👨‍💻
f3dai blog
  • 🧑about
  • Articles
    • ✨Artificial Intelligence
      • Using Gemini to query MITRE ATT&CK
      • Mapping AI safety regulation
      • Poisoning Models
      • Threat modelling generative AI
      • o1 coding capabilities
      • Multi-agent adversarial AI systems
      • Deep reinforcement learning for red teaming
    • ⚙️ICS / OT
      • Consequence-driven Cyber-informed Engineering (CCE)
      • Energy plant cyber simulation
      • OT threat landscape
    • ☁️Cyber engineering
      • Building a cyber lab
        • 1️⃣Design
        • 2️⃣Deploy
        • 3️⃣Test
        • 4️⃣Automating
      • Threat modelling
      • Automating incident response
    • 🚩Capture The Flag
      • Hackthebox - Golfer - Reversing
      • Hackthebox - Behind the Scenes - Reversing
      • Hackthebox - Bypass - Reversing
      • Harder - TryHackMe Walkthrough
    • 🎓Career
      • Domains and roles
Powered by GitBook
On this page
  • Existing Frameworks
  • OT / ICS / IoT

Was this helpful?

  1. Articles
  2. Career

Domains and roles

PreviousCareer

Last updated 1 year ago

Was this helpful?

I've spent some time compiling resources and helping create cyber security frameworks for learning development so decided to share my attempt in illustrating the different domains in cyber.

There seems to be a few "silo's" regarding the different roles and teams you typically find in organisations. I hosted a talk at Roehampton University in London where I discussed how cyber security students and professionals lack the wider context of what a cyber security programme looks like and how many people are involved.

Existing Frameworks

This is more for categorising learning / knowledge. It's good but doesn't really represent realistic jobs and roles in cyber security. This could be used as a learning framework.

  • Human, Organisational & Regulatory Aspects

  • Attacks & Defences

  • Systems Security

  • Software and Platform Security

  • Infrastructure Security

This is also good, but doesn't categorise specialisms.

I'm not an advocate for certifications, especially in cyber security. But this resource by Paul Jerimy illustrates the different domains of cyber security and how some skills overlap.

Hacking Platforms

Popular hacking platforms like HackTheBox and TryHackMe offer fantastic learning resources and more recently skill roadmaps. These are great for hands on training but often lack wider cyber security context - they are based on technical red and blue teaming.

OT / ICS / IoT

This is considered a "niche" of cyber security, as if it is it's own role. The fact is, most organisations are realising they have OT or IoT devices in their estate and they are all connected to enterprise systems. This is known as the "IT / OT convergence". Whilst OT/ICS cyber security is relatively new, we are still seeing the same positions required as above. OT environments need risk management, there are OT cyber standards to comply with, we need to monitor OT, etc.

There are a few caveats, or specialisms that don't fit into this. At the time of writing this, I'm a cyber consultant that works in IT / OT which includes a combination of GRC, cyber management, and (OT) architecture. But fundamentally, there are 4 high level domains of cyber security.

NCSC's "CyBOK" -

UKCSC Career Framework -

Security Certification Roadmap -

🎓
https://www.cybok.org/
https://www.ukcybersecuritycouncil.org.uk/careers-and-learning/cyber-career-framework/
https://pauljerimy.com/security-certification-roadmap/
HTB Academy : Cyber Security Training
TryHackMe | Cyber Security TrainingTryHackMe
Cyber Domains Diagram
UKCSC Framework
Cyber Certification Map
Logo
Logo