C O O LE ST CA R E E R S I N CYB E R

Organizations are hiring individuals with a unique set of skills and capabilities, and seek those who have the abilities and knowledge to fulfill many new job roles in the cybersecurity industry.
The coolest careers in cybersecurity are the most in-demand by employers. Which jobs are the coolest and most in-demand? We know; let us show you the hottest cybersecurity jobs for 2023.

Curricula: Cyber Defense Digital Forensics Offensive Operations Cybersecurity Leadership Cloud Security Industrial Control Systems Purple Team SEC460 GEVA GIAC Certification with course

01 02 03 04
Threat Hunter (Threat/Warning Analyst) Red Teamer (Adversary Emulation Specialist) Digital Forensic (Cyber Defense Forensics Analyst) Purple Teamer
This expert applies new threat intelligence against existing evidence to identify attackers that In this role you will be challenged to look at problems and situations from the perspective This expert applies digital forensic skills to a plethora of media that encompass an investigation. In this fairly recent job position, you have a keen understanding of both how cybersecurity
have slipped through real-time detection mechanisms. The practice of threat hunting requires of an adversary. The focus is on making the Blue Team better by testing and measuring the The practice of being a digital forensic examiner requires several skill sets, including evidence defenses (“Blue Team”) work and how adversaries operate (“Red Team”). During your day-to-
several skill sets, including threat intelligence, system and network forensics, and investigative organization’s detection and response policies, procedures, and technologies. This role includes collection, computer, smartphone, cloud, and network forensics, and an investigative mindset. day activities, you will organize and automate emulation of adversary techniques, highlight
development processes. This role transitions incident response from a purely reactive investigative performing adversary emulation, a type of Red Team exercise where the Red Team emulates how These experts analyze compromised systems or digital media involved in an investigation that can possible new log sources and use cases that help increase the detection coverage of the SOC, and
process to a proactive one, uncovering adversaries or their footprints based on developing an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a be used to determine what really happened. Digital media contain footprints that physical forensic propose security controls to improve resilience against the techniques. You will also work to help
intelligence. specific objective similar to those of realistic threats or adversaries. It can also include creating data and the crime scene may not include. coordinate effective communication between traditional defensive and offensive roles.
custom implants and C2 frameworks to evade detection.
“Digging below what Why is this role important? “The only way to test a “Forensics is about diving Why is this role important? “The combination of Why is this role important?
commercial anti-virus
Threat hunters proactively seek evidence of attackers that were not identified by traditional
full catalog of defense Why is this role important? deep into any system and
You are the sleuth in the world of cybersecurity, searching computers, smartphones, cloud data,
red team blue team Help blue and red understand one another better! Blue Teams have traditionally been talking
systems are able to is to have a full catalog device and locating the operations is very
detection methods. Their discoveries often include latent adversaries that have been present for This role is important to help answer the common question of “can that attack that brought down and networks for evidence in the wake of an incident/crime. The opportunity to learn never stops. about security controls, log sources, use cases, etc. On the other side Red Teams traditionally
detect to find embedded of offense measure its problem so as to develop interesting and you get
threat actors in client extended periods of time. effectiveness. Security company, happen to us?” Red Teamers will have a holistic view of the organization’s preparedness a solution.” Technology is always advancing, as is your career. to see both sides. I have talk about payloads, exploits, implants, etc. Help bridge the gap by ensuring red and blue are
environments makes this scanning is the bare for a real, sophisticated attack by testing the defenders, not just the defenses. been on a Purple Team speaking a common language and can work together to improve the overall cybersecurity
- Patricia M
job special. Shoutout
to Malware and Threat
Recommended courses minimum and having
Red Team perform
Recommended courses for a while now and it has
driven a lot of positive
posture of the organization!
Intelligence Analysts who various operations from Recommended courses “Data doesn’t lie, and the change for us.” Recommended courses
contribute their expertise
FOR508 GCFA FOR532 FOR572 GNFA FOR578 GCTI FOR608 FOR610 GREM different points will digital forensic analyst
FOR308 FOR498 GBFA FOR500 GCFE FOR508 GCFA FOR509 GCFR FOR518 GIME
to make threat hunters help the organization SEC504 GCIH SEC542 GWAPT SEC560 GPEN SEC565 looks at the data to
- Andrew R
SEC599 GDAT SEC699 SEC504 GCIH SEC568 SEC598
more effective against
SEC497 GOSI SEC504 GCIH SEC541 GCTD ICS515 GRID ICS612 fix weaknesses where it convey the stories that
FOR532 FOR572 GNFA FOR585 GASF SEC501 GCED
adversaries.” matters.” SEC660 GXPN SEC670 SEC699 SEC760 they tell.”
- Ade Muhammed - Beeson Cho - Anthony Wo

05 06 07 08
Malware Analyst Chief Information Security Officer (CISO) Blue Teamer – All-Around Defender Security Architect (NICE) and Engineer
Malware analysts face attackers’ capabilities head-on, ensuring the fastest and most effective
response to and containment of a cyber-attack. You look deep inside malicious software to
(Executive Cyber Leadership) (Cyber Defense Analyst) Design, implement, and tune an effective combination of network-centric and data-centric controls
to balance prevention, detection, and response. Security architects and engineers are capable of
understand the nature of the threat – how it got in, what flaw it exploited, and what it has done, is The CISO leads staff in identifying, developing, implementing, and maintaining processes across the This job, which may have varying titles depending on the organization, is often characterized by the looking at an enterprise defense holistically and building security at every layer. They can balance
trying to do, or has the potential to achieve. organization to reduce information and information technology risks. CISOs respond to incidents, breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person business and technical requirements along with various security policies and procedures to
establish appropriate standards and controls, manage security technologies, and direct the who may be a primary security contact for a small organization, and must deal with engineering implement defensible security architectures.
Why is this role important? establishment and implementation of policies and procedures. The CISO is also usually responsible and architecture, incident triage and response, security tool administration and more.
If you’re given a task to exhaustively characterize the capabilities of a piece of malicious code, you
for information-related compliance, such as supervising efforts to achieve ISO/IEC 27001 certification Why is this role important?
“Being a malware “The chief gets to for an entity or a part of it. Typically, the CISO’s influence reaches the entire organization. “In this day and age, Why is this role important? “A security architect
know you’re facing a case of the utmost importance. Properly handling, disassembling, debugging, A security architect and engineer is a versatile Blue Teamer and cyber defender who possesses an
analyst provides a great coordinate the plans. we need guys that are This job role is highly important as it often shows up in small to mid-size organizations that do not needs to understand
and analyzing binaries requires specific tools, techniques, and procedures and the knowledge of arsenal of skills to protect an organization’s critical data, from the endpoint to the cloud, across
opportunity to pit your The chief gets to know Why is this role important? good at defense and
have budget for a full-fledged security team with dedicated roles for each function. The all-around work flows, networks,
reverse engineering how to see through the code to its true functions. Reverse engineers possess these precious skills, the team, know them understand how to business requirements, networks and applications.
skills against the skills and can be a tipping point in the favor of the investigators during incident response operations. well and disperse The trend is for CISOs to have a strong balance of business acumen and technology knowledge in harden systems.” defender isn’t necessarily an official job title as it is the scope of the defense work such defenders project plans and
of malware authors who Whether extracting critical signatures to aid in better detection, or producing threat intelligence to them appropriately to order to be up to speed on information security issues from a technical standpoint, understand
- David O
may do – a little bit of everything for everyone. sometimes even budget Recommended courses
often do everything in strategically defend and how to implement security planning into the broader business objectives, and be able to build a restraints. A very
inform colleagues across an industry, malware analysts are an invaluable investigative resource.
their power to make the
software as confusing as
test org networks and
security posture.“
longer lasting security and risk-based culture to protect the organization. Recommended courses diversified role!” SEC503 GCIA SEC505 GCWN SEC511 GMON SEC530 GDSA SEC549
possible.” Recommended courses - Anastasia Edwards Recommended courses SEC450 SEC503 GCIA SEC505 GCWN SEC511 GMON
- Chris Bodill

- Bob Pardee FOR518 GIME FOR585 GASF FOR610 GREM FOR710 SEC501 GCED MGT512 GSLC MGT514 GSTRT MGT516 MGT520 MGT521 MGT551 GSOM SEC530 GDSA SEC555 GCDA SEC586
MGT553 SEC566 GCCC ICS418

09 10 11 12
Cyber Defense Incident Responder/Law Cybersecurity Analyst/Engineer OSINT Investigator/Analyst Technical Director
Enforcement Counterintelligence Forensics Analyst (Systems Security Analyst) These resourceful professionals gather requirements from their customers and then, using open
sources and mostly resources on the internet, collect data relevant to their investigation. They may
(Information Systems Security Manager)
This dynamic and fast-paced role involves identifying, mitigating, and eradicating attackers while As this is one of the highest-paid jobs in the field, the skills required to master the responsibilities This expert defines the technological strategies in conjunction with development teams, assesses
research domains and IP addresses, businesses, people, issues, financial transactions, and other
their operations are still unfolding. involved are advanced. You must be highly competent in threat detection, threat analysis, and threat risk, establishes standards and procedures to measure progress, and participates in the creation
targets in their work. Their goals are to gather, analyze, and report their objective findings to their
Why is this role important? protection. This is a vital role in preserving the security and integrity of an organization’s data. clients so that the clients might gain insight on a topic or issue prior to acting. and development of a strong team.
While preventing breaches is always the ultimate goal, one unwavering information security reality Why is this role important? Why is this role important?
is that we must assume a sufficiently dedicated attacker will eventually be successful. Once it has Why is this role important?
“Incidents are bound to been determined that a breach has occurred, incident responders are called into action to locate “It doesn’t become much This is a proactive role, creating contingency plans that the company will implement in case of a successful “A technical director must With a wide range of technologies in use that require more time and knowledge to manage, a
“Being an OSINT There is a massive amount of data that is accessible on the internet. The issue that many
occur and it is important the attackers, minimize their ability to damage the victim, and ultimately remove them from the more versatile than in attack. Since cyber attackers are constantly using new tools and strategies, cybersecurity analysts/ investigator allows me have strong cybersecurity global shortage of cybersecurity talent, an unprecedented migration to cloud, and legal and
people have is that they do not understand how best to discover and harvest this data. OSINT
that we have people environment. This role requires quick thinking, solid technical and documentation skills, and the this role, as oftentimes engineers must stay informed about the tools and techniques out there to mount a strong defense. to extract information in knowledge, a strategic
regulatory compliance often increasing and complicating the matter more, a technical director
with the right skill set to ability to adapt to attacker methodologies. Further, incident responders work as part of a team, you’ll be challenged unique and clever ways investigators have the skills and resources to discover and obtain data from sources around the view of the organization’s
manage and mitigate the with a wide variety of specializations. Ultimately, they must effectively convey their findings to with whathever tasks Recommended courses and I am never bored. world. They support people in other areas of cybersecurity, intelligence, military, and business. infrastructure and plays a key role in successful operations of an organization.
loss to the organization or projects customers One day I’m working on They are the finders of things and the knowers of secrets. what’s to come, and
audiences ranging from deep technical to executive management.
from these incidents.” or managers envision, SEC401 GSEC SEC450 SEC501 GCED SEC503 GCIA SEC530 GDSA SEC555 GCDA a fraud investigation and communication skills. Recommended courses
Recommended courses ranging from simple the next I’m trying to
Recommended courses
These things are hard to
- Anita Ali analysis support to SEC504 GCIH SEC554 FOR508 GCFA FOR509 GCFR MGT551 GSOM SEC510 GPCS locate a missing person. get, and I would imagine MGT512 GSLC MGT514 GSTRT MGT516 MGT551 GSOM SEC566 GCCC ICS418
FOR508 GCFA FOR509 GCFR FOR518 GIME FOR532 FOR572 GNFA FOR578 GCTI introducing new solutions This job always tests my
SEC497 GOSI SEC587 FOR578 GCTI
this job to be very
and implementing whole SEC540 GCSA SEC549 ICS410 GICSP ICS456 GCIP capabilities, stretches challenging, no matter
FOR608 FOR610 GREM FOR710 SEC402 ICS515 GRID SEC504 GCIH services such as a SOC.” my critical thinking skills, the organization size or
and lets me feel like I’m business.”
- Harun Kuessner
making a difference.” - Francisco Lugo
- Rebecca Ford

13 14 15 16
Cloud Security Analyst Intrusion Detection/SOC Analyst Security Awareness Officer Vulnerability Researcher & Exploit Developer
The cloud security analyst is responsible for cloud security and day-to-day operations. This role
contributes to the design, integration, and testing of tools for security management, recommends
(Cyber Defense Analyst) (Security Awareness & (Vulnerability Assessment Analyst)
configuration improvements, assesses the overall cloud security posture of the organization, and Security Operations Center (SOC) analysts work alongside security engineers and SOC managers to
implement prevention, detection, monitoring, and active response. Working closely with incident
Communications Manager) In this role, you will work to find 0-days (unknown vulnerabilities) in a wide range of
applications and devices used by organizations and consumers. Find vulnerabilities
provides technical expertise for organizational decision-making.
response teams, a SOC analyst will address security issues when detected, quickly and effectively. Security Awareness Officers work alongside their security team to identify their organization’s top before the adversaries!
human risks and the behaviors that manage those risks. They are then responsible for developing
Why is this role important? With an eye for detail and anomalies, these analysts see things most others miss.
and managing a continous program to effectively train and communicate with the workforce to Why is this role important?
With an unprecedented move from traditional on-premise solutions to the cloud, and a shortage
“This role is essential “The intrusion analyst Why is this role important? “This role allows me
exhibit those secure behaviors. Highly mature programs not only impact workforce behavior but
“I think researchers will Researchers are constantly finding vulnerabilities in popular products and applications
of cloud security experts, this position helps an organization position itself thoughtfully and also create a strong security culture.
to find and patch is the guard at the SOC analysts help organizations have greater speed in identifying attacks and remedying them to use my previous play a crucial role in ranging from Internet of Things (IoT) devices to commercial applications and network
securely in a multicloud environment necessary for today’s business world.
vulnerabilities in the gate and can get great
before they cause more damage. They also help meet regulation requirements that require security experience to influence years to come. They will devices. Even medical devices such as insulin pumps and pacemakers are targets. If we
cloud environment to job satisfaction from proper security Why is this role important? be able to identify and don’t have the expertise to research and find these types of vulnerabilities before the
ensure that crackers and Recommended courses detecting and stopping monitoring, vulnerability management, or an incident response function. behaviors, effectively
People have become the top drivers of incidents and breaches today, and yet the problem is that
help us prepare for the
adversaries, the consequences can be grave.
hackers are unauthorized network intrusions.” improving our company’s vulnerability before it is
in cloud environments.” SEC488 GCLD SEC510 GPCS SEC541 GCTD SEC401 GSEC Recommended courses defenses. And the rapidly most organizations still approach security from a purely technical perspective. Your role will be exploited by the hacker
- Chuck Ballard
evolving nature of threats key in enabling your organization to bridge that gap and address the human side also. Arguably so instead of responding Recommended courses
- Ben Yee FOR509 GCFR SEC588 GCPN SEC450 SEC503 GCIA SEC511 GMON SEC555 GCDA means my job is never one of the most important and fastest growing fields in cyber security today. to incidents we will then
boring.” be able to proactively SEC660 GXPN SEC661 SEC670 SEC760
FOR508 GCFA FOR572 GNFA FOR532 SEC504 GCIH prepare ourselves for the
- Sue DeRosier Recommended courses future issues.”

MGT433 SSAP MGT512 GSLC MGT521 - Anita Ali

17 18 19 20
Application Pen Tester ICS/OT Security Assessment Consultant DevSecOps Engineer Media Exploitation Analyst
(Secure Software Accessor) (ICS/SCADA Security Engineer) (Information Systems Security Developer) (Cyber Crime Investigator)
Application penetration testers probe the security integrity of a company’s applications and One foot in the exciting world of offensive operations and the other foot in the critical process As a DevSecOps engineer, you develop automated security capabilities leveraging best of breed This expert applies digital forensic skills to a plethora of media that encompasses an investigation.
defenses by evaluating the attack surface of all in-scope vulnerable web-based services, client- control environments essential to life. Discover system vulnerabilities and work with asset owners tools and processes to inject security into the DevOps pipeline. This includes leadership in key If investigating computer crime excites you, and you want to make a career of recovering file
side applications, servers-side processes, and more. Mimicking a malicious attacker, app pen and operators to mitigate discoveries and prevent exploitation from adversaries. DevSecOps areas such as vulnerability management, monitoring and logging, security operations, systems that have been hacked, damaged or used in a crime, this may be the path for you. In this
testers work to bypass security barriers in order to gain access to sensitive information or enter a security testing, and application security. position, you will assist in the forensic examinations of computers and media from a variety of
company’s internal systems through techniques such as pivoting or lateral movement. Why is this role important? sources, in view of developing forensically sound evidence.
“It is not only about “Working in this type of Security incidents, both intentional and accidental in nature, that affect OT (primarily in ICS “From my point of view Why is this role important? “This is like solving a
using existing tools Why is this role important? industry, I can see how systems) can be considered to be high-impact but low-frequency (HILF); they don’t happen often, it is a highly demanded DevSecOps is a natural and necessary response to the bottleneck effect of older security models puzzle or investigating Why is this role important?
and methods, you the demand is increasing position by companies a crime. There is an
Web applications are critical for conducting business operations, both internally and but when they do the cost to the business can be considerable. on the modern continuous delivery pipeline. The goal is to bridge traditional gaps between IT and You are often the first responder or the first to touch the evidence involved in a criminal act.
must be creative and so rapidly that companies which need to offer exciting element to
externally. These applications often use open source plugins which can put these apps at security while ensuring fast, safe delivery of applications and business functionality. Common cases involve terrorism, counter-intelligence, law enforcement and insider threat. You are
understand the logic
of the application and risk of a security breach.
starting to desperately
looking for people with Recommended courses flexible, agile and secure
solutions to their clients’
the unknown and the
technical complexity of the person relied upon to conduct media exploitation from acquisition to final report and are an
make guesses about the proper skillsets.”
ICS410 GICSP ICS456 GCIP ICS515 GRID ICS612 SEC560 GPEN developers.” Recommended courses countermeasures. The integral part of the investigation.
infrastructure.” Recommended courses - Ali Alhajhouj - Antonio Esmoris
sensitivity of content
SEC488 GCLD SEC510 GPCS SEC522 GWEB SEC540 GCSA and potential to get real
Recommended courses
- Dan-Mihai Negrea SEC542 GWAPT SEC560 GPEN SEC575 GMOB SEC588 GCPN evidence on something is
exciting.”
FOR308 FOR498 GBFA FOR500 GCFE FOR508 GCFA FOR518 GIME FOR532
SEC660 GXPN SEC760 - Chris Brown
FOR572 GNFA FOR585 GASF