What does a network security engineer do? MacLeod’s story
Jim MacLeod’s journey towards becoming a network security engineer wasn’t typical.
For one thing, he earned a Religion degree at Swarthmore College in Pennsylvania whereas conventional wisdom might have led him to pursue something more along the lines of a Computer Science degree. But while his post-secondary focus might seem like an odd choice for someone interested in information security, MacLeod’s love for technology and how things work balances things out just fine.
“Back in grade school, I would spend far too many hours getting yelled at by my parents because I had dialed into yet another BBS looking at more software,” says MacLeod, a one-time network security engineer who now works as a product manager with WildPackets in Walnut Creek, California. “So they would pick up the phone and hear the modem angrily screaming at them – at which point they would angrily scream at me.”
MacLeod, whose experience covers areas including firewall and VPN setup and policy analysis, Internet filtering, anti-spam, intrusion detection, network monitoring and control, packet sniffing, and log management, insists that a good network security engineer requires a mix of the right hard and soft skills. Meanwhile, vertical search engine company Simply Hired says that job prospects for network security professionals are bright, indeed.
Network Security Engineers: The Nitty-Gritty
Network security engineers are generally responsible for the security aspect of networking systems. In essence, they must ensure that networking systems can withstand or, in the event of mishaps, speedily bounce back from problems caused by hacker attacks, natural disasters or other means.
Network security engineers should have a multi-pronged background that includes information technology, information security, networking and engineering. Some post-secondary institutions actually provide undergraduate degrees in network security engineering. In addition to getting the right educational training, aspiring network security engineers should also consider certifications such as Certified Information System Security Professional (CISSP) and Cisco Certified Network Associate (CCNA). Check out the average salary for a CCNA and CISSP. The importance of having hard skills – in areas like client/desktop support, programming and PC maintenance – and soft skills – in areas like communicating with co-workers and management, problem solving, and decision making – can’t be overestimated. Network security engineers should also strive for lifelong learning. This includes keeping abreast of new security solutions hitting the market, devouring security publications to stay in the loop and taking advantage of opportunities either to pick up new skills or to improve the ones already acquired.
While no two jobs are alike, there are some specific skills that will help network security engineers to face the various challenges they will face day to day. What follows are just a handful of specific skills and duties required of network security engineers:
1. Assess network security needs. Network security engineers need to consider things like firewall setup, anti-spam, anti-virus, web content filtering, backups, password policy, anti-malware and anti-phishing. After conducting a thorough assessment of enterprise-class networks, network security engineers need to suggest mitigation strategies and work alongside relevant parties to re-design the network if needed. Having an in-depth knowledge of web security gateways, perimeter security, network access control, endpoint security, perimeter IDS/IPS is important. And it also wouldn’t hurt to be well-versed in routing protocols such as MPLS, HAIPE/IP, QOS and WAN.
2. Come up with network security policies. Network security engineers need to play a role in devising comprehensive network security policies. This will include ascertaining security issues that need to be addressed; identifying security strategies needed to deal with the risks; putting in place policies for allocating administrative tasks; keeping on top of audit logs to flag suspicious activity; and devising network password procedures.
3. Work on business continuity/disaster recovery strategy. Network security engineers must take a leading role in putting together business continuity/disaster recovery plans. This will include dialoging with corporate stakeholders to keep business continuity/disaster recover documentation up to date. Network security engineers should also conduct disaster recovery tests routinely, publish results of these tests and make any changes necessary to address deficiencies. Network security engineers should also conduct yearly business impact assessments.
4. Test solutions prior to implementation. Network security engineers need to know how to test new computers, software, switch hardware and routers before implementation. Doing so will help to maintain the integrity of corporate networks.
5. Keep abreast of security system logs. It is critical not only to review security system logs that include firewall system logs and intrusion detection systems, but also to report on any irregularities or issues relating to things such as improper access patterns. Reviews of this nature should at conducted weekly.
6. Fix problems on-site and off-site: Network security engineers need to be able to examine, troubleshoot and fix network irregularities both at the office and remotely. Network security engineers should have expertise in providing end users, application developers and operational personnel with network services support. They also need to be able to fix client business network issues through network management support, network installation and customization, and network administration.
Positive Career Prospects
Whatever the on-the-job challenges network security engineers face, the position seems to be fairly popular. Case in point: SANS’ website includes network security engineer on its list of “The 20 Coolest Jobs in Information Security.” Coming in at #7, network security engineer is sandwiched between malware analyst (#6) and security analyst (#8). Topping off the list is information security crime investigator/forensics expert. And it appears that network security types won’t have to go hungry while plying their trade, either. Indeed.com, for instance, reports that the average network security engineer salary listed on its site is $91,000 annually.
According to Gautam Godhwani, co-founder and chief executive officer of Sunnyvale, California-based
Simply Hired, the prospects for network security professionals are quite positive. He says that Simply Hired has seen a substantial increase in the amount of network security jobs. In fact, there are at present 16,000 positions with the network security keyword indexed on SimplyHired.com.
“Since September 2010, the network security keyword has increased 52%,” he explains. “The information security keyword increased 14% and the information technology keyword decreased 2%, so we can see a larger jump in the number of network security jobs compared to the other categories.”
The sort of skills successful network security engineers should have include numerous years of hands-on firewall and network experience with particular concentration on ScreenOS and JUNOS, says Godhwani. An understanding of common network and application protocols, among them TLS/SSL, TCP/IP, IPSec, HTTP, Windows networking, FTP and DNS, is also important. No less important is the capacity to use large-scale network security infrastructure, such as VPNs, DdoS mitigation and IDS/IPS. He adds that skills pertaining to project management, troubleshooting and Linux administration are also critical.
Doing it His Way
That there are certain things network security engineers are generally expected to have on their resumes is not in question. But, as MacLeod points out, it takes more than a bunch of certifications to land a job.
“A [certification] might help me get an initial interview, but it’s the soft skills, like communicating well, that land the position,” says MacLeod, who over the course of his career has earned numerous product-specific certifications.
“The HR staff here (WildPackets) told me that the paragraph I wrote on my LinkedIn page was what convinced them to contact me. Certifications are part of the answer to the question, ‘Does this person have the knowledge?’ But a writing sample, a cover letter, is a better answer to the question, ‘Can this person do the job here?'”
He started to refine his ability to do the job while studying at Swarthmore College. While earning his degree, he got a job with the campus IT organization to provide support for faculty. He explains that this position helped him learn how to remain calm and humble regardless of whether or not the person seeking assistance was behaving civilly.
“Out of college, I was lucky that the first job that I landed was with a small consulting firm that taught me how to do protocol analysis,” he continues. “I had the one-two punch of getting the key technical experience with what’s going on in networks – looking at the IP headers the TCP headers – and then I had the information given to me on how to present yourself in front of a large room full of people.”
After leaving the consulting firm, he discovered that knowing how things work provides a firm foundation for going into things like firewalls. So he took a job at Nokia Internet Communications back when the company was building the platform for Check Point. He stayed there for probably two and a half years. After his stint with Nokia, he had the chance to work for a number of different startup companies.
“All of them recognized that I had that security background and were able to leverage it, so I went to work as a consultant for a company that wanted some VPN experience,” he says. “I went to work as a sales engineer for a company that was doing log management. [I worked for] a different company that was doing anti-spam and URL filtering. The number one thing that set me down that path was having an understanding of how things work. And the number two thing that kept me on that path was being open to possibilities and letting my understanding expand itself.”
According to MacLeod, aspiring network security engineers should consider participating in things like the InfoSecMentors Project, which seeks to increase the positive impacts of mentoring relationships in the information security community. Security B-Sides gatherings, where information security professionals discuss issues and bounce ideas off of each other, are also things to keep in mind.
Although he’s worked as a network security engineer, MacLeod not too long ago moved on to become a project manager at WildPackets, which develops hardware and software solutions that drive network performance. He says that he got the feeling, while working as a trainer and as a tech support person, that customers did not actually understand how the products worked. When he moved to sales engineering, he came to another realization – customers were simply purchasing the wrong products.
“Then I spent about two years as a developer and said, ‘You know what? We’re really building the wrong products for customers,'” says MacLeod. “And then I realized that as a product manager I can tell a number of engineers what to build. I’m still interested in solving problems. I just want to solve problems for a larger number of people now. Sometimes the only way to do that is to take yourself off of the front line.”