Cybersecurity personnel across multiple roles and functions work within four distinct areas: Government (Federal, State, County, Local), Corporate (public, private, not-for-profit, non-profit), Commercial (consulting, professional services), or Product (vendors). Cybersecurity professionals have shared knowledge and skills, but core skills are relevant to a role and function. A role and function have core tasks. Other tasks may be assigned as needed. However, the core tasks are stable over time.

Government

Government cybersecurity professionals typically work at the federal, state, county, or local level. Their roles and functions are similar to those within an industry sector, and their core tasks and activities will be similar based on their roles and functions.

Typically, these roles require security clearance.

Corporate

Cybersecurity professionals who work for private, public, not-for-profit, and non-profit organizations generally have well-established roles and functions with core tasks and activities. The larger the organization, the more separation of duties and the more specialized the roles become. Within smaller companies, cybersecurity professionals may have to stretch and wear many hats across multiple roles, core tasks, and activities.

Commercial

Cybersecurity professionals who work for consulting companies may staff augment or provide a resident contractor workforce. This generally means they operate like their corporate brethren. Otherwise, their core tasks and activities will focus entirely on the consultative, assessment, and solution architecture aspects of working for a consulting, integrator, or value-added reseller company.

Product

Cybersecurity professionals who work for a vendor. Although the vendor will have a corporate side, the primary roles and functions are embedded within the product development lifecycle. Cybersecurity professionals are actively involved in the design, development, and polishing of hardware and software the company sells. Skills are more in the weeds with computer/electrical engineering (semiconductor design, processor architectures) and software engineering (microcode, assembly, programming languages).

The lines can blur here because there is what the company sells to generate revenue and what is internally supported to protect the company. There can be roles and functions similar to government, corporate, and commercial (professional services). However, these people create next-generation tools within the overall cyber landscape.

Shared Skills

All cybersecurity professionals have shared skills and knowledge across cybersecurity domains. These are more intrinsic skills and knowledge that tend to make up a common core.

Consider this the cybersecurity/information security 101 kind of knowledge and skills. Admittedly, there might be considerable debate as to what would be common knowledge and skills for administrators, analysts, engineers, architects, and leadership.

Core Skills

Core skills or competencies are more in-depth skills specific to administrators, analysts, engineers, architects, and leadership. They will supplement shared skills and knowledge.

Vendor-specific skills are not considered because they will vary and differ between companies. Generally, this means those skills are built relative to the technology companies deploy. Company A) will potentially have a different SIEM than Company B) even if both have the same vulnerability management tool.

There are over 2,000+ cybersecurity, risk management, privacy, and related vendors. Addressing each vendor’s skills relative to the cybersecurity role and function would be nearly impossible.

Core Tasks

Core tasks are the activities of administrators, analysts, engineers, architects, and leaders. They define a cybersecurity program’s responsibilities and duties matrix relative to its target operating model and service catalog.

Cybersecurity Administrators

This section focuses on cybersecurity administrator-related skills. These are generally entry-level roles, not necessarily within the cybersecurity organization.

Cybersecurity Analysts

This section focuses on cybersecurity analyst-related skills. These roles emphasize analysis across different focus areas

Cybersecurity Engineers

This section focuses on cybersecurity engineer-related skills. These roles emphasize implementation, maintenance, and management.

Cybersecurity Architects

This section focuses on cybersecurity architect-related skills. These roles emphasize design, change management, and strategy delivery.

Cybersecurity Leadership

This section focuses on cybersecurity leadership-related skills. These roles emphasize leading, managing, operations, governance, and strategy.

As a working cybersecurity professional, every attempt is made to separate professional and personal endeavors in a manner consistent with reducing conflicts of interest and maintaining ethics. Statements contained within this site are the explicit and implicit goals, objectives, endorsements, and educated opinion of the author of this site and not those of current or former employers.

Image
© 2025 James J. Fisher, All Rights Reserved. Contact Me


This site only uses session cookies for maintaining the state of each page. Users are not tracked, and information is not stored, processed, or analyzed for any other purpose. However, third parties linked to this site may use tracking cookies and techniques outside of the realm of control for this site.