Security Basics Lesson 10 – Introduction to Security Careers | Dataplexa

Security Basics

I. Core Security Fundamentals
1. What is Cybersecurity 2. Why Cybersecurity Matters 3. Types of Cyber Threats 4. Vulnerabilities, Risks & Exploits 5. CIA Triad 6. Authentication vs Authorization 7. Security Policies & Procedures 8. Defense in Depth 9. Security Best Practices 10. Introduction to Security Careers
II. Systems, Network & App Security
11. OS Security Basics 12. Linux Security Fundamentals 13. Windows Security Fundamentals 14. Network Security Basics 15. Firewalls & Access Control 16. Secure Network Architecture 17. Application Security Basics 18. Web Security Fundamentals 19. Security Misconfigurations 20. Security Hardening Basics
III. Threats, Attacks & Prevention
21. Malware Types & Analysis 22. Phishing & Social Engineering 23. Password Attacks & Protection 24. Insider Threats 25. Denial of Service Attacks 26. Man-in-the-Middle Attacks 27. Web Application Attacks 28. Data Breaches & Case Studies 29. Security Monitoring Basics 30. Incident Response Introduction
IV. Governance, Risk & Real World
31. Risk Management Basics 32. Security Compliance Overview 33. ISO 27001 Fundamentals 34. SOC & Security Operations 35. Logging & Auditing 36. Security Tools Overview 37. Cloud Security Basics 38. Security Automation 39. Security Best Practices Checklist 40. Mini Project – Security Assessment
Section I · Lesson 10

Introduction to Security Careers

This lesson covers

The shape of the security job market → Blue team vs red team vs purple team → The six core role families → Certifications that actually move the needle → Entry paths that work — with or without a degree → Building a portfolio before your first job

There are currently over 3.5 million unfilled cybersecurity positions worldwide. Salaries at the mid-level consistently sit above the median income for most countries. Demand has outpaced supply for over a decade and shows no sign of slowing down. The field is not hard to break into because it's exclusive — it's hard to break into because most people don't know where to start. This lesson is the map.

Blue, red, and purple — the fundamental split

Security roles divide into two opposing mindsets, with a third that bridges them. Understanding this split helps you figure out where your natural inclinations point — and where to start building skills.

Blue team is defence. Monitoring, detection, incident response, threat hunting, SIEM management, vulnerability management. Blue teamers are the people watching the logs, responding to alerts, and working to keep systems secure and attackers out. The majority of security jobs are blue team roles. If you're drawn to investigation, pattern recognition, and systematic problem-solving, this is your lane.

Red team is offence — authorised offence. Penetration testers, ethical hackers, red teamers, and vulnerability researchers are paid to attack systems before real attackers do. The goal is to find weaknesses and report them so they can be fixed. Red team roles are fewer in number, typically require more experience to enter, and carry significant responsibility — the technical skills involved are identical to those used by criminals, applied with authorisation and ethics.

Purple team is the bridge — roles and exercises that combine offensive and defensive thinking. A purple team exercise has red team attack and blue team defend simultaneously, with both teams sharing knowledge in real time. Purple team roles are increasingly common in mature security organisations because the most effective defenders are the ones who understand how attacks actually work.

🛡 Blue Team

Defend, detect, respond. SOC analyst, incident responder, threat hunter, security engineer. Most roles, most entry points.

⚔ Red Team

Attack, find, report. Penetration tester, bug bounty hunter, red team operator, vulnerability researcher. Fewer roles, higher bar to entry.

🔀 Purple Team

Bridge both sides. Combines attack simulation with defensive improvement. Growing fast in mature security teams.

The six core role families

Security isn't one job — it's a collection of distinct specialisations that require different skills, different temperaments, and different career paths. Here are the six families that cover the majority of roles in the field.

Security Operations (SOC). The frontline. SOC analysts monitor security tools, triage alerts, investigate incidents, and escalate what they can't handle. Tier 1 analysts are the entry point for many people coming into security — high volume, pattern recognition, shift work, rapid skill development. SOC experience teaches you what real attacks look like at speed, which makes everything else in security easier to understand.

Penetration Testing. Authorised attackers. Pen testers assess systems, networks, and applications for vulnerabilities, exploit what they find, and produce reports that tell clients exactly what an attacker could do and how to stop it. Requires strong technical depth, good written communication, and the ability to explain complex findings to both technical and non-technical audiences. Most pen testers come from either a development background or several years of SOC or sysadmin work first.

Security Engineering. Building and maintaining the security infrastructure — SIEM platforms, endpoint detection tools, identity systems, network security controls. Security engineers sit at the intersection of security and infrastructure. They need both security knowledge and strong systems or cloud engineering skills. This is one of the highest-paying entry points for people transitioning from sysadmin or DevOps roles.

Application Security (AppSec). Securing software at the code level. AppSec engineers review code for vulnerabilities, integrate security tooling into development pipelines, and work with developers to fix issues before they ship. Requires understanding of both security and software development. The rise of DevSecOps has made AppSec skills increasingly valuable — organisations want security embedded in the development process, not bolted on afterwards.

Governance, Risk and Compliance (GRC). The policy, audit, and regulatory side of security. GRC professionals manage risk frameworks, handle compliance audits, write and maintain security policies, and translate regulatory requirements into technical controls. Less technical than other roles but requires deep understanding of risk management, frameworks like ISO 27001 and NIST, and the ability to communicate risk to business leadership. Often overlooked by people chasing technical roles — well-compensated and consistently in demand.

Incident Response and Digital Forensics. Called in when things go wrong. IR professionals contain breaches, eradicate attackers, restore systems, and figure out exactly what happened and how. Forensics specialists recover and analyse evidence from compromised systems — disk images, memory captures, network logs. High pressure, high skill requirement, often contracted rather than in-house at smaller organisations.

Certifications — which ones actually matter

The security certification landscape is enormous and inconsistent. Some certifications are genuine proof of skill. Others are checkbox exercises that signal compliance training rather than competence. Knowing the difference saves significant time and money.

Certification Level Best for Employer weight
CompTIA Security+ Entry First cert, government roles, broad baseline High
CompTIA CySA+ Intermediate SOC analysts, blue team roles High
eJPT (eLearnSecurity) Entry First offensive cert, practical hands-on Medium
CEH (EC-Council) Intermediate Government / corporate compliance roles Medium
OSCP (OffSec) Advanced Penetration testing roles, red team Very high
CISSP (ISC²) Advanced Senior / management / architect roles Very high
AWS/Azure Security Intermediate Cloud security engineering Very high

OSCP is different from every other cert on this list

The Offensive Security Certified Professional exam is 24 hours of live penetration testing against a network of machines you've never seen before — no multiple choice, no memorisation. You either compromise the machines or you don't. Employers who hire pen testers treat OSCP as proof of actual skill rather than studied knowledge. It's hard, expensive, and worth it for anyone serious about offensive security. Nothing else in the certification world tests practical ability the same way.

Entry paths that actually work

A computer science degree is one path into security. It is not the only path, and for many roles it is not even the most direct one. Hiring managers in security care more about demonstrated skill than credentials — and there are several ways to demonstrate skill before you have a job title.

Lateral move from IT. Sysadmins, network engineers, and developers who move into security bring foundational knowledge that pure security newcomers lack. If you already understand how Linux works, how networks route traffic, or how applications are built, you need to add the security layer — not learn everything from scratch. This is the fastest path for people already working in technology.

Home lab and CTFs. Capture the Flag competitions are structured security challenges that build real skills — web exploitation, binary analysis, network forensics, cryptography. Platforms like HackTheBox, TryHackMe, and PicoCTF let you practice against real systems in legal, controlled environments. A profile showing consistent CTF participation and progression tells an employer far more than a certificate.

Bug bounty. Platforms like HackerOne and Bugcrowd pay researchers to find vulnerabilities in real production systems under a defined scope. A bug bounty history with validated findings — even low-severity ones — is documented proof that you can find real vulnerabilities in real systems. For offensive roles especially, this carries significant weight with technical hiring managers.

Volunteering and open source. Contributing to open source security tools, writing public technical writeups of CTF solutions, or volunteering to help a small charity with their security posture builds both skills and visibility. The security community reads blogs, follows GitHub profiles, and respects people who share knowledge publicly.

Building a portfolio — the practical checklist

A portfolio in security is evidence of capability — something you can point to that shows you can actually do the work. Here's what a strong entry-level security portfolio contains:

# Entry-level security portfolio checklist

# ── PLATFORMS ──
# TryHackMe or HackTheBox profile with completed rooms / machines
# https://tryhackme.com  |  https://hackthebox.com

# ── HOME LAB ──
# Virtualbox or VMware setup with:
#   - Kali Linux (attacker machine)
#   - Metasploitable / DVWA (intentionally vulnerable targets)
#   - Windows Server (for AD attack/defence practice)
#   - pfSense or similar (for network/firewall practice)

# ── GITHUB ──
# Public repos showing:
#   - Security scripts (log parsers, port scanners, automation)
#   - CTF writeups with methodology explained
#   - Tool configurations (firewall rules, auditd configs, etc.)

# ── WRITEUPS ──
# Published walkthroughs of completed CTF challenges
# Blog or GitHub markdown — Medium, personal site, or GitHub Pages

# ── CERTIFICATIONS ──
# At minimum: CompTIA Security+ or TryHackMe's learning paths
# For offensive: eJPT before attempting OSCP

What just happened

This isn't a script — it's a structured roadmap. Each section represents a category of evidence that an employer can verify. A TryHackMe profile shows consistent learning. A home lab shows hands-on environment building. A GitHub with security scripts shows you can write tools, not just use them. Writeups show you can communicate findings clearly — a critical skill for any security role. You don't need all of these before applying to your first job. You need enough to demonstrate genuine engagement with the field.

Instructor's Note

The question I get asked most often is: "where do I start?" The answer is always the same — pick one platform, complete one room, write one paragraph about what you learned, and push it to GitHub. Not because that one room matters, but because the habit of learning-then-documenting is the entire career in miniature. Security moves fast. The people who last in it are the ones who never stop doing exactly that.

Practice Questions

A security professional is hired to simulate a real-world attacker against a company's infrastructure — finding vulnerabilities, exploiting them, and reporting findings before a real attacker does. Which team does this role belong to?




A penetration testing certification that involves 24 hours of live exploitation against unknown machines — no multiple choice, pass or fail based entirely on practical results. Which certification is this?




A security professional manages ISO 27001 compliance, conducts risk assessments, writes security policies, and communicates risk to the board. Which security role family does this describe?



Quiz

Hiring managers for penetration testing roles consistently value OSCP above other offensive certifications at the same level. What specifically sets it apart?



A candidate applying for a junior penetration testing role has no degree and no certifications but has three validated findings on HackerOne including a medium-severity IDOR. Why might a technical hiring manager prioritise this candidate?



A security engineer reviews pull requests for insecure code patterns, configures SAST tools in the CI/CD pipeline, and runs threat modelling sessions with the development team. Which role family does this describe?


Up Next · Section II — Lesson 11

OS Security Basics

The operating system is where every attack ultimately lands — understanding how it manages users, processes, and permissions is where the technical work really begins.

← Previous Course Index Next →