Almost all of the people who respond to my #CyberMentoringMonday tweets each week say that they want to “get into InfoSec” or “become a Penetration Tester;” they rarely choose any other jobs or are more specific than that. I believe the reason for this is that they are not aware of all the different areas within the field of Information Security (InfoSec for short, and “Cyber” for those outside of our industry). I can sympathize; I was in the same position when I joined. I knew three Penetration Testers and lots of Risk Analysts and I had no clue that there were several other areas that may have interested me, or that they even existed. I knew I didn’t want to be a Risk Analyst, so I thought the only other option was pentester. Now I know that is not true at all. This article will detail several other areas within the field of Information Security in hopes that newcomers to our field can find their niche more easily. It will not be exhaustive, but I’ll do my best.
The above image shows 8 different potential areas within the field of Information Security according to the author Henry Jiang: Governance, Risk, Career Development, User Education, Standards, Threat Intelligence, Security Architecture, and Security Operations.