A cybersecurity engineer performs various functions such as designing security solutions, implementing these solutions to prevent cyber attacks, and defend systems against threats and hacking. Cybersecurity engineers may also be referred to as data security engineers, web security engineers, IT security engineers, or application security engineers. All these titles have the same function within any organization.
As computer information systems become more sophisticated, so do the skills of people who attempt to undermine them. Significant hacks and data breaches are increasingly common, leaving individuals and businesses alike vulnerable to major privacy or financial woes. Cybersecurity engineers develop the skills and programs needed to counter such attacks. The only problem is that there are not nearly enough of them.
Today’s world is significantly dependent on mobiles and the internet to accomplish everyday tasks. Thus the issue of security has become more urgent than ever. As a result, the demand for cybersecurity engineers has been increasing at a very fast pace.
According to a 2020 survey from the Information Systems Auditing and Control Association (ISACA), 62 percent of organizations reported that their cybersecurity teams are understaffed, with 42 percent stating that they had at least one unfilled position. Also, 78 percent of the organizations surveyed stated that they expected the demand for these professionals to rise in the coming 12 months.
Qualified cybersecurity engineers are difficult to find. The shortage is so significant that in 2020 CNBC reported that nearly half a million workers are needed to fill vacant cybersecurity positions. According to the ISACA report, 12 percent of survey respondents indicated that 75 to 100 percent of their colleagues are sufficiently qualified, meaning that candidates with strong technical skills are in high demand, yet short supply.
“Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organizations critically need,” said ISACA CEO Matt Loeb. “More of those dollars will need to be invested in technical cybersecurity training, along with effective retention programs.”
The BLS (May 2019) reports that information security analysts earned a median annual wage of $99,730, with the highest 10 percent of earners exceeding $158,860 annually. What’s more, the BLS predicts demand for information security analysts will grow 31 percent between 2019 and 2029, which is much higher than the 4 percent national average for all occupations.
According to the BLS, the growing scale and incidence of cyber-attacks fuel the need for qualified cybersecurity specialists across the board, with the financial and healthcare industries in most need of cybersecurity experts.
How does one take advantage of such demand? Below is a step-by-step guide to becoming a cybersecurity engineer.
Computer technology moves fast, so the IT workforce must be dynamic enough to keep up. The field is notably varied, including many different professions, such as computer research scientists, systems managers, software developers, support specialists.
Cybersecurity engineers—labeled as information security analysts by the United States Bureau of Labor Statistics (BLS)—tend to have many of the same networking and computer systems skills as other IT professionals, but are highly specialized in using them with a mind for security. Anyone considering a career in cybersecurity is encouraged to research the job carefully before committing to the field.
The breadth and scope of a cybersecurity engineer’s duties vary by industry and organization, but the following are among the most common:
Cybersecurity engineers plan, execute, monitor, and upgrade computer security systems—tasks that rely on a range of skills and knowledge. According to O*NET Online (2020), information security analysts must be familiar with:
As with most careers, there are a handful of personal qualities and aptitudes that could make one well suited for a career in cybersecurity engineering. The following are among the most important:
Cybersecurity engineers must generally have the following qualifications:
It must be noted that different organizations have different qualification requirements. Given above is a general list of requirements that an organization may ask for.
The BLS (2020) notes that information security analysts typically need at least a bachelor’s degree in information security, computer engineering, computer programming, or another relevant discipline to enter the field, though some employers prefer candidates with related master’s degrees or MBAs. Prospective students should look for accredited programs with updated curricula so that they can stay informed about significant changes in the field.
Some cybersecurity bachelor’s degrees offer specializations for more targeted training. Examples of real cybersecurity concentrations from U.S. colleges and universities include cybercrime and fraud investigation, cyber operations, intrusion investigation, information assurance, and network forensics.
Cybersecurity engineering programs usually require a foundation of necessary education coursework in areas like math, science, English, and history, as well as core courses relevant to the field. Additional electives allow students to customize their training to best suit their interests and goals. Examples of actual undergraduate cybersecurity engineering courses include:
Graduates who have earned their bachelor’s degrees in cybersecurity engineering are prepared for most entry-level jobs, though some opt to enroll in a graduate program to advance their expertise, prepare for management positions, gain a competitive advantage in the field, obtain research positions, or teach.
Earnings, career outlook, and advancement potential tend to improve with education. This makes earning a master’s degree in cybersecurity, information security, computer programming, IT management, and other related fields a valuable if voluntary, endeavor.
While some employers prefer candidates with graduate degrees in IT and cybersecurity, others prefer candidates with a master of business administration (MBA) with a specialization in information systems.
Generally speaking, master’s degrees require two additional years of full-time study, but some schools offer special evening and weekend programs for students who want to continue working in the workforce. These part-time programs generally take three to five years to complete, depending on the program and each student’s course load.
Every graduate-level cybersecurity program sets its own admissions criteria, so it is important to carefully research requirements before applying. However, there are many commonalities between each university’s admission requirements. The following criteria for the master’s program in cybersecurity operations and leadership at the University of San Diego are representative of the conditions applicants will find at most schools.
Some graduate schools have additional or slightly different course prerequisites, so it is essential that applicants properly research the programs in which they are interested before applying.
Some colleges and universities offer concentrations that allow students to specialize their master’s degrees. Examples of specialty tracks within graduate-level cybersecurity tracks include analysis, cyber terrorism, SCADA cybersecurity, networks, systems, IT auditing, and cyber forensics, among others.
The curriculum for a master’s degree in cybersecurity can vary from one program to the next, but, as with bachelor’s degrees, they tend to have similar core coursework. Graduate schools do not typically need to complete basic education classes, as long as they have met the program’s prerequisites. Below is a sampling of courses from Johns Hopkins University’s cybersecurity program:
An alternative to a master’s degree is a graduate certificate. Graduate certificates are ideal for students who want to advance their cybersecurity savvy without committing to a two-year program, or those who wish to specialize in a particular discipline, such as computer engineering and programming.
Certificate requirements range in scope and duration. Students enrolled in Harvard University’s cybersecurity graduate certificate, for example, must complete four courses—two core courses and two electives. As always, prospective students should review admissions and graduation requirements carefully.
Professional certifications are another way cybersecurity professionals can enhance their knowledge and expertise. Industry vendors or professional organizations typically offer certifications. Most require professionals to pass a test, though candidates should be mindful of pre-exam requirements, such as junior certifications, specific degrees, or a minimum number of years of professional experience.
Here are a few in-demand professional certifications and the organizations that sponsor them, as reported by O*NET:
It should be noted that while professional certifications tend to be voluntary, they indicate the level of expertise and an ongoing commitment that many employers value.
Finally, some cybersecurity professionals earn their Professional Engineer (PE) license from the National Council of Examiners for Engineering and Surveying.
The main benefit of having a PE license is how it qualifies recipients for some types of publicly-funded projects. These credentials require at least four years of post-bachelor’s degree work experience and the passing of a comprehensive examination.
The two types of PE licenses most relevant to cybersecurity:
Arizona State University offers an online master of computer science with a concentration in cybersecurity. The program provides students with the skills and knowledge that help them undertake computer security, data security, cryptography, and computer forensics. It is ideal for graduate-level students who wish to take up education in cybersecurity, with a focus on algorithms and computer systems.
Admission requirements include a four-year undergraduate degree with a minimum cumulative grade point average of 3.0, two semesters of advanced math in calculus I and II, a background course in discrete math, official transcripts, and English proficiency for students who have their degree from a country outside the U.S.
This 30-credit-hour program has 12 credits in the cybersecurity concentration. The courses in the concentration include applied cryptography, information assurance and security, software security, advanced computer network security, and computer systems security.
Students learn how to defend and protect information systems and information by ensuring their integrity, availability, authentication, non-repudiation, and confidentiality. Graduates can take up roles as cybersecurity engineers, cybersecurity risk analysts, software development engineers, security engineers, and security analysts.
George Washington University offers an online master of engineering (MEng) in cybersecurity policy and compliance program. Designed for students who are working professionals, this fully online program teaches students security best practices. The program is taught by experienced faculty members who have received their doctoral degrees from the nation’s top engineering and computer science programs, providing students a high-level understanding of cybersecurity.
Admission requirements for the program include a bachelor’s degree from an accredited institution, minimum grade point average of 2.7, work experience in an IT field for students who do not hold a degree in a technical discipline, completed application, official transcripts, statement of purpose, letters of recommendation, a current resume, while GRE or GMAT scores are recommended.
Requiring 30 credit-hours of graduate-level coursework, this program includes courses such as cybersecurity and privacy, information policy, management of information and systems security, security in mobile computing, information security in government, secure cloud computing, and cybersecurity risk management and compliance.
Through this program, students become experts at analyzing cyber incidents, forecasting cyber attacks, formulating long-term strategies, designing solutions, and managing threats.
On successful completion of the program, students can take up jobs at nonprofit, private, and government organizations. They can take up roles as computer forensic investigators, computer security specialists, computer network defense engineers, cybersecurity managers, information security analysts, cybercrime technology directors, and more.
Traditional forms of education are still important, but they can’t keep up with the rapid pace of cybersecurity. As soon as one form of threat is neutralized, innumerable others are developed. That’s why employers and employees are both increasingly turning to the more nimble world of professional certifications.
Data science, as described by University of California, Berkeley, involves the analysis and management of large quantities of data. The discipline requires professionals who can ask the right questions, chart out what information is needed, collect the data, and analyze it effectively.
Meet several leading professors of computer science, and learn more about what makes them standout educators and innovators.
An online bachelor's degree in business data analytics provides students with a strong foundation in data analytics and prepares them for a promising career in this burgeoning field. Students become well-equipped in data mining, data storage, and data analytics.
A master’s degree in data science trains students to expertly analyze data, as well as in other important disciplines such as machine learning, programming, database management, and data visualization. This degree is ideal for aspiring data scientists, data analysts, and pricing analysts.