Cybersecurity meets ABET and why this conversation matters
- Art Chavez
- Dec 10, 2025
- 2 min read
Recently, ISAUnited met with an ABET consultant to talk about cybersecurity and engineering. ABET accredits university programs in fields such as electrical, mechanical, civil, and systems engineering. When someone completes an ABET-accredited program, there is a shared understanding of the skills, knowledge, and abilities that person was expected to build.
'In cybersecurity, that kind of engineering North Star is missing.'
The problem we see together
Our field already carries many frameworks and checklists. Teams work with NIST, ISO, internal control catalogs, and vendor playbooks. None of these are wrong. They simply do not answer a different question.
Cybersecurity architects and engineers (CAE) need to know how to design, review, and test real systems as engineers, not only as framework consumers. Today, that guidance is scattered. Each organization invents its own review style. Each team lives in its own silo.
During the workshop, the ABET consultant asked direct questions that captured this gap:
What is the North Star for cybersecurity architecture and engineering?
What skills, knowledge, and abilities (SKAs) should define a cybersecurity engineer?
How will the profession know that it is moving closer to true engineering practice?
He also raised a harder question that many of us live with every day.
Why do serious intrusions and data leaks continue to occur, even in organizations that claim alignment, or hold attestations, for audits such as SOC 2, SOC 3, ISO, and other common standards or “best practices”.
Those questions describe the problem clearly. Cybersecurity has many frameworks but almost no active technical standards; the few standards that exist are dated, written from a business and compliance viewpoint rather than a technical one, and focused on checklists instead of engineering practice.
The direction ISAUnited is taking
For ISAUnited, the conversation was encouraging because it confirmed our direction. Cybersecurity architecture and engineering need to sit inside the larger engineering world, not outside of it.
That means written standards that look like engineering documents. It means a focus on requirements, technical specifications, verification and validation, and evidence that another professional can review. It means treating SKAs for cybersecurity architects and engineers with the same seriousness that other tradtional engineering disciplines expect.
This is why ISAUnited is building the Defensible 10 Standards as our flagship work. They are not another framework to memorize. They are technical engineering standards for cybersecurity architecture and engineering, intended to serve as a North Star for CAE teams.
In the coming weeks, we will continue to publish our technical Defensible 10 Standards and related guidance that highlight specific engineering guidance and the solution paths we believe can move our field from scattered checklists back into true cybersecurity engineering. This ABET conversation is an early signal that the direction is sound, and that cybersecurity is ready to grow into the engineering discipline it needs to be. It is time for our field to begin catching up with our brothers and sisters in traditional engineering.
