Governance, Risk, and Compliance

Focuses on: Defining best practice and checking whether it’s adopted.

You might like these roles if:

• You like big-picture thinking about processes and systems.
• You can communicate very well, especially in writing.
• You can empathize and instruct in the same sentence.

Security Engineering and Architecture

Focuses on: Designing, creating, and checking secure things at a technical level.

You might like these roles if:

• You like designing software systems and connecting them.
• You can write and review code.
• You’re familiar with the software development lifecycle.

Blue Team: SOC, Incident Response, and Forensics

Focuses on: Responding to alerts and security events to triage, evaluate, and contain them. ****

You might like these roles if:

• You can think clearly and exude calmness under time-pressure.
• Being a “first responder” doesn’t phase you.
• You like the challenge of separating signal from noise.

Red Team: Pentesting, Ethical Hacking, Bug Bounty Hunt

Focuses on: Finding and proving security vulnerabilities in order to help get them fixed.

You might like these roles if:

• You like finding the most creative, unexpected way to solve a puzzle or re-appropriate something.
• You don’t mind working

Regulation and Enforcement

Focuses on: Setting and enforcing very high-level policies.

You might like these roles if:

• You have a legal and policy background.
• You like investigations, but slower than incident response.
• You’d rather work in the government, not private sector.
• Values like “justice” speak to you at a spiritual level.

Security Sales

Focuses on: Making money, closing deals.