What are the career paths in the computer security field?

  • What sorts of jobs are there, in which organizations, with what sorts of day-to-day responsibilities?

    What areas are good for folks coming out of school, vs what are good 2nd careers for experienced folks coming from various disciplines?

    Wireless Security. The two most vulnerable niches, are also the most profitable. CEH(certified ethical hacker) is a good thing to have, along with a wireless security cert. It's the most advancing tech.

    Only a little comment, but one of the most useful degrees I ever found for infosec roles was Criminology. A friend of mine did Criminology, I did Internet Applications, he knows little of code, but works for a big 5 bank as part of a threat prediction team. I do alright, but maybe a double major would've been good!

    @user8456 CEH is actually a really, really bad certificate. It's considered a joke among most infosec professionals. OSCP, CISSP, etc. are far better.

  • schroeder

    schroeder Correct answer

    one year ago

    Since this question was originally asked, the industry has been working to come up with an answer.

    NIST's National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework outlines a definitive list, and it describes 52 work roles in information security.

    Authorizing Official/Designating Representative
    Security Control Assessor
    Software Developer
    Secure Software Assessor
    Enterprise Architect 
    Security Architect 
    Research & Development Specialist 
    Systems Requirements Planner 
    System Testing and Evaluation Specialist 
    Information Systems Security Developer 
    Systems Developer 
    Database Administrator
    Data Analyst 
    Knowledge Manager
    Technical Support Specialist
    Network Operations Specialist
    System Administrator
    Systems Security Analyst
    Cyber Legal Advisor 
    Privacy Officer/Privacy Compliance Manager
    Cyber Instructional Curriculum Developer 
    Cyber Instructor 
    Information Systems Security Manager
    Communications Security (COMSEC) Manager
    Cyber Workforce Developer and Manager 
    Cyber Policy and Strategy Planner
    Executive Cyber Leadership 
    Program Manager 
    IT Project Manager
    Product Support Manager
    IT Investment/Portfolio Manager
    IT Program Auditor
    Cyber Defense Analyst
    Cyber Defense Infrastructure Support Specialist
    Cyber Defense Incident Responder 
    Vulnerability Assessment Analyst
    Threat/Warning Analyst
    Exploitation Analyst
    All-Source Analyst
    Mission Assessment Specialist
    Target Developer
    Target Network Analyst
    Multi-Disciplined Language Analyst
    All Source-Collection Manager
    All Source-Collection Requirements Manager
    Cyber Intel Planner
    Cyber Ops Planner
    Partner Integration Planner
    Cyber Operator
    Cyber Crime Investigator
    Law Enforcement /CounterIntelligence Forensics Analyst
    Cyber Defense Forensics Analyst

    While some of the above might not be pure "security" in every organisation (e.g. "Software Developer"), it is possible for each of those to be specialised in whole or in part in security in different organisations.

    That's a huge list, but I'm not sure how useful it really is, in practice. It would be interesting to know how many of those roles overlap, and which ones are actually separate roles that require separate careers with different studies.

    @reed actually, that's all outlined in the framework

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM