What Human Capital Goes into Securing Software? Help Us Define Cybersecurity Job Roles in LF Research’s New Survey
Anna Hermansen | 10 May 2024
LF Training & Certification, ISC2, and LF Research are collaborating on a project to create a framework of cybersecurity professional roles. This project is seeking input from individuals with experience in the field to help validate the comprehensiveness and accuracy of the framework. In the Cybersecurity Job Role Survey, participants will be presented with selected job roles, each accompanied by a concise definition and a list of typical cybersecurity responsibilities. Feedback is sought on whether the definition and responsibilities are satisfactory or could be enhanced. If improvements are needed, respondents are encouraged to provide a brief description of what is lacking or requires modification.
Some of the job roles include:
Web Developer: constructing fundamental elements of web services and applications in the front end, the back end, or both. Cybersecurity responsibilities include ensuring secure code development and testing practices, implementing measures for data protection, managing user authentication and authorization processes, and consistently updating software components to maintain security standards.
Software / App Developer: developing applications tailored for platforms such as mobile, embedded systems, and desktop environments. Cybersecurity responsibilities entail ensuring secure code development and thorough testing, integrating essential security features into applications, and effectively managing vulnerabilities to maintain overall system integrity.
Platform Engineer / System Engineer / SRE: developing and maintaining application infrastructure to ensure automated, scalable, secure, and reliable application performance across software, hardware, and networking domains. Within this role, cybersecurity responsibilities include ensuring system hardening to fortify against potential threats, implementing network security measures to safeguard data transmission, and managing patch updates to address vulnerabilities promptly.
Systems Architect / Principal Engineer: designing the comprehensive structure of computer systems to align with the requirements and objectives of end users and stakeholders. Cybersecurity responsibilities include designing security architecture to mitigate potential risks, conducting thorough risk assessments to identify vulnerabilities, and ensuring system compliance with security standards and regulations.
Networking Engineer: designing, implementing, and administering computer networks, covering LANs, WANs, intranets, and extranets. Cybersecurity responsibilities encompass implementing access controls to regulate network access, collaborating closely with cybersecurity teams to address potential vulnerabilities and threats, and conducting penetration testing to identify and rectify weaknesses in network defenses.
IT Project Manager: overseeing the planning, execution, and successful completion of projects within the IT sector, ensuring adherence to timelines, budget constraints, and project scope. Cybersecurity responsibilities include integrating security best practices into project plans to ensure that security measures are incorporated from the outset and coordinating closely with cybersecurity teams to assess risks and develop appropriate mitigation strategies.
IT Services Management: delivering and overseeing IT services to meet business needs, which includes managing service delivery processes such as incident management, problem management, change management, and service-level management. Cybersecurity responsibilities include establishing and monitoring service-level agreements related to cybersecurity to uphold security standards, assessing risks associated with third-party vendor products or services to mitigate security vulnerabilities, and ensuring alignment of change management processes with security requirements to prevent gaps during system updates.
Beyond the seven roles listed here, we are also seeking input on DevOps / DevSecOps Engineers, AI Engineers / AI Data Scientists, Database Administrators and Architects, Solution Architects / Field Engineers, Cybersecurity Analysts, IT Auditors, and Security Administrators.
Do you have experience in or knowledge of any of these job roles? We need your help validating whether we’ve accurately captured these roles! We will use your feedback to refine the framework. The survey should only take five minutes to complete. As a token of appreciation, respondents will receive a code for a 30% discount on any Linux Foundation e-learning training course or certification exam upon completing the survey.
Anna Hermansen
About the Author
Similar Articles
Browse Categories
2023 Compliance and Security Cloud Computing Projects Linux How-To Diversity & Inclusion Open Source Open Source Best Practices 2022 Training and Certification Cross Technology LF Research 2024 Newsletter LFX AI Legal Linux Foundation Research Topic: Data Blog Linux Networking and Edge cybersecurity Cloud Native Computing Foundation Data Governance LF Energy Open Mainframe Open Models OpenChain System Administration Topic: Security Topic: Sustainability eBPF generative AI human capital kernel license compliance maintainer openssf techtalentsurvey