Let’s break down the three major cyber security domains:
Offensive Security consists of assessments to try breaking into systems by exploiting services, human aspects, common knowledge and gaining access for further operations. Offensive Security Experts, also known as ‘Hackers’ are eqquiped with tools and techniques to successfully conduct hacking operations. Red team, Vulnerability Assessment and Penetration Testing can be one of the starting points for you to look into, if you are planning to jump into this as a career. There are also many security professionals who also perform bug bounty on organizations that have Vulnerability Disclosure Program (VDP) and Bug Bounty Program (BBP). The main difference between these two are BBP offers monetary rewards while VDP might provide public acknowledgements, swags or points.
Defensive Security has a wide varity of sub domains, network administrators, security engineers, security analysts, digital forensics and incident handlers. People who have knowledge about the basics of network architecture, cyber security, common policy knowledge can begin their career as a Security Analysts. Organizations have started building their own Security Operations Center (SOC) department and many opt in for a third party service provider which is commonly known as MSP or Managed Service Provider.
GRC deals with strategy, risk, compliance, audit, legal, IT, HR and more. The GRC team overviews the risk management and complaince requirements that are to be met by an organization. IS Auditors are one of the domains for enthusiasts that want to explore in this field. Certifications such as, CISA, CISM, CGRC, CISSP, ITIL 4 Foundation are some of the certifications one can pursue to get a foothold on this domain. Certifications only do not qualify an individual in this domain, some of the certification requirements also requires you to have 4-5 years of auditing experience before being a certified professional.
Either you want to start or have already been
]]>