What Is an Information Security Engineer?
Information security, or InfoSec, encompasses the methods used to safeguard classified print or electronic information or data from unauthorized use. Information security engineers help organizations keep this data safe. These professionals pinpoint IT threats and software vulnerabilities, create and test strong security systems and act as the main source for security policies and procedures. Businesses, government agencies and individuals with confidential data all rely on these processes for protection against hackers and cyber-criminals.
Required Education and Certification
Ideally, preparation to become a security engineer should start in high school. Advanced classes or summer courses in math, science and computer sciences will help when applying to colleges. Next is obtaining an associate or bachelor's degree from an accredited computer science program. Employers typically prefer candidates who at minimum have a bachelor's degree in information systems (IS), information technology (IT), applied mathematics, computer programming, engineering or another computer-related field. To cut down on education costs, credits from an associate degree in this field from a community college can usually transfer easily to a university or college. A master's degree in computer security or subject related to information systems may be considered, as this can lead to more advancement opportunities in your career.
Certification is not only helpful for honing your skills but is generally required by most employers. Organizations like the Computing Technology Industry Association offer entry-level certification for up-and-coming security engineers. Certificates include CompTIA IT Fundamentals, CompTIA A+, CompTIA Network+ and CompTIA Security+. Other beginner certifications include GSEC: GIAC Security Essentials and Systems Security Certified Practitioner (SSCP) from (ISC)².
The widely accepted certification for career advancement is the CISSP (Certified Information Systems Security Professional) certification from (ISC)². Candidates must have at least five years of work experience in computer security and will be required to recertify every three years. A four-year college degree or an additional credential from the (ISC)²-approved list will satisfy one year of the required work experience. Other certifications to consider are the Certified Ethical Hacker (CEH) from EC-Council, Cisco Certified Network Professional Security (CCNP Security), GCIH: GIAC Certified Incident Handler and GCIA: GIAC Certified Intrusion Analyst. There are also many more accredited certifications available from (ISC)², ISACA, EC-Council, GIAC and CompTIA.
It is vital for security engineers to continue their education throughout their careers, as cyber threats are ever-changing and evolving. Joining a professional organization such as the Information Systems Security Association (ISSA) or (ISC)² will provide you access to training options, conferences, industry publications and networking opportunities.
Security engineers spend a significant amount of time working with IT teams, so strong communication and interpersonal skills are key. Analytical and problem-solving skills are also essential. Experience with accounting and marketing will prove useful for those aspiring towards a consultant or freelance career in security engineering.
Information security engineers need a variety of technical skills. The following are some of the skills employers prefer:
- IDS/IPS, penetration and vulnerability testing
- Firewall and intrusion detection/prevention protocols
- Secure coding practices, ethical hacking and threat modeling
- Windows, UNIX and Linux operating systems
- MySQL/MSSQL database systems
- Identity and access management principles
- Application security and encryption technologies
- Secure network architectures
- Subnetting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods
- Network- and web-related protocols such as TCP/IP, UDP, IPSEC, HTTP and HTTPS
- Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication
It will also be important for security engineers to have knowledge of computer forensics, security engineering ethics, audit functions, security compliance and cyber law. Some companies will require domain-specific expertise. For example, if you work with medical data, you will need an understanding of HIPAA.
Career Outlook and Salary
The U.S. Bureau of Labor Statistics (BLS) reports that employment for all information security analysts is estimated to grow 28% from 2016 to 2026, which is much faster than the average for all occupations.
Cybersecurity threats are at an all time high, both nationally and internationally. Information security professionals will be needed by most companies and organizations, but especially banks and financial institutions, hospitals and government offices. The BLS also reports that employment of all information security analysts is estimated to grow 56% in computer systems design and related services from 2016 to 2026, which will directly impact security engineers. Payscale.com reports that the median salary in June 2019 for information security engineers was $94,004.
Below are a few careers related to that of an information security engineer.