nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Security Engineer Skills

mnashe

Due to personal reasons, I've fallen way behind in my studies, but now I'm ready to return to my CISSP studies. In a way, it has been a blessing for me, because I was very confused about what area of security I want to focus on. I think a security engineer role fits me. About me, I meet the requirements for CISSP. I've done a mix of everything server, LAN, firewall administration and desktop support. In addition to studying for CISSP, what skills or technologies should I be picking up to prepare me for the role?

Correct me if I am wrong, but a security engineer should be well versed in configuring firewalls, ips, access control, DLP, multifactor authentication. Are there any products I should be requesting demos of to learn?

I think a plan for me would be study for CISSP 4 days a week, and use two days for gaining other security skills. Unless, it is recommended not to try to learn anything while studying for CISSP

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

iBrokeIT

Seems like a simple search for "Security Engineer" on a few job boards for your area could better answer that question with direct feedback on what your local market is demanding...

mnashe

I do but a lot of them are too vague, which is why I posted here, to get feedback from ppl already in the field.

jcundiff

BC/DR, Risk Management, I&AM if you dont have significant experience in those areas, GRC as a whole

mnashe

thank you. Is there any resources you would recommend for picking up those skills. I'm willing to learn anything.

NetworkNewb

mnashe wrote: »

I do but a lot of them are too vague, which is why I posted here, to get feedback from ppl already in the field.

That is also because just going off of a title can lead to MANY different types of positions. Security engineer can have totally different job duties at different companies. A network engineer has just a good of chance as doing most of those tasks you mentioned in your first post.

Danielm7

NetworkNewb wrote: »

That is also because just going off of a title can lead to MANY different types of positions. Security engineer can have totally different job duties at different companies. A network engineer has just a good of chance as doing most of those tasks you mentioned in your first post.

Yep, in my workplace the network security group does many of those, I'm IT security which is different. The title can mean anything from pen tester to policy reader. Decide what you want to do and learn, figure out a title for it after that.

jcundiff

mnashe wrote: »

thank you. Is there any resources you would recommend for picking up those skills. I'm willing to learn anything.

I was referring to the CISSP exam, but speaking the GRC language will help in other areas as well, when speaking to Sr management about why something needs to happen/ change made/ tool implemented etc

Remedymp

This is a common issue with the IT industry and responsibility of roles.

I'm a Cloud Sec Analyst and work under A Cloud Security Engineer and Sr. Cloud Sec Eng for PaaS.

Our responsibility security wise, is the configuration and management of security products and development of security mechanism within applications as well as the DevOps.

We don't configure FW's, because that's a Network engineers responsibility.

Anything that involves ethernet connectivity, Ingress or Egress of traffic falls under Network engineering.

Sec Eng responsibility in two words is Security Posture (of the organization).

EANx

When I took it (both times) there was nothing on the exam about configuration, it was all theory and management. If you want to do analysis and overall management, the CISSP is good. if you want to configure firewalls and VPN concentrators, you're better suited with courses from Cisco and F5, etc.