There is more to cybersecurity than hacking

Choosing a starting point or an area of specialization, especially for beginners, can be daunting. I hope this post helps to put things in a little more perspective for you.

While all cybersecurity professionals align in the mandate of ensuring the confidentiality, integrity, and availability of systems and data, our roles differ in our specialization and functional capacities in safeguarding these assets.

The following domains are 8 widely accepted domains by the cybersecurity community

1. Governance, Risk, and Compliance (GRC): this is primarily to ensure that security strategies are aligned with business objectives, consistent with standards and regulations and that risks are managed to an acceptable level.

2. Encryption: handles how to disguise data to protect its confidentiality and integrity.

3. Network Security: involves the knowledge of network infrastructure, networking, and the different measures of protecting them

4. Business Continuity and Disaster Recovery: focuses on the availability and restoration of businesses and critical infrastructures in the case of incidents, disasters, etc.

5. Identity & Access Management: includes all the systems, processes, and procedures used by an organization to manage identities, authentication, and access generally using the principles of least privilege.

6. Security Architecture: is a broad area that requires technical and non-technical skills for the effective design of secure systems, evaluating where the systems could be vulnerable, and implementing mitigating controls

7. Security Operations: this is the aspect that typically implements security controls in daily operations and watches out for potential threats in a system. Specialists in this domain are usually responsible for the monitoring of systems for vulnerabilities and intrusions.

8. Software Development Security oversees the entire software development life cycle (SDLC) from system conception through retirement to ensure that security controls and practices are incorporated.

9. Physical Security: this deals with the protection of IT infrastructure from unauthorized access

A lot of cybersecurity professionals work daily across these different domains. Whether you choose to specialize in a specific domain or not, knowing that the field is broad and has a whole lot of branches is important and might just help you take that first step in the right direction.

Note: This is only a scratch on the surface of the opportunities and areas of cybersecurity. Various other areas are embedded in each of these domains and organizations implement them in different ways.

It’d be interesting to expand this list. What would you add and under what domain?