The 10 Domains of Cybersecurity

Job Seekers

Do you want a chance to have an introductory 15-minute 1:1 with a recruiter who has a job you would like to apply for right now? Click on the register button below.

Recruiters & Talent Acquisition Teams.

Would like to have an unfettered view of the talent you’ve been looking for and be able to screen them in 10 minutes and know who you are trying to send up to while on a call with an entire group of eager “open to work” talented folks that will definitely fit the bill for your open roles?

Simply register below and I will personally facilitate a 1 hour webex call to make that happen.

The 10 Domains of Cybersecurity

So here is my plan.

I am going to hold 1-hour Webex meeting with all the Recruiters and candidates in one place so they can talk to each other. It starts by having you register for the meeting, Recruiters and Candidates alike.

Recruiters when you register, you will post the open jobs you are trying to fill.

Candidates will register for a Basic or Advanced account. You will fill out a form where you post your resume, cover letter and letters of reference, social media, personal websites and so on.

The way this works is that the recruiters will add the jobs they want to list into the platform to be persused by the candidates. If the candidate marks a job they are interested in. The recruiter can also see all the candidates that are participating and mark their profile as interested.

Then for the 1 hour call each candidate get the opportunity to do a 1 minute elevator pitch about themselves and each recruiters gets 1 minute to pitch their jobs.. You can then message message each other and set up a call to move forward with interviews.

The last 20 minutes of the call anyone on the call can ask questions of the group oveall or to another specific user on the system.. At the end of the call all of that motion transfer and broke me.

The Cost is FREE!!!!

Seeting is limited, there is only rooq

Cybersecurity Industries and Domains

What, you might ask, are industries and domains within cybersecurity? Simply put, industries are groups of related companies based on their primary business activities. Fields are specified spheres of knowledge and action within a discipline.

Why is it essential for those interested in a cybersecurity career to know the top industries and domains? Well, one reason is when you seek a cybersecurity job, it’s always good to know which industries are hiring the most professionals. Fields within cybersecurity are also crucial to know what knowledge is expected of you if you enter cybersecurity.

Industries in Cybersecurity

The U.S. Bureau of Labor Statistics (BLS) notes that, as of May 2019, the annual mean wage for information security analysts/cybersecurity professionals working in the U.S. was $104,201. The industries with the highest levels of employment for information security analysts/cybersecurity professionals are:

Computer Systems Design and Related Services
Management of Companies and Enterprises
Credit Intermediation and Related Activities
Management, Scientific, and Technical Consulting Services
Insurance Carriers

Industries with the highest concentration of employment for information security analysts are:

Monetary Authorities – Central Bank
Computer Systems Design and Related Services
Data Processing, Hosting, and Related Services
Telecommunications
Management of Companies and Enterprises

But what most people want to know is, what are the highest-paying industries for information security occupations? According to the BLS, they are:

Residential Building Construction, where information security analysts earned an annual mean wage of $130,400
Semiconductor and Other Electronic Component Manufacturing, where they earned an annual mean wage of $127,360
Legal services, where the annual mean wage was $125,230
Automotive Repair and Maintenance, where the annual mean wage was $123,720
Securities, Commodity Contracts, and other Financial Investments and related activities, where their annual mean wage was $121,230

As you can see, these industries all pay well more than the average annual salary for cybersecurity professionals.

Another exciting consideration undertaken by the Infosec Institute is which industries are the biggest targets for cybercriminals. These industries especially need cybersecurity professionals, as they are more likely to experience cyber breaches and attacks than other industries. According to Infosec, they include:

Healthcare – In 2015, the healthcare industry experienced the highest number of data breaches. The consequences of each healthcare breach can cost healthcare institutions as much as $200 per patient record. Preventing these breaches, however, costs just $8 per record.
Manufacturing– This includes automotive, electronics, and pharmaceutical companies and is vulnerable to cybercrime. Cyberattackers think this is a rich industry; therefore, if they attack it, they expect larger payouts. Security compliance and risk management need much improvement within this industry sector.
Financial services– In 2014, the financial services industry experienced the most cyberattacks. They have since made more significant investments in cybercrime security awareness and prevention. However, this industry still experiences many attacks due to the ease of compromising their security systems.
Government agencies– Cyberattacks against government agencies receive a large amount of media coverage, making attacks on this industry relatively high profile. This is one draw to hackers to attack the cyber systems of government agencies. Government agencies are now engaging in more employee security awareness training, but more needs to be done.
Education—Hackers see the education industry as quite lucrative, containing much personal, financial, and contact information. Educational records can also be hacked to change identities and obtain employment opportunities. Cybercrime has declined some in the education industry, but it continues.

Domains in Cybersecurity

The International Information System Security Certification Consortium, otherwise known as (ISC)2, is a nonprofit organization that offers some of the leading training and industry certifications in cybersecurity. For years, the domains they cover within their Certified Information Systems Security Professional (CISSP) examination have been considered Certified Information Systems Security Professional (CISSP) examination have been considered to be the definitive cybersecurity domains. When they updated the CISSP certificate structure in 2015, the domains were changed from 10 to eight. These eight domains, which have been widely accepted within the cybersecurity community, are:

Security & Risk Management
Asset Security
Security Engineering
Communications & Network Security
Identity & Access Management
Security Assessment & Testing
Security Operations
Software Development Security

Let’s examine each of these domains in greater detail:

Security and Risk Management

Security and risk management is the largest domain in CISSP, accounting for 15 percent of the certification examination. This domain provides an overview of information systems security management and covers the following:

The availability, integrity, and confidentiality of information
Principles of security governance
Compliance requirements
Legal and regulatory issues in information security
Information technology procedures and policies
Risk-based management concepts

Asset Security

Accounting for ten percent of the CISSP exam, the domain of asset security includes the physical requirements of information security. Involved in this are:

Handling requirements
Data security controls
Retention periods
Privacy
Classification/ownership of information and assets

Security Engineering

Making up 13 percent of the CISSP exam, the domain of security engineering covers the following concepts:

Designing and implementing physical security
Cryptography
Assessing and mitigating system vulnerabilities
Security capabilities within information systems
Fundamental concepts of security models
Engineering processes using secure design principles

Communications & Network Security

Accounting for 14 percent of the CISSP exam, the communications and network security domain covers how an organization’s networks are designed and protected. It includes:

Secure communication channels
Secure network components
Secure design principles for network architecture

Identity & Access Management

Comprising 13 percent of the CISSP exam, the domain of identity and access management involves controlling how users can access data. Included within this domain are the following concepts:

Identity and access provisioning lifecycle
Authorization mechanisms
Integrating identity as a service
Third-party identity services
Identification and authentication
Physical and logical access to assets

Security Assessment & Testing

Making up 12 percent of the CISSP exam, the domain of security assessment and testing focuses on the performance, design, and analysis of security testing and includes:

Internal and third-party security audits
Test outputs
Collecting security process data
Security control testing
Designing and validating assessment and test strategies

Security Operations

This domain accounts for 13 percent of the CISSP exam and addresses how plans are implemented. Concepts covered here include:

Business continuity
Managing physical security
Disaster recovery
Incident management
Applying resource protection techniques
Foundational security operations concepts
Securing the provision of resources
Logging and monitoring activities
Requirements for investigation types
Understanding and supporting investigations

Software Development Security

This final domain comprises 10 percent of the CISSP exam and helps cybersecurity professionals understand, apply and enforce software security. Included within this domain are these concepts:

Secure coding guidelines and standards
Effectiveness of software security
Security controls in development environments
Security in the software development life cycle.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

My Sales Engineer Ethos

Portfolio of Projects

Cybersecurity

SASE Projects

Enablement

Original Article Categories

Top Original Articles

My Favorite Original

Curated Categories

Top Curated Articles

My Favorite Curated

My Resume/CV

My Podcasts & Videos

Conferences & Travel

About Me

The 10 Domains of Cybersecurity

Job Seekers

Recruiters & Talent Acquisition Teams.

The 10 Domains of Cybersecurity

Cybersecurity Industries and Domains

Industries in Cybersecurity

Domains in Cybersecurity

Security and Risk Management

Asset Security

Security Engineering

Communications & Network Security

Identity & Access Management

Security Assessment & Testing

Security Operations

Software Development Security

Tony DeGonia

Follow Me

Main Menu

Original Articles

Curated Articles

Projects | Cybersecurity

Projects | SASE

Projects | Enablement

Travel

Join my mailing list