I get asked a lot what I do. Family, friends, even some colleagues. Security engineering is not a new career nor is it a new service. Engineering in itself is a common field comprised of many different, commonly known trades: Civil Engineering, Structural Engineering, Chemical Engineering, Mechanical Engineering, and so on. There are lesser known engineering disciplines such as Food Engineering, Software Engineering, and, at last, Security Engineering.
The NCEES (National Council of Examiners for Engineering and Surveying) recognize 25 different engineering trades. The NCEES provides licensing in these trades to certified engineers who wish to become Professional Engineers. See a full list at this link: http://ncees.org/exams/pe-exam/. The NCEES does not list Security Engineering.
So what is Security Engineering? Let’s break it up and start with the term “security.” According to Merriam-Webster, “security” is defined as “the state of being protected or safe from harm” and also “things done to make people or places safe.” Now looking at Merriam-Webster’s definition for “engineering,” they state: “the application of science and mathematics by which the properties of matter and the sources of energy in nature are made useful to people.” Now, if you’re following along, type in “security engineering” into Merriam-Webster. The definition is not found.
Security Engineering is the application of science and mathematics by which the proper ties of matter and the sources of energy in nature are used to provide a state of protection and keep individuals and/or their property safe from harm.
When asked, and I have a few minutes to explain I usually tell it like this: I provide my clients with engineering expertise when selecting and deploying any type of physical, electronic, cyber, cultural, operational or non-tangible security countermeasure to protect and thwart any type of threat against them or their assets. Refer to Paul’s post on the security domains to learn what each domain encompasses (ADD LINK).
Okay, so are we actually “engineers? Yes. I for one, am technically, by school, an Electrical and Computer Engineer. Given the requirements today of modern security engineering and the technologies deployed by security engineerings, low voltage electrical and computer engineering knowledge is required. I plan on expanding this idea in future posts.
The term “engineer is thrown around quite a bit today. Their are many variations of engineer, engineering technician, programmer, etc. and a quick Monster job search provides many varied positions in many varied fields. Their are some big educational and training differences between engineers and engineering technicians, for example.
However, when looking specifically at the term Security Engineer, I often get reached out to by recruiters but the position they’re offering is typically an IT Security Engineer. The jobs involve network cyber security requirements and programming knowledge. A true Security Engineer is well rounded in all the security domains and understands the requirements for cyber security (firewalls) and physical security (berms and planters).
To expand on this, we look at the NCEES and the licensing of engineers. When becoming a Professional Engineer through the NCEES, an engineer’s education and work experience are all evaluated. The engineer is placed through two grueling eight hour exams, typically four years apart. Upon successful completion of the exam, the engineer becomes licensed in his or her state and dubbed a Professional Engineer with “P.E. as a title.
As you can see, my name (at the time of this article) has an “E.I.T. suffix. This stands for “Engineer in Training and signifies that I am halfway to achieving my P.E. license.
The most important aspect of the P.E. is that once those letters are attached to an engineer’s name and they have become a certified, professional engineer, they are no longer a civil engineer, or a mechanical engineer, or a security engineer. They are an Engineer. A title that requires the understanding, even if mildly, of all aspects of engineering. The individual does not need to be an expert in every field of engineer, but must excel at their own discipline. The awareness of other trades and how their trade can impact others is vital to the success of a professional engineer.
Security is a field that impacts many of the common trades involved in today’s construction projects. Security is a necessity to many of our Clients that is typically not a profit builder, but a budget spender. To help determine the most economical, efficient, and intelligent selection and deployment of countermeasures for your organization, only a Security Engineer with the proper knowledge can confidently secure your assets.
In the next post, I am going to discuss the differences and the interactions between a Security Consultant and a Security Engineer, and why you need both.