For a long time there has been a bit of isolation between the person referred to as a network engineer and the security guy. The security guy is nice to have around because when all else fails, you can blame the firewall. That’s right. The network is fine, but you have to talk to the security guy. The security guy won’t tell you much. Why? Because in security you’re on a need-to-know basis, and you don’t need to know.
Alas, the point of this blog post is not to discuss the network and security silos and the way we point fingers at different departments. This is, in part, because there’s a shift that's been happening for some time now. Network engineers have been turning into security engineers. I think there are a few reasons for this shift. Let me explain.
Networking People Might Be Worried About Their Jobs
For the past several years, the fundamentals of networking as a career have shifted. In times past, the network engineer role dealt with cabling up equipment, connecting cables, drawing complex diagrams of the network, configuring various features and protocols via the command line, and testing and monitoring the network. With the advent of Software Defined Networking (SDN) and Network Function Virtualization, these things are quickly disappearing. There’s not much to physically connect now (at least not as much as before), and the network is building itself dynamically through the use of software tools, controllers, and so on.
Security Has Some Exciting Aspects that Challenge Network Engineers
It’s true that security elements like a firewall and an IPS can be set up using a controller, and that there’s a lot that software can do. However, there’s an aspect of forensics that adds an exciting aspect to network security that may be appealing to network engineers. As network automation takes more of a hold, network engineers are taking up coding and using languages like Python and such. Learning these languages actually helps in the transition to security. Decoding the activity of a would-be attacker and figuring out what their script does and how to put a stop to it is a mind exercise that’s appealing to network engineers.
Security Certifications Look Good on a Resume
Another fact that lends itself to the appeal is the fact that employers are looking for cybersecurity professionals, and there’s money in that work. Forbes said that there were 1 million cybersecurity jobs available in 2016. Information Week says that intrusion detection, secure software development, risk mitigation, cloud security, network monitoring and access management, security analysis, and data security skills are all in high demand. Putting these certifications on a resume increases your chances of landing a high-paying job in the security space.
So How Do I Keep Up?
It is true that it's hard to keep up these days. In this series of articles, I’ll tackle some areas that I think are helpful in breaking into the cybersecurity space as a network engineer. In the next article, I'll look at the mound of security certifications that are available, and discuss which ones are of most value. After that we will dive into the world of security in the social space. Believe it or not, there’s a large segment of security professionals that don’t engage in social communities like Twitter and Facebook. We’ll talk about why, and highlight some of the more vocal security folks out there. Then in our fourth post, I'll cover Cisco’s annual security report and why you should care to read it. Finally, we’ll wrap up the segment by discussing the transition into a security role and where to go from there.
I look forward to the comments and perhaps even questions that I can address in these future articles. Until then, happy labbing!