We often hear the term "engineer" tossed around in job titles for those in the IT space. But drilling down into the subcategory of security, what is the difference between a cybersecurity engineer and a cybersecurity professional? It might sound like the same thing to you but one security pundit insists that there are differences that could affect the employability of workers in this industry.
Expectations of cybersecurity workers have also changed and the subtle differences between various roles in this space can matter a great deal if they're hunting for a new job, according to Kok Yew Toh, senior manager for IT security and assurance at insurance firm Prudential. With the prevalence of malware targeting businesses launched by professional criminal rings, organisations have become increasingly aware of cybercrime. This has resulted in a shift in boardroom conversation around cybersecurity, moving from fighting off active attacks to prevention. Strategic thinkers who can manage and assess risks are in higher demand than coders who are good at building ways to combat active cyberattacks, Toh said.
"Right now, we are not looking for cybersecurity engineers, we are looking for cybersecurity professionals. There's a difference," he said in a journal published by professional recruitment firm Hays.
To Toh, cybersecurity professionals are better at taking a long-term strategic view and can communicate effectively. While cybersecurity engineers have the technical capabilities, those skills can be learned by a cybersecurity professional later down the track, Toh said:
"Engineers will look to fulfil the baseline requirements for the industry: professionals will look at the baseline and ask if it is appropriate for their own business processes. If it isn't, they will ask if they can make another baseline for their processes. "We're not looking for firemen anymore, we're looking for people who can anticipate how the fire will happen."
"Engineer" has been a problematic term in the IT industry. Some have claimed that it’s a misnomer when programmers call themselves "software engineers".
According to Ian Bogost from The Atlantic:
"Traditional engineers are regulated, certified, and subject to apprenticeship and continuing education. Engineering claims an explicit responsibility to public safety and reliability, even if it doesn’t always deliver. "The title 'engineer' is cheapened by the tech industry."
What are your thoughts on the term "cybersecurity engineer" versus "cybersecurity professional"? If you're in the IT space, what is your job title right now and does it accurately reflect your role? Let us know in the comments.