What Do Cybersecurity Engineers Actually Do?

Since we emphasize behavior here at Pythia Cyber, let's talk about it and answer this question: what do cybersecurity engineers actually do? Suppose you wanted to hire one right now. What would you expect to advertise for?

Let's set this cybersecurity workforce ecosystem up correctly. There is at least a cybersecurity engineer and a manager. Maybe there is also a CISO, though this person might not manage cybersecurity engineers. First, then, as the employer, know what personnel you're actually hiring. You as the executive/hiring manager/HR guru need to define what you need done. Do you need systems management, or web security, or does this person do acquisitions, or deal with a vendor? How about developing a cybersecurity risk management plan? All of that?

Two: OK now let's look at competencies and skills. Best place to start is with, yes really, the US government. Here is a link to the government's O*NET site -- think of it as a bank of continually validated job descriptions. And it's free!

Searching for cybersecurity returns 20 hits. Some of them are tangential, such as attorney or political scientist. A quick visual scan says there are eight likely cybersecurity jobs that you would think are cybersecurity jobs; I got the same list looking for "cybersecurity engineer." The first one, "Information Security Engineers" (#15-1299.05), seems right. I have posted here what skills, tasks, and duties you should expect from someone in that role:

More Uncle Sam stuff: check out the US Office of Personnel Management's site (OPM.GOV) for this job. At the time I am writing this post the government is in a hiring freeze, but when it comes out of the freeze during the sumemr of 2025, this page that I have linked to will be overflowing with cybersecurity jobs. Read it for what skills, keywords, etc. you should consider as you build your cybersecurity workforce ecosystem.

The key term is cybersecurity workforce ecosystem. You cannot hire one person and expect all cybersecurity problems to be solved. An effective manager is going to manage their cybersecurity risk by creating a team ecosystem that is resilient, able to work out plans and systems to manage cybersecurity risk, and aligned with organizational goals. 

Ask us how we can work with you to create the right cybersecurity ecosystem for your growing business.