Online Engineering Programs > FAQ > How Do I Become a Cybersecurity Engineer?

How Do I Become a Cybersecurity Engineer?

Find schools

*sponsored

As computer information systems become more sophisticated, so do the skills of people who attempt to undermine them. Significant hacks and data breaches are increasingly common, leaving individuals and businesses alike vulnerable to major privacy or financial woes. Cybersecurity engineers develop the skills and programs needed to counter such attacks. The only problem is that there are not nearly enough of them.

According to a 2018 survey from the Information Systems Auditing and Control Association (ISACA), almost 60 percent of information security professionals have at least one unfilled cybersecurity engineer position, and more than half said that filling such positions takes at least three months. The ISACA projects that the U.S. will have a shortage of about 2 million skilled cybersecurity professionals by 2019.

Qualified cybersecurity engineers are difficult to find. The shortage is so significant that Forbes once named cybersecurity the “fastest-growing job with a huge skills gap.” According to the ISACA report, 70 percent of information security organizations said that candidates with strong technical skills are in high demand, yet short supply.

“Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organizations critically need,” said ISACA CEO Matt Loeb. “Practitioners who acquire and demonstrate hands-on technical cybersecurity skills will find themselves in significant demand.”

The BLS reports that information security analysts earned a median annual wage of $95,510 as of May 2017, with the highest 10 percent of earners exceeding $153,000 annually. What’s more, demand for information security analysts is predicted to grow 28 percent between 2016 and 2026, which is much higher than the 7 percent national average for all occupations. According to the BLS, the growing scale and incidence of cyber attacks fuel the need for qualified cybersecurity specialists across the board, with the financial and healthcare industries in most need of cybersecurity experts.

How does one take advantage of such demand? Below is a step-by-step guide to becoming a cybersecurity engineer.

Featured Cybersecurity Programs

Southern New Hampshire University

  • Online BS in CS - Information Security
  • Online BS in IT - Cybersecurity
  • Online BS in Cybersecurity
  • Online BS in Cybersecurity - Secure Programming
Utica College

  • Online BS - Cybersecurity
  • Online MS - Cybersecurity
  • Online MSDS - Cybersecurity

Step 1: Research the Field

Computer technology moves fast, so the IT workforce must be dynamic enough to keep up. The field is notably varied, including many different professions, such as computer research scientists, systems managers, software developers, support specialists.

Cybersecurity engineers—labeled as information security analysts by the United States Bureau of Labor Statistics (BLS)—tend to have many of the same networking and computer systems skills as other IT professionals, but are highly specialized in using them with a mind for security. Anyone considering a career in cybersecurity is encouraged to research the job carefully before committing to the field.

Typical Duties

The breadth and scope of a cybersecurity engineer’s duties vary by industry and organization, but the following are among the most common:

  • Selecting and installing cybersecurity software
  • Monitoring networks for security breaches
  • Conducting penetration tests to identify potential vulnerabilities
  • Reporting the incidence, nature, and extent of security breaches
  • Developing and implementing a plan of action for responding to such breaches
  • Developing security standards and best practices to be followed on an organizational level
  • Keeping up to date on the latest security threats and tools

Skills & Knowledge

Cybersecurity engineers plan, execute, monitor, and upgrade computer security systems—tasks that rely on a range of skills and knowledge. According to O*NET Online, information security analysts must be familiar with:

  • The development environment, web platform development, networking, and operating system software
  • Transaction security and virus protection software
  • Computer hardware and electronics
  • Telecommunications systems
  • Data gathering and analysis
  • Security practices and standards

Personal Qualities

As with most careers, there is a handful of personal qualities and aptitudes that could make one well suited for a career in cybersecurity engineering. The following are among the most important:

  • Analytical thinking
  • Attention to detail
  • Grace under pressure
  • Deductive and inductive reasoning
  • Creative problem-solving
  • Excellent written and oral communication

Step 2: Earn a Bachelor’s Degree in Cybersecurity or a Related Discipline (4 years)

The BLS notes that information security analysts typically need at least a bachelor’s degree in information security, computer engineering, computer programming, or another relevant discipline to enter the field, though some employers prefer candidates with related master’s degrees or MBAs. Prospective students should look for accredited programs with updated curricula so that they can stay informed about significant changes in the field.

Cybersecurity Engineering Degree Specializations

Some cybersecurity bachelor’s degrees offer specializations for more targeted training. Examples of real cybersecurity concentrations from U.S. colleges and universities include cybercrime and fraud investigation, cyber operations, intrusion investigation, information assurance, and network forensics.

Undergraduate Cybersecurity Engineering Coursework

Cybersecurity engineering programs usually require a foundation of necessary education coursework in areas like math, science, English, and history, as well as core courses relevant to the field. Additional electives allow students to customize their training to best suit their interests and goals. Examples of actual undergraduate cybersecurity engineering courses include:

  • Computer security
  • Cryptology
  • Communications networks
  • Security data science
  • Reverse engineering
  • Networking
  • Programming languages
  • Data structures
  • Algorithm design and analysis
  • Hardware design

Graduates who have earned their bachelor’s degrees in cybersecurity engineering are prepared for most entry-level jobs, though some opt to enroll in a graduate program to advance their expertise, prepare for management positions, gain a competitive advantage in the field, obtain research positions, or teach.

Step 3: Earn a Master’s Degree or Graduate Certificate in Cybersecurity (1-2 years)

Earnings, career outlook, and advancement potential tend to improve with education. This makes earning a master’s degree in cybersecurity, information security, computer programming, IT management, and other related fields a valuable, if voluntary, endeavor. While some employers prefer candidates with graduate degrees in IT and cybersecurity, others prefer candidates with master’s in business administration (MBA) with a specialization in information systems. Generally speaking, master’s degrees require two additional years of full-time study, but some schools offer special evening and weekend programs for students who want to continue working in the workforce. These part-time programs generally take three to five years to complete, depending on the program and each student’s course load.

Common Admissions Requirements

Every graduate-level cybersecurity program sets its own admissions criteria, so it is important to carefully research requirements before applying. However, there are many commonalities between each university’s admission requirements. The following criteria for the master’s program in cybersecurity operations and leadership at the University of San Diego is representative of the conditions applicants will find at most schools.

  • A bachelor’s degree from a regionally accredited institution
  • An undergraduate GPA of at least 2.75 (candidates with GPAs lower than 2.75 are encouraged to submit GRE, GMAT, LSAT or other relevant test scores)
  • A statement of purpose
  • A resume or CV showing relevant IT experience
  • A letter of support from an employer or two letters of reference

Some graduate schools have additional or slightly different course prerequisites, so it is essential that applicants properly research the programs in which they are interested before applying.

Cybersecurity Graduate Degree Specializations

Some colleges and universities offer concentrations that allow students to specialize their master’s degrees. Examples of specialty tracks within graduate-level cybersecurity tracks include analysis, cyber terrorism, SCADA cybersecurity, networks, systems, IT auditing, and cyber forensics, among others.

Graduate Cybersecurity Engineering Coursework

The curriculum for a master’s degree in cybersecurity can vary from one program to the next, but, as with bachelor’s degrees, they tend to have similar core coursework. Graduate schools do not typically need to complete basic education classes, as long as they have met the program’s prerequisites. Below is a sampling of courses from John Hopkins University’s cybersecurity program:

  • Foundations of informational assurance
  • Cryptology
  • Foundations of algorithms
  • Intrusion detection
  • Reverse engineering and vulnerability analysis
  • Principles of data communications networks
  • Computer network architectures and protocols
  • Web security
  • Foundations of engineering
  • Cryptography and coding
  • Java security
  • Authentication technologies

Graduate Certificates in Cybersecurity

An alternative to a master’s degree is a graduate certificate. Graduate certificates are ideal for students who want to advance their cybersecurity savvy without committing to a two-year program, or those who wish to specialize in a particular discipline, such as computer engineering and programming. Certificate requirements range in scope and duration. Students enrolled in Harvard University’s cybersecurity graduate certificate, for example, must complete four courses—two core courses and two electives. As always, prospective students should review admissions and graduation requirements carefully.

Step 4: Earn Professional Certifications (timeline varies)

Professional certifications are another way cybersecurity professionals can enhance their knowledge and expertise. Industry vendors or professional organizations typically offer certifications. Most require professionals to pass a test, though candidates should be mindful of pre-exam requirements, such as junior certifications, specific degrees, or a minimum number of years of professional experience. Here are a few in-demand professional certifications and the organizations that sponsor them, as reported by O*Net:

Global Information Assurance Certification

American Health Information Management Association

International Information Systems Security Certification Consortium

Cisco Systems

Information Systems Audit and Control Association

It should be noted that while professional certifications tend to be voluntary, they indicate the level of expertise and an ongoing commitment that many employers value.

Related Articles

20 Data Science Professors to Know

Data science, as described by University of California, Berkeley, involves the analysis and management of large quantities of data. The discipline requires professionals who can ask the right questions, chart out what information is needed, collect the data, and analyze it effectively.

25 Innovative Computer Science Professors

Meet 25 leading professors of computer science, and learn more about what makes them standout educators and innovators.

25 Professors of Software Engineering to Know

Learn from the best. Meet 25 well-regarded software engineering professors who teach proven, best practice approaches to software engineering and testing.

Software Engineers vs. Software Developers

The programming field is as diverse as it is promising, which makes distinguishing interrelated jobs difficult. Perhaps one of the most contested comparisons, however, is between software engineers and software developers.