development, and cooperation. See more details on their website.

SysAdmin, Networking, and Security (SANS) Institute: 

The SANS Institute offers various cybersecurity training packages and offers certifications in collaboration with the Global Information Assurance Certification (GIAC). They offer over 35 technical certifications, Master’s, undergraduate, and graduate certificate programs. More details are outlined on the SANS site.

Certified Ethical Hacker (CEH) Certification offered by the EC Council: 

This certification will keep you up to date with commercial hacking techniques, tools, and methodologies used by modern hackers. The program offers tons of hands-on hacking challenges that can be an eye-opener. This certification is very important for penetration testing and ethical hacking.

The 3 learning paths to becoming a cybersecurity engineer

With all this information at your disposal, a cybersecurity career might just be within your grasp. The path to being a security engineer can be arduous, but the people who have experienced it can offer us some valuable insight to help us reduce wasted effort and simplify our work. 

Each of these paths has its advantages and pitfalls. Before you embark on your journey, take some time to understand your goals and future ambitions. That way you can select the one that uniquely suits your situation.

These are the 3 ways to become a cybersecurity engineer: 

Path 1: The college path (4 years)

This path is more traditional. It involves enrolling yourself in a college and studying computer science or a related like computer engineering. These degrees tend to take 2–4 years, depending on your concentration, and can often be expensive. That said, this is the most comprehensive path, giving you the most philosophical background in cybersecurity.

Cybersecurity degrees have recently become more commonplace, and you can get all the necessary knowledge for an entry-level cybersecurity position. Institutions like Messiah University, Drexel University, and Seton Hall offer excellent cybersecurity programs. Here’s a list of the best cybersecurity university programs.

Pros 

• Many employers require a college degree
• The formal education environment can be a proving ground to learn important soft skills
• Ideal for younger engineers

Cons 

• Colleges are expensive
• Takes a while before results can be seen (4 years)

Path 2: The bootcamp path (9 weeks – 1 year)

This path is more for professionals in other tech fields who would like to change their career and enter cybersecurity. The Bootcamp path is not for total tech newbies, though. It requires at least some proficiency with a scripting language and some networking knowledge as well. Fortunately, many cyber bootcamps offer cybersecurity prep courses to get you up to speed.

Depending on the program you enroll in, a bootcamp can take you anywhere from a few weeks to just under two years. The longer programs are part-time and/or virtual programs. Bootcamps cover everything from networking to security concepts and even soft skills through career guidance, interview preparation, and resume assistance. 

If you have an idea of the cyber path you’d like to pursue, research the curriculum for a bootcamp you’re considering to make sure they focus on topics that align with your goals.

Pros 

• Takes less time 
• Less expensive than the college route
• Less important concepts are done away with

Cons   

• Prior knowledge/experience is required
• Even though it is cheaper than college, it can be still expensive — especially upfront

The bootcamps we recommend are:

Evolve Security Academy

Evolve Security Academy offers a 20-week course with the option of either live (Chicago) or remote attendance.  The curriculum covers Introduction to Cybersecurity, Networking, Security Program, Social Engineering, and a host of other topics. The program also offers career coaching, mock interviews and even gives the students a chance to network with industry professionals. 

Level Effect

This 13-week intensive bootcamp offers students training in services and protocols of Windows enterprise networks, advanced Linux OS, Windows OS, security operations, SIEM, and the chance to earn a Cyber Defense Certified Professional (CDCP) certificate. The final week offers a capstone project where students take on the role of a Cyber Defense Analyst.

SecureSet Core Cybersecurity Engineering

This course is 20 weeks of hands-on labs, guided product training, and essential certifications (CISSP and Security+). SecureSet is offered in Denver and Colorado Springs.

Flatiron School Cybersecurity Engineering 

Flatiron School offers two programs: the Cybersecurity Engineering course, which is designed for students with a more technical background, and the Cybersecurity Analytics course, which is designed for students with strong critical thinking, research, and analytical skills. Cybersecurity Analytics is also offered online. Each course also offers individual career coaching and access to Flatiron’s vast network of recruiters and professionals.

Path 3: Self-teaching (time varies)

The internet offers myriad opportunities to learn and develop. This fact, combined with the high cost of college, has caused more and more people to travel the self-learning route. The rise of online learning platforms such as Coursera, EDX, and Flatiron has formalized self-learning and has made it easier than ever. 

These days, you can learn virtually anything online, and cybersecurity is no different. Reputable courses can be found on a variety of platforms. The following are our favorites: 

• Coursera’s Introduction to Cybersecurity
• EdX’s Introduction to Cybersecurity
• Flatiron School’s Cybersecurity Prep Course

Any of these courses will give you a thorough grounding in the field of cybersecurity.

Pros

• Cheaper than the other alternatives
• Self-paced learning
• You can pick the program that suits you
• Not constrained by location

Cons 

• Requires a lot of self-discipline

Key takeaways

• Cybersecurity engineers protect devices, services, and networks from malicious digital attacks. 
• They also design and implements secure networks and infrastructure to protect from cyber-attacks.
• Cybersecurity is an exciting field that is bound to keep growing and is virtually recession-proof.
• Cyber engineers can work under many different titles, all of which are lucrative and have a very favorable future job outlook.
• Hard technical skills like understanding programming languages — Python, JavaScript, Go, Java, C/C++ — are extremely important, but engineers should also possess soft professional skills like communication and management.
• Industry certifications are important, especially if you’ve been in the field for a while and want to pursue a specific concentration
• You have three typical paths to becoming a cybersecurity engineer: college, bootcamps, self-teaching

Flatiron School offers our full-time Cybersecurity Engineering bootcamp in New York and Washington, D.C. We also offer our Cybersecurity Analytics bootcamp in New York, D.C., and online.

For more information about entering the cybersecurity field, read about becoming a cybersecurity analyst, becoming a compliance analyst, becoming a cyber threat intel analyst, becoming a security consultant, or becoming a pen tester.

To introduce yourself to cybersecurity, try out our Free Cybersecurity Prep Course.

Disclaimer: The information in this blog is current as of 9 February 2021. For updated information visit https://flatironschool.com/. 

Posted by Nicholas Gallinelli  /  February 9, 2021