1

I've been interested in IT security for a bit (~1 year) and had a bit of experience with NSM as well as web security.

I want to have an overview of the entire industry, with all relevant niches and the association between them. The reasons for this are to (1) identify niches that aren't that known but very approachable (from a curiosity and business perspective) , (2) to understand dependencies between niches, (3) to see where I would actually fit in the best (I'm still not sure of a clear specialization)

When I started to get deeper into the industry "niches" I became overwhelmed seeing that it's a bigger industry than I imagined. I started enumerating every area I could imagine in the field, deriving "niches" from it (e.g. pentesting -> wireless pentesting -> wireless pentesting tools).

I'm having problems differentiating the fields/sub-fields from niches - an example that can be seen in the diagram below would be "secure disposal". Could that be considered a "field" having "secure document shredding" as a "niche" ?

It soon became messy.

Initial draft - yes, its messy

Then I started defining some classification criteria (should have been the first thing), but I'm lacking the words for some of them.

  • direction - offensive , defensive
  • location - network, host, app
  • area - technical, human, process
  • management/planning/time perspective - operational, tactic, strategic

At the moment I'm not clear on how to classify the niches. This can end up with multiple diagrams/overviews. Initially I wanted an all-in-one thing, but I'm not clear on how to continue.

Any ideas / words on better classifying / representing this in a visual would be appreciated.

gotgameg
  • 21
  • 2
  • 1
    I think this will probably be closed as too broad. But welcome to InfoSec! There are just too many topics to really give a definitive answer, and as these practices are ever changing any answer given will most likely not be complete a year from now. Question on specific processes or technologies are better for this forum. – RoraΖ Apr 14 '15 at 11:25
  • The advice is: start reading. Everything is inter-related here, not the least due to attackers' relentless search for weaknesses. Weaknesses often dwell at the borders of various competencies. – Deer Hunter Apr 14 '15 at 11:51
  • What you are attempting to do is build an *ontology* of cyber security (that can include many-to-many relationships). There have been many attempts at this, including attempts by scholarly, professional, commercial, and government entities. As suggested, start reading. Using the keyword "ontology" with other keyphrases like "cyber security", do some image searches and you'll see various attempts at visualization. I think you've already answered your question though: there really is no single way to simply map this all out that everyone would agree with. – cybermike Apr 14 '15 at 15:58
  • I wasn't looking for a "simple" way to do this, I wanted some ideas/suggestions at this. Reading on IT security and tech in general is a daily habit, but I will continue. Thank you for your suggestions! I will return with a blogpost link after I have come up with something worthwhile. – gotgameg Apr 16 '15 at 07:19

0 Answers0