How to become a security engineer: Training, certifications and resources
One of the hottest jobs in information security today is cybersecurity engineer. Cybersecurity engineers, often called security engineers, use some of the most in-demand information security and IT skills. They are paid well and are sought after by organizations desperate to fill the position.
If you’re asking yourself, “How do I become a security engineer?” this article is for you. We will detail how you can become a cybersecurity engineer and what you can expect on the road to this promising career.
What is a cybersecurity engineer?
Before we delve into what you need to do to become a cybersecurity engineer, it is smart to first define the role, as it is still a bit nebulous for many. A cybersecurity engineer is an information security professional that performs many functions, including designing, developing and implementing secure network solutions to defend against cyber incidents, hacking and persistent threats.
This role may go by several titles, including IT/IA security engineer, data security engineer and application/Web security engineer, but their role and function within an organization are the same. Cybersecurity engineers may work alone or on a security team within an organization.
This position is chock-full of opportunities to use your information security, networking and even teamwork skills for the benefit of your organization.
Required skills for security engineers
It’s important to remember that the exact skills required for a cybersecurity engineer role depend on the organization and how they view the role. Some have a tightly confined role in mind where the cybersecurity engineer performs certain role-specific tasks only and some organizations have a more flexible approach where the role may dip into several different pools of responsibility. Either way, the skills below are non-exclusive and may not apply to every organization.
As broad as it may sound, cybersecurity engineers must possess an expert-level understanding of information security concepts and their application via relevant technology solutions. This spans the range of information security tasks, from securing IT systems to defining security protocols to installing and configuring security devices, appliances and applications. The extent of these skills you will be demonstrating daily varies by organization, but as a cybersecurity engineer, you will be accountable in this area of IT.
Don’t be afraid to get your hands dirty
Working as a security engineer means being called on to get your hands dirty. A lot. Examples of getting your hands dirty in this regard are developing, designing, testing and deploying security-related systems and subsystems, cleaning up computer code bases for common coding vulnerabilities and working with other departments within the organization to secure IT systems. Information security involves almost every department within an organization, which may mean that the cybersecurity engineer will have to connect with them as well.
While this is traditionally in the realm of penetration testers, cybersecurity engineers must use penetration testing skills in situations that call for it, especially if the organization does not have devoted penetration testers. In situations like this, the organization will want its cybersecurity engineer to step up. Common uses for penetration testing are testing the organization’s network, computers and applications for vulnerabilities.
Most cybersecurity engineer roles will touch on some aspect of network equipment, architecture and knowledge. Some organizations will require little work involving network equipment, and others will require their cybersecurity engineer to essentially install, test and configure their entire network infrastructure from scratch. This all depends on where in the business life cycle the organization is at and if they have a devoted network professional.
In most cases, cybersecurity engineers will have to understand how security devices, appliances, applications and policies affect the network environment to disturb the network and, ultimately, the organization as little as possible. This becomes crucial when the work is performed during production hours.
Security engineer education
Years ago, it was common for individuals without a bachelor’s degree to earn a role as a cybersecurity engineer on work experience merit alone. This is quickly changing, and many organizations require a bachelor’s degree in engineering, computer engineering, computer science and related fields to be considered for this role.
One of the main reasons for this is that hiring a cybersecurity engineer without a bachelor’s degree in one of these fields stunts the professional’s career growth, as a lateral movement within the organization becomes infeasible if one is relying on job experience alone and wants to move to a different subfield within information technology.
After a bachelor’s, the next step in furthering your marketability through education is earning a master’s degree. Organizations are increasingly looking for candidates with a master’s degree in a related field, especially when it comes to senior cybersecurity engineering roles. Look for organizations requiring master’s degrees to become more commonplace for this role in the future.
Security engineer certifications
Cybersecurity engineering is a very certification-friendly field, where the more relevant certifications you hold the better off you will be. The good thing about this is that there are many good certifications to hold, and the only limit is your imagination. Some experts have literally compared the situation to that of a Pokémon aficionado collecting Pokémon.
You may be wondering which ones meet your needs. Certified Ethical Hacking, Certified Information Systems Security Professional (CISSP) and any security-related GIAC certification are great additions to your professional certification arsenal for the role of cybersecurity engineer.
Common certifications for security engineers include:
- CompTIA Security+
- CompTIA Network+
- Infosec Institute Certified SCADA Security Architect (CSSA)
- Azure Security Engineer Associate
Security engineer resources
Many resources, paid and free, are available to help you along your security engineer journey.
Helpful certification study resources include:
- Exam outlines such as the CEH exam blueprint – the definitive resource on what will be included in the CEH exam
- Live boot camps and self-paced online training, such as Infosec’s Ethical Hacking Boot Camp
- Ebooks such as Infosec’s free CISSP exam tips and tricks
- Official books, including the Official (ISC)² CISSP CBK Reference, Sixth Edition (from Sybex)
- Exam prep guides, including CISSP All-in-One Exam Guide by Shon Harris and Fernando Maymi
- Community forums like TechExams and Reddit
Free security engineer career resources include:
- Podcasts like Infosec’s Cyber Work give you advice from security engineer experts.
- Webinars with industry experts like CompTIA’s Patrick Lane are helpful for learning how security engineering careers are changing and how to prepare for the future
- YouTube is also great for learning about security engineering and how to stand out, get hired and make more money
- Blogs with cybersecurity engineer interview questions and answers can help you prepare for your big day
- Websites such as Cyber Seek with interactive cybersecurity career pathways
You may have heard that three years of professional experience is required to earn a cybersecurity engineer position. Truthfully, it all depends on the quality and depth of your skill set building during this period. Three years of comprehensive depth-filled experience is far different than three years of only limited skill set building. Keep this in mind when you plan to move into cybersecurity engineering, and only proceed when you are confident in your skill set level.
The role of security engineer is a popular career choice within information security, with high demand despite the variance in role title and job description. If you are serious about pursuing this path toward a great future in information security, use this article as a guide. You will find that with the right combination of skills, education, experience and certifications, you may find yourself with multiple organizations vying for your skills — what a good problem to have!
- Job Profile: Become a cybersecurity engineer, Certification Magazine
- Information Assurance Engineering: Builders of the Cyberfortress, Cyber Security Masters Degree
- Breaking Into Cybersecurity