Cyber Security training from QA

The ideal Security Engineer

Engineers solve problems; a security engineer solves security problems.


Mark Amory | 4 August 2015

One of the first things any engineer (in any discipline) should do is understand the problem. In the world of security engineering, it helps to know what you are trying to protect and importantly how and why people might want to attack it, in order to create robust Cyber Security.

Whether the problem is protecting data or infrastructure, it is vital that the security engineer understands every facet of the asset to be protected and any vulnerabilities that may be associated with it.

Once the asset is understood, a risk assessment and threat analysis needs to be carried out that will determine the attack surface of the asset. Once the attack surface is determined, mitigating steps can be designed and implemented to reduce the attack surface and eliminate, or reduce risk.

All the time, the ideal security engineer will have to consider how to maintain the CIA triad (Confidentiality, Integrity, Availability) with respect to the asset being protected.

Security Engineering

The ideal security engineer will also need to consider four other elements – People, Process, Technology and Physical security.

Working out how to protect an asset effectively is not an easy task, so desirable properties any security engineer needs to have include:

  • Logical problem solving
  • Attention to detail
  • Understanding of People, Process, Technology, and Physical security controls
  • Good communication skills

An ideal Security Engineer will need to address the security needs of the business, for example, a security engineer may have to consider the following:

  • Open ports on outward facing servers, code listening on those ports
  • Services available on the inside of the firewall
  • Code that processes incoming data to a database
  • Processing of data by human or machine
  • An employee with access to sensitive information being socially engineered
  • Theft of devices

The above problems, in one way or another involve People, Process, Technology, and Physical security.

How does the engineer maintain the CIA triad around these?

  1. The ideal security engineer needs to have an in-depth knowledge and hands-on skills of many aspects of I.T., including hardware, software and networking.
  2. The ideal security engineer needs to play a role in devising comprehensive security policies, which should work to protect the company now and be robust enough to cope with the changing threat landscape.
  3. The ideal security engineer must also work on implementing and managing the business continuity/disaster recovery strategy, including working with key stakeholders to keep business continuity, disaster recover documentation and training up-to-date.
  4. Security engineers need to know how to test new hardware, software, and networking systems before implementation and keep on top of them as a regular process of management, testing that the controls put in place actually work is a key aspect of the security engineers’ role. 
  5. Finally, the ideal security engineer should be able to fix problems both on and off-site. Engineers need to be able to examine, troubleshoot and fix security irregularities both at the office and remotely.

For more information check out some of our popular cyber courses

BCS Certificate in Information Systems Security Professional

CISSP Certified Information Systems Security Professional

EC Council Certified Ethical Hacker v8

EC Council Certified Security Analyst

Security+ Certificate Support Skills (2014 Objectives)

Systems Security Certified Practitioner


Mark-Amory

Mark Amory

Senior Learning Consultant

After leaving a career as a mechanical & electrical engineer in 1998, Mark started out with a fresh career as an IT trainer. Spending the first few years as an applications trainer, Mark excelled in delivering Microsoft office and Adobe products. In-line with his background as an engineer, Mark soon shifted focus to more technical deliveries, including hardware and networking topics; a field he has remained in ever since. As a natural progression of his career saw Mark start to explore the security aspect of his existing competencies, and since 2005 has specialised in the cyber security domain. Mark has been the author of a number of QA cyber security courses, and was the design authority and author of the 2017 NCSC Cyber First Academy. Mark is a C|EH and is currently undergoing the process of becoming an NCSC Certified Cyber Professional.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.