Cybersecurity is becoming a broader field as more industries migrate onto the Internet and become a part of the digital landscape. That means there are cybersecurity needs in nearly every industry in addition to cybersecurity being an industry itself. Security roles are no longer just the hacker stereotype of cracking into systems and writing code all the time; cybersecurity as a whole encompasses many skills that work together.

In this article, we’ll break down some of the big domains in the cybersecurity industry. There are lots of overlap between different domains and cybersecurity careers, so keep in mind that the domains are not drawn with hard lines, especially as they keep evolving!

Photo by Clark Van Der Beken on Unsplash

Security engineering

This section refers to the technical implementation of various forms of security.

• Information security, or InfoSec, protects data in any form from being accessed, modified, shared, or deleted by the wrong people.
• Network security is concerned with the network infrastructure of an organization that guards against unauthorized access or data from being intercepted.
• Application security refers to implementing measures that defend an application (mobile, desktop, or web) from attack, including both software and hardware solutions. Examples of application security include secure coding, the use of antivirus programs, firewalls, and encryption.
• Cloud security refers to the new field of making sure resources uploaded into the cloud are secure. Companies and users are constantly moving more resources into the cloud, and professionals in this field need to be familiar with implementing security in this environment.
• Cryptography focuses on methods to hide and un-hide information so that data is only readable or usable by authorized people. This requires familiarity with all types of encryption and hashing algorithms.
• Critical infrastructure security is defending physical systems that are becoming more digital/networked, such as energy grids, hospitals, water and waste systems, and even schools. Among the issues that come up are natural disasters and outages.

Governance and compliance

It’s critical to understand international, federal, and state laws and regulations for security. This has implications on the security operations for all organizations. Compliance refers to making sure an organization enforces certain policies, and continuously auditing as well.

This is becoming an increasingly important area of work. While these roles might not require programming knowledge, these roles require foundational knowledge of cybersecurity as well as all the laws and regulations that impact a particular industry.

Risk management and threat intelligence

No system will ever be perfect, and there will always be risk, so this area of work is about managing that risk.

How is risk managed? Through identifying risks, assessing the likelihood and potential threat of security vulnerabilities, and finding the most cost-effective and efficient security measures.

Threat intelligence is the continuous gathering of knowledge of possible attacks. Intelligence could look like knowing the motivations behind attacks, what the scale of attacks could be, and what vectors that might use. These roles often intersect with data science and machine learning because of the need to process all this information.

What you'll learn

Skills you'll gain

• Cybersecurity, network security