CYBERSECURITY PROFESSIONALS

Cybersecurity professionals are trained to find weaknesses in databases, networks, hardware, firewalls, and encryption. The number one priority of a cybersecurity professional is to prevent attacks by ‘fixing’ potential issues before they are exploited by malicious users. Additionally, cybersecurity specialists will handle clean-up after cyber attacks and security breaches.

Analyst

Forensics

DevSecOps

Architect

Cloud Security

Penetration Tester

Instructor

Security Manager

Researcher

Risk Advisor

Consultant

Auditor

Project Manager

Incident Responder

Technician

ADVERTISEMENT

The Map of Cybersecurity Domains by Henry Jiang | March 2021

NIST Cybersecurity Framework

CIS Top 20 Controls CIS Benchmarks

ISO 27001 27017 27018

OWASP Top 10

MITRE ATT&CK

  • > Security Engineering
  • > Access Control
    • – Identity Management
      • — Privileged Access Management
      • — Identity & Access Management
    • – MFA & SSO
    • – Federated Identity
  • > Cloud Security
  • > Data Protection
    • – Data Leakage Prevention
  • > Network Design 
    • – DDoS Prevention
  • > Secure System Build
    • – Patch Management
    • – Baseline Configuration 
  • > Cryptography
    • – Certificate Management
    • – Encryption Standards
    • – Key and Secret Management
      • — Vaulting
      • HSM
  • > S-SDLC
  • > Security UX
  • > Security QA
  • > API Security
  • > Source Code Scan
    • – SAS T
    • – Open Source Scan
  • > Vulnerability scan
  • > Assets Inventory
  • > 3rd Party Risk
    • – 4th Party Risk
  • > Penetration test
    • – Infrastructure
    • – Social Engineering 
    • – DAST
    • – Application Pen Tests 
  • > Risk Monitoring Services Scan
  • > Risk Treatment Action
  • > Risk Acceptance
  • > Cyber Insurance
  • > Lines of Defense
    • – Process Owners
    • – Risk Mgmt Group
    • – Audit
    • – SOC1/SOC2
  • > Risk Monitoring Services Scan
  • > Laws and Regulations
    • – Industry Specific
    • -Government
    • – Regional
      • CCPA
      • — NYS-DFS 23 NYCRR 500
  • > Executive Management Involvement
    • – Risk Informed
    • – Reports and Scorecards
      • — KPIs/KRIs
  • > Company’s Written Policies
    • – Policy
    • – Procedure
    • – Standard
    • – Compliance & Enforcement
    • – Guideline
  • > External
    • – Contextual
    • – IOCs
  • > Internal
    • – Intel Sharing
    • – IOCs
  • > Training (new skills)
  • > Awareness (reinforcement) 
  • > Cyber security table-top exercise 
  • > Vulnerability Management
  • > Threat Hunting
  • > SIEM
    • – SOAR
  • > Active Defense
  • > Incident Response
    • – Breach Notification 
    • – Containment
    • – Eradication
    • – Blue Team
    • – Red Team
    • – Investigations / Forensics
  • > Security Operations Center
  • > IOT Security
  • > Certifications
  • > Conferences
  • > Self Study 
  • > Peer Groups
  • > Coaches and Role Models
  • > Training

Welcome Back!

Login to your account below

Retrieve your password

Please enter your username or email address to reset your password.

Add New Playlist