What it takes to become an IT security engineer
When Scott Copeland got his associate degree in network administration back in 2004, the community college he attended didn’t offer IT security courses, “but it gave me the foundation to learn more about network security,” he says. His determination and thirst for learning led him to his current job as an IT security engineer at FedEx Services in Memphis, Tenn.
After being laid off in 2008 from his first IT job in tech support and systems administration, friends encouraged Copeland to use his networking talents to get a certification that would boost his career. He studied for three months and earned his Cisco Certified Network Associate (CCNA) certification in routing and switching. “CCNA was the biggest helper [for my security career path],” says Copeland. “It’s one of the hardest network certifications in the industry.” Also, he notes, “because it ties networking for firewalls and VPN, it has security components to it.” He also scoured daily posts on Reddit, the news aggregation and discussion website, to learn as much as he could about network and IT security, and to keep up with the latest threats.
He sought out temp work to hone his security skills and found a contract security job at FedEx. “We upgraded the VPN client,” Copeland says. “I did technical writing for our user manual, and I still maintain that today. I also did VPN support tickets and started doing firewall tickets.” When the project ended, he landed his first full-time network security position at Southwest Tennessee Community College. Two years later, he re-joined FedEx Services in his current full-time role.
“My specialty is VPN, and I also do firewalls,” Copeland says. “On a typical day, I’ll do change requests — the tickets to add or make changes to the firewall — I’ll review the VPN logs, work with developers, [help with] change management” and handle some compliance issues, he says.
A role in flux
The IT security engineer position is a fairly new role for most companies, and the responsibilities and scope of the position are still in flux, says Victor Janulaitis, CEO of Janco Associates Inc., which issues an annual report on new technology positions and job descriptions. “The role and responsibilities are in high demand,” Janulaitis says, because the job focuses on quality control within the IT infrastructure. “That is one of the things that has been cut back on in the last several years as IT organizations have been trying to maintain and control costs,” and as they continue to outsource, he says.
Broadly speaking, the IT security engineer works on the operational data center systems and networks. This person helps the organization understand advanced cyber threats and helps create mitigation strategies to ensure that networks are protected, according to the Janco job descriptions report.
The logical career ladder for the IT security engineer, according to Janulaitis, would be to move into a senior IT security engineer role and then to project manager or a systems and programming position.
Copeland will earn his four-year degree in organizational management in May. He plans to get his Information Systems Security Professional certification next year when he will have the required four years of security experience. His five-year plan is to become an IT security manager. “Always continue to learn more about IT security,” he says.