| Follow @lancinimarco | Subscribe to CloudSecList

Reading time ~2 minutes

Cyber Security Career Pathways

As you might know, I’m working on my next side-project, The CloudSec Engineer, a book on entering, establishing yourself, and thriving in the cloud security industry as an individual contributor.

As part of the book’s introduction, I’ve been researching common career pathways within the security industry to contextualise where Cloud Security fits into the big picture.

I naively assumed that I could’ve found some sort of codified guidance in this regard. I was wrong.

This post is part of the “The CloudSec Engineer - Previews” series.

Ours is a confused industry

I then turned (obviously 😆) to social media:

The silence was telling.

As an industry, we still don’t have a formal standardisation of paths people could follow to start and then progress in their careers. “Careers” in InfoSec usually happen cause people get exposed to some sub-domains of security and think that’s all they can aspire to. But there’s much more!

If you do a quick Google search, you’ll see each website/company uses a different categorisation. And most of them are just trying to sell their certifications.

A first attempt

I started collating different resources, like companies sharing their security org structure (like GitLab) or governments trying to help fill vacancies in the industry (like the UK Cyber Security Council).

The mindmap below is a first attempt at grouping roles into macro-functions commonly found in tech companies.

Cyber Security Career Pathways Mindmap
Cyber Security Career Pathways Mindmap

I realise this could even be considered an over-simplification, given the nearly infinite number of declinations (and overlaps!) jobs in these functions could take. But we should start somewhere, no?

A call for feedback

I’m keen to get feedback on it! If you find the information in the mindmap to be incorrect, if something is missing, or if you have ideas on improving it, please let me know on 🐣 Twitter or at 📢 feedback.marcolancini.it!

Once finalised, I’ll expand on each of these pathways as part of the introduction of The CloudSec Engineer.

Thank you! 🙇‍♂️

CloudSecList

Subscribe to CloudSecList

If you found this article interesting, you can join thousands of security professionals getting curated security-related news focused on the cloud native landscape by subscribing to CloudSecList.com.

About the Author

Marco Lancini

Marco Lancini
Hi, I'm Marco Lancini. I am a Principal Security Engineer, advisor, investor, and writer mainly interested in cloud native technologies, security, and technical leadership...  [read more] 
Read More

Serverless Emails with Cloudflare Email Routing

Published on October 19, 2022

Serverless Ad Blocking with Cloudflare Gateway

Published on September 22, 2022

About

Hi, I'm Marco Lancini. I am a Principal Security Engineer, advisor, investor, and writer mainly interested in cloud native technologies, security, and technical leadership...  [read more] 

Buy me a coffeeBuy me a coffee

Sponsor

CloudSec* Projects

CloudSecBooks CloudSecDocs CloudSecList

Collections

Continuous Visibility into Ephemeral Cloud Environments
Cloud Security Strategies
The CloudSec Engineer - Previews
Kubernetes Primer for Security Professionals

Must Read

What to look for when reviewing a company's infrastructure
On Establishing a Cloud Security Program
Security Logging in Cloud Environments - GCP
Security Logging in Cloud Environments - AWS
Tracking Moving Clouds: How to continuously track cloud assets with Cartography
The Current State of Kubernetes Threat Modelling
Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography
So I Heard You Want to Learn Kubernetes

Recent Articles

Serverless Emails with Cloudflare Email Routing
Cyber Security Career Pathways
Serverless Ad Blocking with Cloudflare Gateway
What to look for when reviewing a company's infrastructure
CVE-2022-0847 (aka Dirty Pipe): What does it mean for defenders

Tags

Twitter Feed