fields-in-cyber-security

Warning

The contents in this page is written by AI. You may want to double-check the information here.

Cybersecurity is a broad field with many specialized areas. Here are the main ones, grouped into practical domains:

🔒 Core Domains

Network Security → Protecting data as it travels across networks (firewalls, IDS/IPS, VPNs).
Endpoint Security → Securing devices like laptops, servers, and mobile phones.
Application Security → Securing software during development and after deployment (e.g., code reviews, penetration testing, secure coding).
Cloud Security → Protecting cloud platforms (AWS, Azure, GCP) and shared-responsibility security.
Data Security & Privacy → Ensuring confidentiality, integrity, and proper handling of sensitive data.

Security Operations (SOC) → Monitoring, detecting, and responding to incidents.
Incident Response & Forensics → Handling breaches, investigating digital evidence.
Threat Hunting → Proactively searching for undetected threats inside networks.
Identity & Access Management (IAM) → Controlling who can access what.

Responsibilities

Penetration Testing → Simulating attacks to find vulnerabilities.
Red Teaming → Full-scope adversarial simulations.
Exploit Development → Creating and testing exploits.
Reverse Engineering & Malware Analysis → Breaking down malware and software to understand behavior.

Security Governance, Risk & Compliance (GRC) → Policies, frameworks (ISO 27001, NIST, GDPR, HIPAA).
Cybersecurity Policy & Law → Legal/regulatory aspects of cybercrime and data protection.
Security Architecture & Engineering → Designing secure systems from the ground up.

Cryptography → Encryption, digital signatures, secure protocols.
Operational Technology (OT) & ICS Security → Securing industrial control systems, SCADA.
IoT Security → Protecting connected devices (smart homes, medical devices).
Mobile Security → Protecting Android/iOS apps and devices.
AI/ML Security → Securing and attacking machine learning systems.