As computer information systems become more sophisticated, so do the skills of people who attempt to undermine them. Significant hacks and data breaches are increasingly common, leaving individuals and businesses alike vulnerable to major privacy or financial woes. Cybersecurity engineers develop the skills and programs needed to counter such attacks. The only problem is that there are not nearly enough of them.
According to a 2018 survey from the Information Systems Auditing and Control Association (ISACA), almost 60 percent of information security professionals have at least one unfilled cybersecurity engineer position, and more than half said that filling such positions takes at least three months. The ISACA projects that the U.S. will have a shortage of about 2 million skilled cybersecurity professionals by 2019.
Qualified cybersecurity engineers are difficult to find. The shortage is so significant that Forbes once named cybersecurity the “fastest-growing job with a huge skills gap.” According to the ISACA report, 70 percent of information security organizations said that candidates with strong technical skills are in high demand, yet short supply.
“Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organizations critically need,” said ISACA CEO Matt Loeb. “Practitioners who acquire and demonstrate hands-on technical cybersecurity skills will find themselves in significant demand.”
The BLS reports that information security analysts earned a median annual wage of $95,510 as of May 2017, with the highest 10 percent of earners exceeding $153,000 annually. What’s more, demand for information security analysts is predicted to grow 28 percent between 2016 and 2026, which is much higher than the 7 percent national average for all occupations. According to the BLS, the growing scale and incidence of cyber attacks fuel the need for qualified cybersecurity specialists across the board, with the financial and healthcare industries in most need of cybersecurity experts.
How does one take advantage of such demand? Below is a step-by-step guide to becoming a cybersecurity engineer.
Computer technology moves fast, so the IT workforce must be dynamic enough to keep up. The field is notably varied, including many different professions, such as computer research scientists, systems managers, software developers, support specialists.
Cybersecurity engineers—labeled as information security analysts by the United States Bureau of Labor Statistics (BLS)—tend to have many of the same networking and computer systems skills as other IT professionals, but are highly specialized in using them with a mind for security. Anyone considering a career in cybersecurity is encouraged to research the job carefully before committing to the field.
The breadth and scope of a cybersecurity engineer’s duties vary by industry and organization, but the following are among the most common:
Skills & Knowledge
Cybersecurity engineers plan, execute, monitor, and upgrade computer security systems—tasks that rely on a range of skills and knowledge. According to O*NET Online, information security analysts must be familiar with:
As with most careers, there is a handful of personal qualities and aptitudes that could make one well suited for a career in cybersecurity engineering. The following are among the most important:
The BLS notes that information security analysts typically need at least a bachelor’s degree in information security, computer engineering, computer programming, or another relevant discipline to enter the field, though some employers prefer candidates with related master’s degrees or MBAs. Prospective students should look for accredited programs with updated curricula so that they can stay informed about significant changes in the field.
Cybersecurity Engineering Degree Specializations
Some cybersecurity bachelor’s degrees offer specializations for more targeted training. Examples of real cybersecurity concentrations from U.S. colleges and universities include cybercrime and fraud investigation, cyber operations, intrusion investigation, information assurance, and network forensics.
Undergraduate Cybersecurity Engineering Coursework
Cybersecurity engineering programs usually require a foundation of necessary education coursework in areas like math, science, English, and history, as well as core courses relevant to the field. Additional electives allow students to customize their training to best suit their interests and goals. Examples of actual undergraduate cybersecurity engineering courses include:
Graduates who have earned their bachelor’s degrees in cybersecurity engineering are prepared for most entry-level jobs, though some opt to enroll in a graduate program to advance their expertise, prepare for management positions, gain a competitive advantage in the field, obtain research positions, or teach.
Earnings, career outlook, and advancement potential tend to improve with education. This makes earning a master’s degree in cybersecurity, information security, computer programming, IT management, and other related fields a valuable, if voluntary, endeavor. While some employers prefer candidates with graduate degrees in IT and cybersecurity, others prefer candidates with master’s in business administration (MBA) with a specialization in information systems. Generally speaking, master’s degrees require two additional years of full-time study, but some schools offer special evening and weekend programs for students who want to continue working in the workforce. These part-time programs generally take three to five years to complete, depending on the program and each student’s course load.
Common Admissions Requirements
Every graduate-level cybersecurity program sets its own admissions criteria, so it is important to carefully research requirements before applying. However, there are many commonalities between each university’s admission requirements. The following criteria for the master’s program in cybersecurity operations and leadership at the University of San Diego is representative of the conditions applicants will find at most schools.
Some graduate schools have additional or slightly different course prerequisites, so it is essential that applicants properly research the programs in which they are interested before applying.
Cybersecurity Graduate Degree Specializations
Some colleges and universities offer concentrations that allow students to specialize their master’s degrees. Examples of specialty tracks within graduate-level cybersecurity tracks include analysis, cyber terrorism, SCADA cybersecurity, networks, systems, IT auditing, and cyber forensics, among others.
Graduate Cybersecurity Engineering Coursework
The curriculum for a master’s degree in cybersecurity can vary from one program to the next, but, as with bachelor’s degrees, they tend to have similar core coursework. Graduate schools do not typically need to complete basic education classes, as long as they have met the program’s prerequisites. Below is a sampling of courses from John Hopkins University’s cybersecurity program:
Graduate Certificates in Cybersecurity
An alternative to a master’s degree is a graduate certificate. Graduate certificates are ideal for students who want to advance their cybersecurity savvy without committing to a two-year program, or those who wish to specialize in a particular discipline, such as computer engineering and programming. Certificate requirements range in scope and duration. Students enrolled in Harvard University’s cybersecurity graduate certificate, for example, must complete four courses—two core courses and two electives. As always, prospective students should review admissions and graduation requirements carefully.
Professional certifications are another way cybersecurity professionals can enhance their knowledge and expertise. Industry vendors or professional organizations typically offer certifications. Most require professionals to pass a test, though candidates should be mindful of pre-exam requirements, such as junior certifications, specific degrees, or a minimum number of years of professional experience. Here are a few in-demand professional certifications and the organizations that sponsor them, as reported by O*Net:
Global Information Assurance Certification
American Health Information Management Association
International Information Systems Security Certification Consortium
Information Systems Audit and Control Association
It should be noted that while professional certifications tend to be voluntary, they indicate the level of expertise and an ongoing commitment that many employers value.
Data science, as described by University of California, Berkeley, involves the analysis and management of large quantities of data. The discipline requires professionals who can ask the right questions, chart out what information is needed, collect the data, and analyze it effectively.
Meet 25 leading professors of computer science, and learn more about what makes them standout educators and innovators.
Learn from the best. Meet 25 well-regarded software engineering professors who teach proven, best practice approaches to software engineering and testing.
The programming field is as diverse as it is promising, which makes distinguishing interrelated jobs difficult. Perhaps one of the most contested comparisons, however, is between software engineers and software developers.