| Follow @lancinimarco | Subscribe to CloudSecList

Reading time ~2 minutes

Cyber Security Career Pathways

As you might know, I’m working on my next side-project, The CloudSec Engineer, a book on entering, establishing yourself, and thriving in the cloud security industry as an individual contributor.

As part of the book’s introduction, I’ve been researching common career pathways within the security industry to contextualise where Cloud Security fits into the big picture.

I naively assumed that I could’ve found some sort of codified guidance in this regard. I was wrong.

This post is part of the “The CloudSec Engineer - Previews” series.

Ours is a confused industry

I then turned (obviously 😆) to social media:

The silence was telling.

As an industry, we still don’t have a formal standardisation of paths people could follow to start and then progress in their careers. “Careers” in InfoSec usually happen cause people get exposed to some sub-domains of security and think that’s all they can aspire to. But there’s much more!

If you do a quick Google search, you’ll see each website/company uses a different categorisation. And most of them are just trying to sell their certifications.

A first attempt

I started collating different resources, like companies sharing their security org structure (like GitLab) or governments trying to help fill vacancies in the industry (like the UK Cyber Security Council).

The mindmap below is a first attempt at grouping roles into macro-functions commonly found in tech companies.

Cyber Security Career Pathways Mindmap
Cyber Security Career Pathways Mindmap

I realise this could even be considered an over-simplification, given the nearly infinite number of declinations (and overlaps!) jobs in these functions could take. But we should start somewhere, no?

A call for feedback

I’m keen to get feedback on it! If you find the information in the mindmap to be incorrect, if something is missing, or if you have ideas on improving it, please let me know on 🐣 Twitter or at 📢 feedback.marcolancini.it!

Once finalised, I’ll expand on each of these pathways as part of the introduction of The CloudSec Engineer.

Thank you! 🙇‍♂️

Subscribe to CloudSecList

If you found this article interesting, you can join thousands of security professionals getting curated security-related news focused on the cloud native landscape by subscribing to CloudSecList.com.

Marco Lancini

Marco Lancini
Hi, I'm Marco Lancini. I am a Principal Security Engineer, advisor, investor, and writer mainly interested in cloud native technologies, security, and technical leadership...  [read more]