What’s the difference between Cyber Security Engineering and Cyber Security Analytics? From skills to certifications to the job market, we’re breaking down these two career paths with the help of two experts, Flatiron School instructors Andrew Mandula and Stephen Barnes. How do you learn Cybersecurity Engineering and Cybersecurity Analytics and what do these jobs look like in the real world – let’s dive in!
Andrew Mandula went through a traditional university program learning how to do computer graphics and computer programming for video games. After doing a job that required stressful, long hours, he wanted a more fulfilling job where he could help people, and that’s how he found Flatiron School! Andrew also worked with a security company in Denver that helps secure startups and small local companies.
Stephen Barnes has a master's degree in Network Engineering, a Ph.D. in Management Science and Information Systems, and over 15 years of teaching experience. He’s worked in networking since 1990 – and you can't do cybersecurity without an understanding of networking.
Stephen: In the early days, the internet was a trusted network. In 1988, the Morris Worm – an accident that became the first cyber security breach – made computer users realize that they couldn't necessarily trust everything on the network. It's taken a long time for us to figure out that it's harder to protect things than to connect things. Education is more important than ever.
Andrew: There are jobs that we're always going to need, no matter how amazing and advanced our world is: doctors, sanitation workers, etc. We're now in a world that is always going to need cybersecurity professionals and we're not growing enough talent in that field. A lot of people who are in these positions have accidentally grown into cybersecurity to fill in the gaps in their company’s needs. I want to proactively help people get into cybersecurity instead of lucking into it and maybe not getting it right.
Andrew: When it comes to cyber security, ask yourself – do you want to be the person in the room that can answer how it works? Or do you want to be the person in the room that can answer why it works?
The why is going to be cyber security engineering. You'll need to have a deeper understanding of everything that happens in networking and computers. The how is cybersecurity analytics, which doesn't require as deep of an understanding. Instead, you’ll need a stronger analytical mind that can easily find patterns and connect the spare pieces of information to see a new trend.
They're both important but at the end of the day it depends on your learning style. Do you want to be the driver of the racecar or do you want to be the technician who is making sure that the racecar can perform as well as possible?
Stephen: We borrow a tremendous amount of our approach from the military because we're looking at an adversary and their motivations.
One of the opening classes at Flatiron School is about strategy. We look at Sun Tsu, The Art of War. It's all about three key things:
Know yourself (your organization) and what you're capable of
Know your enemy
Know your battlefield (environment)
Once you know all of these things, it boils down to a matter of knowing how to address them properly. That's where the weaknesses can be found. Most people don't know their environment, where the attacks may be, and how to handle them. It's all about understanding this on a deeper level. And that comes straight out of The Art of War. The best people in this space are former Department of Defense personnel.
Stephen: Both Cyber security Engineers and Cybersecurity Analysts need a fundamental knowledge of networking. Operationally you need to know the basics of how devices, routers, and firewalls work.
Engineers need to understand why they're doing what they do so that they can poke holes in what the attackers might be trying to abuse in that process. Some of our protocols cannot be patched by design. We have to figure out how to protect them despite this.
One good example of the depth that engineers vs analysts will go into is cryptography. I teach 9-weeks of cryptography in Flatiron School’s Cybersecurity Engineering program and make you work through methodologies by hand. In the Cybersecurity Analytics program, I simply walk you through the algorithms and make sure students understand it on a high level and move on.
Andrew: There is only one thing you need to know: everything! Networking, systems and programming, cryptography. Plus, the geopolitical climate of your nation in relation to other nations in the world where a lot of our threat actors will come from like Russia, Israel, South American countries. You need to know who they are, how they might target you and your industry, and why they're targeting you.
To me, that's what makes the field so exciting. It's not like getting your pilot's license where you put in the hours to get your license and operate the machine the same way every time. Cybersecurity is never going to be that job. You're always going to be learning and there will always be something new.
Andrew: The first question you have to ask yourself is, "How curious are you?" When you see something new, do you need to know how it works or do you need to know why that is how it works. If you're good enough with understanding the high-level material, then analytics will be a good fit for you. If that's not good enough for your brain – you need to know the deeper level and you question why the high-level stuff is the way it is – then engineering is going to be a better fit for you.
Is a college degree necessary to get into cybersecurity analytics or engineering?
Stephen: We're constantly evolving as cybersecurity professionals and instructors too! You aren't required to have a college degree but you need to be capable of doing things you might learn in college. You need to be capable of self-learning and teamwork is absolutely essential. Different people on a team have different capabilities and you need to be able to understand that those skillsets complement each other. I've been all the way through academics. I've taught at the graduate and university level. I've seen all kinds of different students. The best ones are the ones who are curious and ask questions.
Cyber Security Analyst Job Titles:
Andrew: If you graduate from our Cybersecurity Analytics program, the job right out of the gate is working as a Secure Operations Center (SOC) Analyst. These can be parts of a large company like Coca Cola or they can be outsourced and hired on by a contract for a smaller business.
SOC Analyst positions are shift work, which means that you might be working nights. A lot of students aren't okay with this but you're the newest employee, you have to work your way up. You might want to work normal business hours but you might have to be stretched for your first 3-6 months. By taking positions like this you'll see a lot of activity! That's often a job that I'll recommend for students who are most interested in stopping the bad guys. You are constantly seeing the attackers and the sort of work that they do and determining how to defend these in a job like that.
You might be tasked with determining whether "Bob" in accounting who works remotely from Omaha is actually logging on when it's 3am in Omaha to download 25 gigabytes of personal information about all of the employees on the network. Is that really something he would be doing or would he be asleep? That's the sort of work that a Security Analyst might be doing.
Stephen: Cyber security Engineers would also likely see some kind of shift work. It's a 24-hour world and we have to work with that. The Engineers will be doing more of building the networks, keeping them up to date, improving them, fixing the problems. The Analyst will find it and often hand off the problem to the engineering team or work with the Engineers all the way through the problem. They're thinking about how they can repair the problem and what changes they need to make to prevent the problem in the future.
Andrew: Regardless of which route you decide to take – Cybersecurity Engineering or Cybersecurity Analytics – the foundational certification for beginner cybersecurity professionals is the CompTIA Cybersecurity+ (CySA+). From there, the certifications you get depend on what you want to specialize in.
In the Cybersecurity Analytics course, we'll teach you about 85% of the material that will be on the test for that certification. I always tell students that when they graduate, before they take the test, they should study that last 15%. Our program is short so taking a week after the program to study for this certification to ace it is important. For our engineering students, we teach 90% of the CYSA+ and they could probably take the exam and ace it right away.
Stephen: The most advanced cybersecurity certification is the Certified Information Systems Security Professional (CISSP) and you can get there with years of experience on top of what you'll learn in bootcamp. There are also vendor-specific versions of these certifications. All of those certifications add value along the way.
Andrew: This is a great time to go do a bootcamp because you probably have the time! You're not going to be distracted or feel like you're missing out on something right now because you have to sit and study. For that reason alone, now's a perfect time!
Is cybersecurity a recession-proof profession? It is. This is simply because whenever the economy starts to dip, crime goes up. The easiest kind of crime you can do is cybercrime because, often, you don't even have to leave your house to commit it. I've kept in contact with students from our last cohort that graduated 3 months ago who are now working at places like VMWare and Carbon Black on their SOC team. They’ve noticed that from the time they started there to now, they’ve seen attacks on the Window's Remote Log In go up 300% within the organizations they're working for.
Stephen’s Recommendations for Beginners:
Learn from Hacker Conferences – Black Hat and Def Con are huge. They’ve gone completely virtual this year and most of it is free. Go watch some of their videos. There is also a ton of basic stuff with training programs you can watch.
Andrew’s Recommendations for Beginners:
Sandworm by Andy Greenberg – Greenberg is a reporter for the magazine Wired who covers all of their security writing. The book is not free but it is worth it. This book is all about the Sandworm attack and it's a great book for beginners because it expects you not to have a technical background. By the end of it, you'll be able to describe the type of malware that was used to take down the Ukraine power grid in 2016 and you'll understand how exactly the United States stopped the nuclear program in Iran without having to have a deep technical background.
Chaos Computer Club (CCC) – Go down the internet rabbit hole on this one, it’s free!
Do some research – simply search for things you want to know more about. If you really want to do this and you're curious, go use that curiosity and start learning about things now! Searching online and learning is not going to go away when you get to bootcamp or when you get your first cybersecurity job. You're always going to need and use that skill so practice it!
Inside the new learning format and courses at Devmountain
How devCodeCamp prepared Air Force vet Andrew for a job at AWS
Deep dive into the UX Designer career path with Thinkful