Sunday, October 13, 2024

What do security professionals actually do?

What do security professionals actually do?

Whether you’re a new analyst looking to get into the IT security field, or a senior executive looking to understand more about security responsibilities, a common question is this: What do security professionals actually do?

A fully-loaded question

Understanding the roles of security professionals can either be overly simple or intensively complex, depending upon the depth of your investigation. In particular, while security responsibility “generalization” has been expanding to roles outside of ‘pure security’ (i.e. application development, etc.), specialization still occurs and is critical for organizations to be successful.

However, there are various areas that are important for organizations to utilize. Some of these roles could be in architecture and operations (setting up the security posture and maintaining it). Other roles could be in threat hunting or risk management.

How to make sense of it all

Rafeeq Rehman, an Information Security and Cloud Security specialist, has been publishing the CISO MindMap for a number of years. It is designed “…as an effective educational tool but also enables professionals to use this MindMap for designing and refining their security programs“. In a way, it provides a very high level, yet deep, view into the different roles and responsibilities of various security personnel. Rafeeq Rehman has graciously posted the PDF version of this image here.

source: rafeeqrehman.com!

Weekly cybersecurity newsletter

Real InfoSecurity CyberSecurity Newsletter

Click Here

Bookmark
Share the word, let's increase Cybersecurity Awareness as we know it
Recommended:  Fixing indirect vulnerabilities without breaking your dependency tree
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security