There are many different routes you can take in the cyber industry, each dependent on your interests, skillset, and aspirations.

Being aware of the different cyber specialisms can help you map out your career path and define a clear trajectory for the course of your working life. For newcomers to the cyber industry, it’s good to be aware of which pathways are interchangeable, and which aren’t. This can help you aim for the right role for you and Be a CyberPRO®

The UK Cyber Security Council has defined 16 different pathways:

  • Cyber Threat Intelligence – The assessment, validation, and reporting of information on current and potential cyber threats to maintain an organisation’s situational awareness.
  • Cyber Security Generalist – The performance of the duties of multiple cyber security specialisms in one role.
  • Cyber Security Management – The management of cyber security resources, staff, and policies at an enterprise level in line with business objectives and regulatory requirements.
  • Cyber Security Governance and Risk Management – The monitoring of compliance with agreed cyber security policies and the assessment and management of relevant risks.
  • Cyber Security Audit and Assure – The verification that systems and processes meet the specified security requirements and that processes to verify on-going compliance are in place.
  • Data Protection and Privacy – The management of the protection of data, enabling an organisation to meet its contractual, legal, and regulatory requirements.
  • Incident Response – The preparation for, handling of and following up of cyber security incidents, to minimise the damage to an organisation and prevent recurrence.
  • Network Monitoring and Intrusion Detection – The monitoring of network and system activity to identify unauthorised actions by users or potential intrusion by an attacker.
  • Security Testing – The testing of a network, system, product, or design, against the specified security requirements and/or for vulnerabilities (penetration testing).
  • Vulnerability Management – The management of the configuration of protected systems to ensure that any vulnerabilities are understood and managed.
  • Digital Forensics – The process of identifying and reconstructing the relevant sequence of events that have led to the currently observable state of a target IT system.
  • Cryptography and Communications Security – The designing, development, testing, implementation and operation of a system or product to provide cryptographic and/or secure communications.
  • Secure Operations – The management of an organisation’s information systems operations in accordance with the agreed Security Policy.
  • Identity and Access Management – The management of policies, procedures, and controls to ensure that only authorised individuals access information or computer-controlled resources.
  • Secure System Architecture and Design – The designing of an IT system to meet its security requirements, balancing this with its functional requirements.
  • Secure System Development – The development and updating of a system or product, in conformance with agreed security requirements and standards, throughout its lifecycle.
Scroll to Top