Security Engineer Skills

mnashe · March 2017

Due to personal reasons, I've fallen way behind in my studies, but now I'm ready to return to my CISSP studies. In a way, it has been a blessing for me, because I was very confused about what area of security I want to focus on. I think a security engineer role fits me. About me, I meet the requirements for CISSP. I've done a mix of everything server, LAN, firewall administration and desktop support. In addition to studying for CISSP, what skills or technologies should I be picking up to prepare me for the role?

Correct me if I am wrong, but a security engineer should be well versed in configuring firewalls, ips, access control, DLP, multifactor authentication. Are there any products I should be requesting demos of to learn?

I think a plan for me would be study for CISSP 4 days a week, and use two days for gaining other security skills. Unless, it is recommended not to try to learn anything while studying for CISSP

iBrokeIT · March 2017

Seems like a simple search for "Security Engineer" on a few job boards for your area could better answer that question with direct feedback on what your local market is demanding...

mnashe · March 2017

I do but a lot of them are too vague, which is why I posted here, to get feedback from ppl already in the field.

jcundiff · March 2017

BC/DR, Risk Management, I&AM if you dont have significant experience in those areas, GRC as a whole

mnashe · March 2017

thank you. Is there any resources you would recommend for picking up those skills. I'm willing to learn anything.

NetworkNewb · March 2017

mnashe wrote: »

I do but a lot of them are too vague, which is why I posted here, to get feedback from ppl already in the field.

That is also because just going off of a title can lead to MANY different types of positions. Security engineer can have totally different job duties at different companies. A network engineer has just a good of chance as doing most of those tasks you mentioned in your first post.

Danielm7 · March 2017

NetworkNewb wrote: »

That is also because just going off of a title can lead to MANY different types of positions. Security engineer can have totally different job duties at different companies. A network engineer has just a good of chance as doing most of those tasks you mentioned in your first post.

Yep, in my workplace the network security group does many of those, I'm IT security which is different. The title can mean anything from pen tester to policy reader. Decide what you want to do and learn, figure out a title for it after that.

jcundiff · March 2017

mnashe wrote: »

thank you. Is there any resources you would recommend for picking up those skills. I'm willing to learn anything.

I was referring to the CISSP exam, but speaking the GRC language will help in other areas as well, when speaking to Sr management about why something needs to happen/ change made/ tool implemented etc

Remedymp · March 2017

This is a common issue with the IT industry and responsibility of roles.

I'm a Cloud Sec Analyst and work under A Cloud Security Engineer and Sr. Cloud Sec Eng for PaaS.

Our responsibility security wise, is the configuration and management of security products and development of security mechanism within applications as well as the DevOps.

We don't configure FW's, because that's a Network engineers responsibility.

Anything that involves ethernet connectivity, Ingress or Egress of traffic falls under Network engineering.

Sec Eng responsibility in two words is Security Posture (of the organization).

EANx · March 2017

When I took it (both times) there was nothing on the exam about configuration, it was all theory and management. If you want to do analysis and overall management, the CISSP is good. if you want to configure firewalls and VPN concentrators, you're better suited with courses from Cisco and F5, etc.

Security Engineer Skills

Comments