What do security professionals actually do?

What do security professionals actually do?

Whether you’re a new analyst looking to get into the IT security field, or a senior executive looking to understand more about security responsibilities, a common question is this: What do security professionals actually do?

A fully-loaded question

Understanding the roles of security professionals can either be overly simple or intensively complex, depending upon the depth of your investigation. In particular, while security responsibility “generalization” has been expanding to roles outside of ‘pure security’ (i.e. application development, etc.), specialization still occurs and is critical for organizations to be successful.

However, there are various areas that are important for organizations to utilize. Some of these roles could be in architecture and operations (setting up the security posture and maintaining it). Other roles could be in threat hunting or risk management.

How to make sense of it all

Rafeeq Rehman, an Information Security and Cloud Security specialist, has been publishing the CISO MindMap for a number of years. It is designed “…as an effective educational tool but also enables professionals to use this MindMap for designing and refining their security programs“. In a way, it provides a very high level, yet deep, view into the different roles and responsibilities of various security personnel. Rafeeq Rehman has graciously posted the PDF version of this image here.


Weekly cybersecurity newsletter

Real InfoSecurity CyberSecurity Newsletter

Click Here

Latest posts by RiSec.n0tst3 (see all)
Recommended:  NVIDIA DataBreach: Credentials of 71,000 Employees Leaked
Share the word, let's increase Cybersecurity Awareness as we know it

Leave a Comment

Your email address will not be published. Required fields are marked *

RiSec Captcha 11 − = 7