Professional development

What does a network security engineer do? MacLeod’s story

Ian Palmer
June 20, 2012 by
Ian Palmer

Jim MacLeod’s journey toward becoming a network security engineer wasn’t typical.

For one thing, he earned a religion degree at Swarthmore College in Pennsylvania whereas conventional wisdom might have led him to pursue something more along the lines of a computer science degree. But while his post-secondary focus might seem like an odd choice for someone interested in information security, MacLeod’s love for technology and how things work balances things out just fine.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

“Back in grade school, I would spend far too many hours getting yelled at by my parents because I had dialed into yet another BBS looking at more software,” says MacLeod, a one-time network security engineer who now works as a product manager with WildPackets in Walnut Creek, California. “So they would pick up the phone and hear the modem angrily screaming at them — at which point they would angrily scream at me.”

MacLeod, whose experience covers firewall and VPN setup and policy analysis, internet filtering, anti-spam, intrusion detection, network monitoring and control, packet sniffing and log management, insists that a good network security engineer requires a mix of the right hard and soft skills. Meanwhile, vertical search engine company Simply Hired says that job prospects for network security professionals are bright.

Network security engineers: The nitty-gritty

Network security engineers are generally responsible for the security aspect of networking systems. In essence, they must ensure that networking systems can withstand or, in the event of mishaps, speedily bounce back from problems caused by hacker attacks, natural disasters or other means.

Network security engineers should have a multi-pronged background, including information technology, information security, networking and engineering. Some post-secondary institutions provide undergraduate degrees in network security engineering. 

Security engineer certifications and training

In addition to getting the right educational training, aspiring network security engineers should also consider certifications such as Certified Information System Security Professional (CISSP) and Cisco Certified Network Associate (CCNA). Check out the average salary for a CCNA and CISSP. The importance of having hard skills — in areas like client/desktop support, programming and PC maintenance — and soft skills — in areas like communicating with co-workers and management, problem-solving and decision-making — can’t be overestimated. 

Network security engineers should also strive for lifelong learning. This includes keeping abreast of new security solutions hitting the market, devouring security publications to stay in the loop, and taking advantage of opportunities to pick up new skills or improve the ones already acquired.

What does a day in the life of network security look like?

While no two jobs are alike, some specific skills will help network security engineers face the various challenges they will face daily. What follows is just a handful of specific skills and duties required of network security engineers:

  1. Assess network security needs. Network security engineers must consider firewall setup, anti-spam, anti-virus, web content filtering, backups, password policy, anti-malware and anti-phishing. After conducting a thorough assessment of enterprise-class networks, network security engineers must suggest mitigation strategies and work alongside relevant parties to re-design the network if needed. Having an in-depth knowledge of web security gateways, perimeter security, network access control, endpoint security and perimeter IDS/IPS is important. And it also wouldn’t hurt to be well-versed in routing protocols such as MPLS, HAIPE/IP, QOS and WAN.
  2. Come up with network security policies. Network security engineers need to play a role in devising comprehensive network security policies. This will include ascertaining security issues that need to be addressed; identifying security strategies to deal with the risks; putting policies for allocating administrative tasks; keeping on top of audit logs for suspicious flag activity; and devising network password procedures.
  3. Work on business continuity/disaster recovery strategy. Network security engineers must take a leading role in putting together business continuity/disaster recovery plans. This will include communicating with corporate stakeholders to keep business continuity/disaster recovery documentation up to date. Network security engineers should also conduct disaster recovery tests routinely, publish the results of these tests and make any changes necessary to address deficiencies. Network security engineers should also conduct yearly business impact assessments.
  4. Test solutions before implementation. Before implementation, network security engineers need to know how to test new computers, software, and switch hardware and routers. Doing so will help to maintain the integrity of corporate networks.
  5. Keep abreast of security system logs. It is critical to review security system logs, including firewall system logs and intrusion detection systems, and report any irregularities or issues relating to improper access patterns. Reviews of this nature should be conducted weekly.
  6. Fix problems on-site and off-site. Network security engineers need to be able to examine, troubleshoot and fix network irregularities both at the office and remotely. Network security engineers should have expertise in providing end users, application developers and operational personnel with network services support. They also need to be able to fix client business network issues through network management support, network installation and customization, and network administration.

Positive security engineer career prospects

Whatever the on-the-job challenges network security engineers face, the position is popular. Case in point: network security engineer on the list of “5 Most In-Demand Cyber Security Job Roles.” Coming in at #3, the network security engineer is sandwiched between the security engineer and information security analyst. Indeed.com, for instance, reports that the average network security engineer salary listed on its site is 108,989 annually.

According to Gautam Godhwani, co-founder and chief executive officer of Sunnyvale, California-based Simply Hired, the prospects for network security professionals are quite positive. He says that Simply Hired has seen a substantial increase in network security jobs. Currently, there are 16,000 positions with the network security keyword indexed on SimplyHired.com.

The sort of skills successful network security engineers should have included numerous years of hands-on firewall and network experience with a particular concentration on ScreenOS and JUNOS, says Godhwani. It is also important to understand common network and application protocols, among them TLS/SSL, TCP/IP, IPSec, HTTP, Windows networking, FTP and DNS. The capacity to use large-scale network security infrastructure, such as VPNs, DdoS mitigation and IDS/IPS is no less important. He adds that project management, troubleshooting and Linux administration skills are also critical.

Doing it his way

There are certain things network security engineers are generally expected to have on their resumes that are not in question. But, as MacLeod points out, it takes more than a bunch of certifications to land a job.

“A [certification] might help me get an initial interview, but it’s the soft skills, like communicating well, that land the position,” says MacLeod, who, throughout his career, has earned numerous product-specific certifications.

“The HR staff here (WildPackets) told me that the paragraph I wrote on my LinkedIn page convinced them to contact me. Certifications are part of the answer to the question, ‘Does this person have the knowledge?’ But a writing sample, a cover letter, is a better answer to the question, ‘Can this person do the job here?'”

He started to refine his ability to do the job while studying at Swarthmore College. While earning his degree, he got a job with the campus IT organization to support faculty. He explains that this position helped him learn how to remain calm and humble regardless of whether or not the person seeking assistance was behaving civilly.

“Out of college, I was lucky that the first job that I landed was with a small consulting firm that taught me how to do protocol analysis,” he continues. “I had the one-two punch of getting the key technical experience with what’s going on in networks — looking at the IP headers, the TCP headers — and then I had the information given to me on how to present yourself in front of a large room full of people.”

After leaving the consulting firm, he discovered that knowing how things work provides a firm foundation for going into firewalls. So he took a job at Nokia Internet Communications back when the company built the Check Point platform. He stayed there for probably two and a half years. After his stint with Nokia, he had the chance to work for several different startup companies.

“All of them recognized that I had that security background and were able to leverage it, so I went to work as a consultant for a company that wanted some VPN experience,” he says. “I went to work as a sales engineer for a company that was doing log management. [I worked for] a different company that was doing anti-spam and URL filtering. The number one thing that set me down that path was having an understanding of how things work. And the number two thing that kept me on that path was being open to possibilities and letting my understanding expand itself.”

According to MacLeod, aspiring network security engineers should consider participating in security B-Sides gatherings, where information security professionals discuss issues and bounce ideas off each other.

Although he’s worked as a network security engineer, MacLeod not too long ago moved on to become a project manager at WildPackets, which develops hardware and software solutions that drive network performance. He says that he got the feeling that customers did not actually understand how the products worked while working as a trainer and as a tech support person. When he moved to sales engineering, he realized that customers were simply purchasing the wrong products.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

“Then I spent about two years as a developer and said, ‘You know what? We’re building the wrong products for customers,'” says MacLeod. “And then I realized that as a product manager, I can tell several engineers what to build. I’m still interested in solving problems. I just want to solve problems for a larger number of people now. Sometimes the only way to do that is to take yourself off the front line.”

Sources

Ian Palmer
Ian Palmer

A Canadian currently based in Ontario, Canada, Ian is a researcher for InfoSec Institute. Over the years, he has written for a number of IT-related sites such as Linux.com, ITManagersJournal.com and ITBusiness.ca.