Do We Have a Cybersecurity Problem? The Case for Engineering and Training

Dec 19 / Mona Narang

Do We Have a Cybersecurity Problem?

Why Cybersecurity Training and Systems Engineering Are the Real Solutions

In a world where cyber threats grow increasingly sophisticated, it’s easy to assume that cybersecurity is the problem. However, after thoughtful analysis, it's clear that the real issue lies within engineering—or rather, the lack of disciplined, rigorous engineering practices. While cybersecurity incidents dominate headlines, addressing these challenges through structured engineering approaches may provide the answers we need.

This article explores how cybersecurity training paired with robust engineering methodologies can redefine how we approach digital protection. Let’s dive into why cybersecurity isn’t just about defending against attacks but engineering systems that are inherently resilient.

How To Promote Cyber Security Awareness - Our Top Tips


The Real Problem: It’s Not Just Cybersecurity

Cybersecurity problems often stem from vulnerabilities introduced during the design and development stages of systems. These vulnerabilities arise not because we lack security tools but because systems and software are not always built with assurance—a core concept in engineering that ensures reliability and trustworthiness.

The Role of Systems Engineering

Systems engineering integrates various engineering disciplines to ensure every element of a system is accounted for. Standards like ISO/IEC/IEEE 15288 and NIST SP 800-160 Volume 1 emphasize this integration. They allow flexibility for methodologies like Agile, DevOps, and DevSecOps while providing comprehensive guidelines for building secure systems.

Why It Matters


  • Holistic Solutions: Systems don’t exist in isolation. Viewing cybersecurity in silos prevents us from creating solutions that account for all elements of a system, from software to hardware to human factors.
  • Resilience: Proper engineering allows for penetration resistance, resilience, and tolerance in the face of adversities like cyber-attacks, natural disasters, or hardware failures.


Cybersecurity Training: The Missing Piece

To complement strong engineering practices, cybersecurity training equips professionals with the skills needed to navigate modern challenges. Training programs ensure that individuals—from system developers to operators—understand how to implement security principles effectively.

Benefits of Cybersecurity Training


  1. Enhanced Awareness: Professionals learn to identify and mitigate threats early in the engineering lifecycle.
  2. Bridge the Gap: Training connects engineering and cybersecurity, ensuring teams work collaboratively to build resilient systems.
  3. Practical Skills: Real-world scenarios prepare professionals to respond to incidents quickly and effectively.


Designing for Trustworthiness

A trustworthy system is one that can continue functioning even when faced with adversity. This concept includes:

  1. Resilience: The ability to recover from disruptions, such as a cyberattack or physical damage.
  2. Tolerance: Systems are designed to withstand attacks without catastrophic failure.
  3. Penetration Resistance: Strong defenses make it harder for adversaries to gain unauthorized access.

Security Design Principles

These principles are the foundation of building secure systems:


  • Least Privilege: Ensure users and applications have only the permissions necessary for their roles.
  • Defense in Depth: Layered defenses ensure multiple barriers protect against threats.
  • Fail-Safe Defaults: Systems should default to secure states when failures occur.

3 Reasons Why I Chose Springboard’s Cybersecurity Bootcamp

Cyber-Physical Systems: The Safety Lens

With the convergence of cyber and physical systems, cybersecurity must now be viewed through the lens of safety engineering. Software vulnerabilities are inevitable, so designing systems to minimize risk and mitigate the impact of failure is essential.

How Engineering Plays a Role


  • Assume Vulnerability: Acknowledge that no software is perfect, and build systems that reduce susceptibility to attacks.
  • Safety Assurance: Elevate assurance standards for systems that rely heavily on software.


Breaking Down the Silos

Stovepiped cybersecurity efforts can be counterproductive. Effective systems require collaboration across engineering disciplines to ensure security is woven into the entire lifecycle. This shift from reactive cybersecurity to proactive systems engineering is key to addressing today’s threats.



Motivational Takeaway: Why Cybersecurity Training and Engineering Matter

The path forward requires combining cybersecurity training with disciplined engineering practices. By empowering professionals with the knowledge and tools to integrate security into every aspect of system design, we can create resilient systems that withstand modern adversities.

Remember: Cybersecurity isn’t just a problem to solve; it’s a discipline to master. With the right mindset and preparation, we can transform vulnerabilities into opportunities for innovation and resilience.