The Complexity of the “Cyber Security” Role — When 52 Becomes One

We have a problem when it comes to Cyber Security. The main problem is that many will define a “Cyber Security” Professional and think that it is one job function and where we can ask the person about a wide range of things from risk to IoT security. But it’s not true. It is just a name that we have attached to a growing area, and it gives very little hint as to where the expertise of a person might lie. And it doesn’t really define their level of expertise in the area.

One of the problems is that there are so many subject areas involved, and they can range from highly technical subjects such as Penetration Testing, Cryptography and Malware Analysis (the red circles in the diagram) to Human Factors, Risk and Organisation Factors (the blue circles):

NICE has tried to simplify this complexity, and all the various stakeholders involved, and create this abstraction of the problem: