This was first published on LinkedIn following Mike Lo‘s presentation at the inaugural EVOLVE APAC webinar, held by OffSec in late 2024.
The cybersecurity industry promises numerous opportunities for specialisation. As a young cybersecurity professional taking your first steps, deciding which path to pursue can be overwhelming.
Should you become a penetration tester, a security analyst, or focus on compliance?
During his presentation at OffSec EVOLVE APAC, Mike Lo, CyberSec, Red / Purple Teaming Expert CCSK, CISSP, Certified PMP, SAP, MCSE, MCNE, the Regional Director and Team Lead (Hong Kong, Taiwan, and Macau) at wizlynx group, highlighted the importance of identifying your interests early on: “It’s important that you need to know your interests… It makes you walk a less unnecessary route before you become an expert.”
In this post, we will explore the different domains within cybersecurity and how you can assess your strengths and interests to choose the right specialisation.
Understanding Different Domains in Cybersecurity
Cybersecurity is not a one-size-fits-all field. It spans multiple domains, each requiring different skill sets. Below are some of the most common specialisations:
1. Penetration Testing (Red Teaming)
Penetration testers, or ethical hackers and red teamers, simulate cyberattacks on systems to identify vulnerabilities before malicious actors do. It’s a highly technical role requiring a deep understanding of how systems work and how hackers might exploit them.
In addition, penetration testers need strong technical knowledge of operating systems, networks, and common vulnerabilities. You must also be proficient in scripting languages commonly used for automating tasks and exploiting system weaknesses such as Python or Bash. In addition, familiarity with hacking tools such as Metasploit and Burp Suite is essential for conducting comprehensive security assessments.
To validate their skills, penetration testers often pursue certifications like the OffSec Certified Professional (OSCP) or the CREST Registered Penetration Tester (CRT). These certifications help you demonstrate a strong understanding of ethical hacking techniques and the ability to exploit vulnerabilities in real-world environments.
2. Security Operations (Blue Teaming)
Security operations professionals focus on defending systems from cyber attacks by monitoring networks for suspicious activity and responding to real-time incidents.
They work in Security Operations Centers (SOCs) and are responsible for detecting and mitigating threats as they occur.
You’ll need a strong knowledge of network protocols and incident response procedures to be a successful Security Operations professional. You must also be skilled at using security information and event management (SIEM) tools such as Splunk or QRadar to monitor network activity and detect potential threats.
Certifications such as the OffSec Defense Analyst (OSDA) or Certified CyberDefender (CCD) are highly regarded in this field. These certifications help validate your ability to implement security measures, monitor systems effectively, and respond appropriately to security incidents.
3. Compliance & Governance
As a Compliance Officer, you will work closely with legal teams to ensure that organizations follow regulatory requirements related to data protection and cybersecurity such as GDPR (General Data Protection Regulation) or ISO 27001.
As a Compliance Officer, you’ll need a strong understanding of legal frameworks governing data protection and cybersecurity practices and have excellent risk management skills to evaluate an organization’s compliance with these standards.
Professionals in this domain often pursue certifications such as the Certified Information Systems Auditor (CISA) or the Certified Information Security Manager (CISM). These certifications demonstrate expertise in auditing security controls, managing risks, and ensuring compliance with relevant laws and regulations.
4. Security Engineering
Security engineers are responsible for designing secure systems by working closely with software developers to ensure that robust security is built into applications during the development process.
As a Security Engineer, you’ll need a deep understanding of software development practices, secure coding techniques, and how to integrate security into applications throughout their lifecycle. You must also be familiar with various encryption methods, authentication protocols, and system architecture design principles.
Certifications like the Certified Information Systems Security Professional (CISSP) or the Certified Secure Software Lifecycle Professional (CSSLP) are highly valuable for security engineers. These certifications validate your ability to design secure software systems and protect applications from potential threats during development.
Self-Assessment: Knowing Your Strengths
“You need to know yourself before you choose your path,” Mike advised.
Before choosing a specialisation, conduct a self-assessment to understand your strengths and weaknesses. Are you more technically inclined or better at communication? Do you enjoy solving puzzles or analysing data?
Here are some questions to ask yourself:
- Are you technically inclined? If you enjoy working with code or understanding how systems work at a deep level, roles like penetration testing or security engineering might suit you.
- Do you have strong communication skills? If you’re good at explaining complex concepts in simple terms or enjoy working with people, compliance roles might be a good fit.
- Do you enjoy problem-solving? If you love puzzles and figuring out how things work, penetration testing could be an exciting challenge.
If you’re technically proficient but lack soft skills like communication or teamwork, consider working on those areas as well—they’re crucial for career advancement no matter which path you choose.
Setting Milestones
Once you’ve identified your area of interest, it’s important to set milestones for yourself to help keep you on track and ensure you’re progressing toward your goals.
1. Certifications
Certifications are an excellent way to validate your skills in a particular domain. For example:
- If you’re interested in penetration testing, aim for certifications like OSCP (OffSec Certified Professional).
- If you’re more inclined toward compliance roles, certifications like CISA (Certified Information Systems Auditor) or CISSP (Certified Information Systems Security Professional) will be valuable.
2. Projects
Completing specific projects related to your chosen domain is another way to set milestones. For example:
- If you’re interested in penetration testing, try setting up a home lab where you can practice exploiting vulnerabilities.
- If you lean toward security operations, consider participating in Capture The Flag (CTF) competitions or contributing to open-source security projects.
Milestones help track progress and ensure you’re moving in the right direction.
Researching Your Chosen Domain
Before committing to any cybersecurity role, it’s crucial that you thoroughly research what each job entails.
“You need to do research prior before applying for any job roles,” Mike Lo emphasised.
He offered some ways to research different cybersecurity domains:
1. Job Descriptions
Read job descriptions for various cybersecurity roles on platforms like LinkedIn. This will give you an idea of what skills and level of experience employers are looking for.
2. Reach Out To Professionals
Networking is key, so reach out to professionals already working in the field you’re interested in through LinkedIn or local cybersecurity meetups. Ask them about their day-to-day responsibilities and what they enjoy most about their jobs.
3. Online Resources
There are numerous online resources available that provide insights into different cybersecurity fields:
- Blogs & Forums: Websites like Reddit’s r/cybersecurity or Medium have many professionals sharing their experiences.
- Online Courses: Platforms like OffSec, Coursera, or Udemy offer introductory courses in various cybersecurity domains, such as OffSec’s SEC-100.
Closing The Skill Gap
Once you’ve done your research and chosen your specialisation, it’s time to assess whether there are any gaps between where you are now and where you’d like to be.
Here’s how you can close these gaps:
1. Take Online Courses
Platforms like OffSec, Coursera, and Udemy offer courses tailored specifically for different cybersecurity domains. These courses help fill any knowledge gaps before diving into hands-on work.
2. Participate In Bootcamps
Bootcamps are intensive training programs designed to teach specific skills over a short period of time—usually one week or less. They’re great for learning hands-on skills quickly.
3. Gain Practical Experience
Theoretical knowledge is important but gaining practical experience is key! Internships or entry-level jobs provide invaluable hands-on experience that will help solidify what you’ve learned.
Conclusion
Choosing a specialisation in cybersecurity requires self-awareness and research into different domains within the field.
You can avoid unnecessary time-consuming detours and fast-track your career growth by first identifying your strengths through self-assessments and setting clear milestones, such as earning certifications and completing projects.
Remember: You’ll always be ready for tomorrow’s challenges if you stay curious about new technologies and trends!