Cyber security career pathways
Routes into and through the profession
This section provides details about the 15 specialisms in cyber security, and suggests pathways through and between them. It's a flexible definition that individual practitioners - current or future - can use to plan out a possible career; it's not a standard to be followed rigidly. Bear in mind that a job may include parts, or the whole, of one or more of the specialisms.
Details include an introduction to each specialism, information on the typical responsibilities and tasks, the skills and knowledge required, and information on useful prior experience for those hoping to enter the specialism from outside cyber security. Information also includes a list of common job titles and average salary ranges.
Cyber Career Framework: pathways for the 15 specialisms in cyber security.
Pick a specialism to find out more.
Digital Forensics
Digital Forensics
The process of identifying and reconstructing the relevant sequence of events that have led to the currently observable state of a target IT system.
Cyber Threat Intelligence
Cyber Threat Intelligence
Cyber Threat Intelligence is the assessment, validation and reporting of information on current and potential cyber threats to maintain an organisation’s situational awareness.
Cyber Security Management
Cyber Security Management
The management of cyber security resources, staff and policies at an enterprise level in line with business objectives and regulatory requirements.
Incident Response
Incident Response
The preparation for, handling of and following up of cyber security incidents, to minimise the damage to an organisation and prevent recurrence.
Network Monitoring & Intrusion Detection
Network Monitoring & Intrusion Detection
The monitoring of network and system activity to identify unauthorised actions by users or potential intrusion by an attacker.
Vulnerability Management
Vulnerability Management
The management of the configuration of protected systems to ensure that any vulnerabilities are understood and managed.
Security Testing
Security Testing
The testing of a network, system, product or design, against the specified security requirements and/or for vulnerabilities (penetration testing).
Cryptography & Communications Security
Cryptography & Communications Security
The designing, development, testing, implementation and operation of a system or product to provide cryptographic and/or secure communications.
Secure Operations
Secure Operations
The management of an organisation’s information systems operations in accordance with the agreed Security Policy.
Identity & Access Management
Identity & Access Management
The management of policies, procedures and controls to ensure that only authorised individuals access information or computer-controlled resources.
Secure System Architecture & Design
Secure System Architecture & Design
The designing of an IT system to meet its security requirements, balancing this with its functional requirements.
Cyber Security Audit & Assurance
Cyber Security Audit & Assurance
The verification that systems and processes meet the specified security requirements and that processes to verify on-going compliance are in place.
Data Protection & Privacy
Data Protection & Privacy
The management of the protection of data, enabling an organisation to meet its contractual, legal and regulatory requirements.
Secure System Development
Secure System Development
The development and updating of a system or product, in conformance with agreed security requirements and standards, throughout its lifecycle.
Cyber Security Governance & Risk Management
Cyber Security Governance & Risk Management
The monitoring of compliance with agreed cyber security policies and the assessment and management of relevant risks.
Cyber Career Framework: pathways for the 15 specialisms in cyber security.
Pick a specialism to find out more.