Computer technology moves fast, so the IT workforce must be dynamic enough to keep up. The field is notably varied, including many different professions, such as computer research scientists, systems managers, software developers, and support specialists.
Cybersecurity engineers—labeled as information security analysts by the United States Bureau of Labor Statistics (BLS)—tend to have many of the same networking and computer systems skills as other IT professionals, but are highly specialized in using them with a mind for security. Anyone considering a career in cybersecurity is encouraged to research the job carefully before committing to the field.
The breadth and scope of a cybersecurity engineer’s duties vary by industry and organization, but the following are among the most common:
Cybersecurity engineers plan, execute, monitor, and upgrade computer security systems—tasks that rely on a range of skills and knowledge. According to O*NET Online (2022), information security analysts must be familiar with:
As with most careers, there are a handful of personal qualities and aptitudes that could make one well suited for a career in cybersecurity engineering. The following are among the most important:
Cybersecurity engineers must generally have the following qualifications:
It must be noted that different organizations have different qualification requirements. Given above is a general list of requirements that an organization may ask for.
The BLS (2020) notes that information security analysts typically need at least a bachelor’s degree in information security, computer engineering, computer programming, or another relevant discipline to enter the field, though some employers prefer candidates with related master’s degrees or MBAs. Prospective students should look for accredited programs with updated curricula so that they can stay informed about significant changes in the field.
Some cybersecurity bachelor’s degrees offer specializations for more targeted training. Examples of real cybersecurity concentrations from U.S. colleges and universities include cybercrime and fraud investigation, cyber operations, intrusion investigation, information assurance, and network forensics.
Cybersecurity engineering programs usually require a foundation of necessary education coursework in areas like math, science, English, and history, as well as core courses relevant to the field. Additional electives allow students to customize their training to best suit their interests and goals. Examples of actual undergraduate cybersecurity engineering courses include:
Graduates who have earned their bachelor’s degrees in cybersecurity engineering are prepared for most entry-level jobs, though some opt to enroll in a graduate program to advance their expertise, prepare for management positions, gain a competitive advantage in the field, obtain research positions, or teach.
Earnings, career outlook, and advancement potential tend to improve with education. This makes earning a master’s degree in cybersecurity, information security, computer programming, IT management, and other related fields a valuable if voluntary, endeavor.
While some employers prefer candidates with graduate degrees in IT and cybersecurity, others prefer candidates with a master of business administration (MBA) with a specialization in information systems.
Generally speaking, master’s degrees require two additional years of full-time study, but some schools offer special evening and weekend programs for students who want to continue working in the workforce. These part-time programs generally take three to five years to complete, depending on the program and each student’s course load.
Every graduate-level cybersecurity program sets its own admissions criteria, so it is important to carefully research requirements before applying. However, there are many commonalities between each university’s admission requirements. The following criteria for the master’s program in cybersecurity operations and leadership at the University of San Diego are representative of the conditions applicants will find at most schools.
Some graduate schools have additional or slightly different course prerequisites, so it is essential that applicants properly research the programs they are interested in before applying.
Some colleges and universities offer concentrations that allow students to specialize in their master’s degrees. Examples of specialty tracks within graduate-level cybersecurity include analysis, cyber terrorism, SCADA cybersecurity, networks, systems, IT auditing, and cyber forensics.
The curriculum for a master’s degree in cybersecurity can vary from one program to the next, but, as with bachelor’s degrees, they tend to have similar core coursework. Graduate schools do not typically need to complete basic education classes as long as they have met the program’s prerequisites. Below is a sampling of courses from Johns Hopkins University’s cybersecurity program:
An alternative to a master’s degree is a graduate certificate. Graduate certificates are ideal for students who want to advance their cybersecurity savvy without committing to a two-year program or those who wish to specialize in a particular discipline, such as computer engineering and programming.
Certificate requirements range in scope and duration. Students enrolled in Harvard University’s cybersecurity graduate certificate, for example, must complete four courses—two core courses and two electives. As always, prospective students should review admissions and graduation requirements carefully.
Professional certifications are another way cybersecurity professionals can enhance their knowledge and expertise. Industry vendors or professional organizations typically offer certifications. Most require professionals to pass a test, though candidates should be mindful of pre-exam requirements, such as junior certifications, specific degrees, or a minimum number of years of professional experience.
Here are a few in-demand professional certifications and the organizations that sponsor them, as reported by O*NET:
Certified Enterprise Defender – This certification ensures that holders have validated abilities and knowledge in packet analysis, defensive network infrastructure, incident handling, malware removal, and penetration testing. Candidates must pass a three-hour, 115-question exam with a minimum passing score of 70 percent. This certification exam will cost $949.
To remain competitive and current in the cybersecurity workforce, GIAC recommends renewing the credential by collecting 36 CPEs over four years to keep this certification active.
GIAC Certified Forensics Analyst – This certification focuses on core skills that are required for collecting and analyzing data computer systems. Areas covered in this certification include threat hunting, digital forensics, advanced incident response, memory forensics, anti-forensics detection, timeline analysis, APT intrusion incident response.
Candidates must pass a three-hour, 82- to 115-question exam with a minimum passing score of 72 percent. This certification exam will cost $949. Renewal requires collecting 36 CPEs over four years.
GIAC Web Application Penetration Tester – Holders of this certification have a thorough understanding of web application security issues and can better secure organizations through penetration testing. Candidates must pass a two- to three-hour, 82- to 115-question exam with a minimum passing score of 71 percent. This certification exam will cost $949. Renewal requires collecting 36 CPEs over four years.
GIAC Certified Intrusion Analyst – This certification validates that holders understand traffic analysis, intrusion detection, and network and host monitoring. They have the skills required for configuring and monitoring intrusion detection systems and for reading, interpreting, and analyzing network traffic and related log files.
Candidates must pass a four-hour, 106-question exam with a minimum passing score of 68 percent. This certification exam will cost $949. Renewal requires collecting 36 CPEs over four years.
Certified in Healthcare Privacy and Security – Professionals who have earned this designation will have the expertise to design, implement, and administer privacy and security protection programs in healthcare organizations. To be eligible for this certification, candidates must have one of the following:
Candidates must pass this 3.5-hour, 104- to 160-question exam with a minimum passing score of 300. Members pay $259 and non-members pay $329 for this examination. Recertification requires professionals to earn 30 CEUs during a two-year certification cycle.
Certified Secure Software Lifecycle Professional – This certification shows peers and employers that holders have the advanced technical knowledge and skills necessary for the authorization, auditing, and authentication, throughout the software development lifecycle (SDLC) using policies, procedures, and best practices established by the cybersecurity experts at (ISC)².
Candidates must pass a three-hour, 125-question exam with a minimum passing score of 700. This certification exam will cost $564.90. Certification holders will be required to recertify every three years by earning 90 continuing professional education (CPE) credits and paying an Annual Maintenance Fee (AMF) of $125.
Cisco Certified Internetwork Expert Security – The CCIE Security certification proves that holders have skills with complex security solutions. To earn this certification, candidates must pass two exams: a 120-minute qualifying exam covering core security technologies and an eight-hour hands-on lab exam covering security technologies and solutions through the entire network lifecycle, from designing to optimizing.
The implementing and operating cisco security core technologies exam covers topics such as security concepts, network security, securing the cloud, content security, and endpoint protection. Topics in the lab exam include perimeter security and intrusion prevention, infrastructure security, secure connectivity, and advanced threat protection. This certification exam will cost $400. Holders will be required to recertify every three years by earning a minimum of 30 CE credits.
Cisco Certified Network Professional Security – Just like the CCIE certification, this CCNP Security Certification also requires candidates to pass two exams; the only difference being that after completing the core qualifying exam, candidates will complete a security concentration exam of their choice.
Concentration exam options include Implementing and Configuring Cisco Identity Services Engine (SISE); Securing the Web with Cisco Web Security Appliance (SWSA); Securing Email with Cisco Email Security Appliance (SESA); and Implementing Secure Solutions with Virtual Private Networks (SVPN), among others. Details about cost and recertification remain the same.
Certified Information Systems Auditor – This certification proves that holders have expertise in information systems auditing process, information systems operations and business resilience, governance and management of it, protection of information assets, and information systems acquisition, development, and implementation. The exam comprises 150 questions that cover five job practice domains and tests.
The five domains include information systems auditing process; governance and management of it; information systems acquisition, development, and implementation; information systems operations and business resilience; and protection of information assets. ISACA members pay $575, while ISACA non-members $760 for this certification.
To maintain certification, candidates must earn and report a minimum of 120 CPE hours for a three-year reporting cycle period and pay the CISA annual maintenance fee; which is $45 for members and $85 for non-members.
It should be noted that while professional certifications tend to be voluntary, they indicate the level of expertise and an ongoing commitment that many employers value.
Finally, some cybersecurity professionals earn their Professional Engineer (PE) license from the National Council of Examiners for Engineering and Surveying.
The main benefit of having a PE license is how it qualifies recipients for some types of publicly-funded projects. These credentials require at least four years of post-bachelor degree work experience and the passing of a comprehensive examination.
The two types of PE licenses most relevant to cybersecurity:
Both are 9.5-hour, 85-question exams and cost $375 each.
Arizona State University offers an online master of computer science with a concentration in cybersecurity. The program provides students with the skills and knowledge that help them undertake computer security, data security, cryptography, and computer forensics. It is ideal for graduate-level students who wish to take up education in cybersecurity, focusing on algorithms and computer systems.
Admission requirements include a four-year undergraduate degree with a minimum cumulative grade point average of 3.0, two semesters of advanced math in calculus I and II, a background course in discrete math, official transcripts, and English proficiency for students who have their degree from a country outside the U.S.
This 30-credit program has nine credits in the cybersecurity concentration. The courses in the concentration include applied cryptography, information assurance and security, software security, and advanced computer network security.
Students learn how to defend and protect information systems and information by ensuring their integrity, availability, authentication, non-repudiation, and confidentiality. Graduates can take up roles as cybersecurity engineers, cybersecurity risk analysts, software development engineers, security engineers, and security analysts.
George Washington University offers an online master of engineering (MEng) in cybersecurity policy and compliance program. Designed for students who are working professionals, this fully online program teaches students security best practices. The program is taught by experienced faculty members who have received their doctoral degrees from the nation’s top engineering and computer science programs, providing students with a high-level understanding of cybersecurity.
Admission requirements for the program include a bachelor’s degree from an accredited institution, minimum grade point average of 2.7, work experience in an IT field for students who do not hold a degree in a technical discipline, completed application, official transcripts, statement of purpose, letters of recommendation, a current resume, while GRE or GMAT scores are recommended.
Requiring 30 credits of graduate-level coursework, this program includes courses such as cybersecurity and privacy, information policy, management of information and systems security, security in mobile computing, information security in government, secure cloud computing, and cybersecurity risk management and compliance.
Students become experts at analyzing cyber incidents, forecasting cyber attacks, formulating long-term strategies, designing solutions, and managing threats through this program.
On successfully completing the program, students can take up jobs at nonprofit, private, and government organizations. They can take roles as computer forensic investigators, computer security specialists, computer network defense engineers, cybersecurity managers, information security analysts, cybercrime technology directors, etc.
Matt Zbrog is a writer and researcher from Southern California. Since 2018, he’s written extensively about a wide range of engineering disciplines, with a particular focus on the potential impacts of major technological breakthroughs. His work largely centers around conversations with engineeri...
Traditional forms of education are still important, but they can’t keep up with the rapid pace of cybersecurity. As soon as one form of threat is neutralized, innumerable others are developed. That’s why employers and employees are both increasingly turning to the more nimble world of professional certifications.
Information technology management, or IT management refers to the way organizations organize their technology systems: software, networks, and hardware. An IT environment comprises several components such as computers, routers, servers, microservices, mobile technologies, and applications. An information technology infrastructure can be in the cloud, on-premises, or on a hybrid platform, integrating both.
Because of this ongoing and ever-growing need for cybersecurity solutions, this industry is growing rapidly. Most bigger companies now employ in-house cybersecurity professionals to properly secure networks, data, and processes. While this work was once often done by self-taught experts who often had a history of hacking, it is now often performed by people who attended universities and programs with the express intent of becoming industry professionals.
