Cybersecurity Engineers: Have You Got the Right Stuff?

Simply stated, cybersecurity refers to the security activities to prevent, detect and recover systems, networks and data from unauthorized access and cyberattacks such as denial of service, man-in-the-middle or ransomware. Cybersecurity engineers mainly focus on prevention and can specialize in areas ranging from network, application and mobile to cloud security. Individuals with these skills are in great demand in government and the private sector.

Where You Might Fit in the Federal Sector

Cybersecurity in the federal arena contemplates one overriding question: How much risk is an organization willing to accept? The Risk Management Framework (RMF) and NIST-SP-800-37 help federal agencies select the appropriate security controls based on the level of risk selected. Government contractors thus are looking for individuals who can manage risk in accordance with this guidance. Experience with the RMF and NIST standard can set candidates apart.

Junior-level engineers/analysts typically work on teams led by either a mid- or senior-level cybersecurity engineer. So, being able to function well as a team member is important. Your work may focus on one or two aspects of the RMF, perhaps implementing, assessing or monitoring controls. Familiarity with various vulnerability tests and assessments using Tenable Nessus, HP Fortify, BurpSuite, etc. is desirable. Prior experience with the RMF is a plus, but not a requirement. Corporate training programs can quickly bring individuals up to speed with federal requirements.

Mid-level cybersecurity engineers should possess experience with the RMF and NIST standard. Knowledge of various vulnerability tests and assessments using Tenable Nessus, HP Fortify, BurpSuite, nMap, Metasploit, etc. is key. Successful candidates should feel equally at ease leading a small project task team and working independently.

Senior-level cybersecurity engineers are well-rounded individuals with experience leading teams as well as expertise in security engineering, technology and business. Key attributes include in-depth experience with the RMF, up-to-date knowledge regarding current and cutting-edge cyber tools and technologies, ability to run a program and familiarity with contract terms and service-level agreements as well as return on investment (ROI) concepts.

Qualities That Make Candidates Stand Out

Having the right technical expertise and certifications such as a CISM, CISSP, CompTIA Security +, and CCSP, among others, can give candidates an edge over the competition. Other qualities that help applicants stand out include:

Continuous Learner: New technologies emerge every day and understanding evolving vulnerabilities is important in protecting against the threat landscape.

Thoroughness: Cybersecurity engineers in the federal sector help agency leaders understand system risks so they can make informed decisions regarding what risk they can accept, mitigate or transfer. Thus, documentation and analysis must be thorough and presented in a way that fully and clearly communicates all the risks.

Inquisitive and Perceptive: Federal cybersecurity engineers must question every aspect of a system including business functions, services, external and internal connections and more. And, they must readily pick up on nuances that might escape others.

A Well-Rounded Skillset: Federal cybersecurity engineers influence agency management’s decision making. So, just understanding the technical aspects is not enough.

Wearing a Black Hat: Cybersecurity engineers in the federal arena must be able to anticipate worst-case scenarios. Being able to think like a hacker is helpful, particularly when looking for weaknesses in source code and anticipating how a back door might be used to gain entry — and where intruders might go.

Four Hints for Getting Hired

Hint #1: Federal contractors support technology in its many forms from data centers to mobile applications to cloud environments. Thus, wide-ranging technology backgrounds are desirable.

Hint #2: Technology is always changing, so individuals who continuously expand their abilities are attractive. With the growing emphasis on containers in the cloud, cybersecurity engineers who understand security controls from a Federal Risk and Authorization Management Program (FedRAMP) perspective are in demand.

Hint #3. At more senior levels, be able to articulate the activities, references and documentation you use when moving through the RMF framework.

Hint #4: Be able to describe your RMF system categorization process, especially how you identified the data type and provisional impact when determining the security baseline.

Where Do You Want to Work?

Top cybersecurity professionals can select from many employment opportunities. How do you pick the best fit for you? Are you looking for:

Meaningful work?

Challenging projects and problem solving?

High-performing, collaborative colleagues?

Opportunities to learn and grow, formally and informally?

If you answered “yes” to any of these question, I would recommend opportunities in the federal sector. AbleVets (my employer) is a government contractor responsible for safeguarding some of the nation’s most sensitive systems and data. We have an uncompromising approach to cybersecurity that has led to tremendous growth and exciting new career opportunities for our cyber professionals. In fact, we offer a cyber workforce plan that includes offering our security professionals the opportunity to gain knowledge – and apply it – through continuous learning and certifications. We offer training in CISSP, CISM, CEH, CompTIA Security +, penetration testing, digital forensics and many other areas.

I’ve worked at both small and large companies and found that a small firm gives you an opportunity to wear many hats and truly explore career areas that align with your interests. Plus, it’s a fast-paced environment, there’s open access to all levels of the company and, despite our serious mission, we have fun.

We’re always looking for innovative cybersecurity professionals dedicated to the highest levels of ethics, security and compliance. If you’re interested in learning more about our open roles and generous compensation packages, visit www.ablevets.com

About the Author

Cathy O’Hagan, CISM, is AbleVets’ Security Technical Director and Program Manager for IT Security Engineering. Her background includes over 20 years’ experience as a DoD contractor, mostly for the U.S. Navy. There, she was on the forefront of establishing requirements and program offices related to cybersecurity. After completing graduate studies in cybersecurity technologies, she moved to Agilex/Accenture Federal Services where she helped build security into DoD applications and led the development of a security program for a Fortune 500 company. At AbleVets, she leads the security effort in support of systems and applications at the Department of Veterans Affairs.