paint-brush
The Most Neglected Roles in Cybersecurity are Your Best Bet for Employmentby@davidecarmeci

The Most Neglected Roles in Cybersecurity are Your Best Bet for Employment

by Davide CarmeciNovember 19th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

This article highlights the significant, yet often neglected, roles of defensive cybersecurity teams, contrasting them with the more glamorous offensive (red team) roles. It underscores the importance of blue team skills in an evolving digital threat landscape, especially in the context of AI's growing role in cybersecurity. The article also provides insights into various blue team job roles and their responsibilities, backed by data on their demand and lucrative nature in the job market. Additionally, it offers valuable resources for those looking to start a career in cybersecurity, emphasizing the need for critical thinking and strategic skills in the field.

People Mentioned

Mention Thumbnail
featured image - The Most Neglected Roles in Cybersecurity are Your Best Bet for Employment
Davide Carmeci HackerNoon profile picture


Cybersecurity headlines are often dominated by ethical hackers, also known as red teamers. There's an inherent appeal in breaking things as opposed to protecting them from being broken.

The education system seems to be pointing in the same direction, probably because the founders of many cybersecurity training companies (at least those I consider good) are all ethical hackers themselves.


Iconic roles in the community, like Kevin Mitnick (who tragically passed away this year) the person for whom the word 'Hacker' was practically invented, ended up working as an ethical hacker.


Even the depiction of cybersecurity professionals at work in movies is all about attackers: think of Hackers (a classic), Mr. Robot, and in my humble opinion, even Neo in the first Matrix movie was a pentester in training.


So, with these among many other reasons making red-teaming more glamorous, if you look at the list of roles that are mostly sought after by employers, it’s easy to see that the real opportunities in cybersecurity (and your higher chance to find a job) are all about becoming proficient in one of the many essential and still underrated defensive roles, also known as blue team.


Cybersecurity Defense: The Art of Critical Thinking

I truly understood the critical importance of blue teamers in 2016 during a conversation with the IT director of a Fortune 500 company. As we discussed training and hiring needs, he shared a revealing insight:


'For every pentester we hire, we need to bring on 10 SOC analysts, and it's incredibly hard to find them. We seek fresh graduates with the right mindset, looking specifically for critical thinkers.'

This conversation was a pivotal moment for me, revealing the often overlooked but immense value of the blue team in cybersecurity. While the red team's successes often grab the limelight, it is the intricate artistry and critical thinking within the blue team's defense where the real battle is waged. Unlike the straightforward objective of a red teamer finding vulnerabilities, the blue team's role involves anticipating and protecting against a myriad of potential threats.


In this nuanced world, a defensive cybersecurity professional must be proficient in technology and also master the art of prediction and strategy. It's a continuous game of mental chess, where each move requires careful consideration and foresight. Their work is less about the adrenaline rush of the attack and more about the calculated, ongoing process of safeguarding. The blue team's role is about constructing an impenetrable fortress, constantly evolving and adapting to new challenges.

Blue Teams roles and job descriptions

The realm of blue team roles is diverse and requires skill sets that are different and equally challenging.


With the help of CyberSeek, a tool that provides data on the cybersecurity job market, we can review a breakdown of the most sought-after blue team role and the correspondent area of the NICE framework.


Job Role

NICE Area

Cybersecurity Analyst/SOC Analyst

Protect and Defend (PR)

Cybersecurity Manager

Oversee and Govern (OV)

Cybersecurity Engineer

Securely Provision (SP)

IT Auditor

Oversee and Govern (OV)

Cybersecurity Specialist

Operate and Maintain (OM)

Cybersecurity Consultant

Oversee and Govern (OV)

Incident & Intrusion Analyst

Protect and Defend (PR)

Cybersecurity Architect

Securely Provision (SP)

Cyber Crime Analyst

Investigate (IN)


Cybersecurity Analyst/SOC Analyst

Cybersecurity Analysts and SOC Analysts are responsible for monitoring organizational networks for security breaches and investigating when a breach occurs. They implement and maintain security measures to protect systems from cyber threats.


Cybersecurity Manager

Cybersecurity Managers develop and oversee the implementation of policies and procedures to ensure that an organization's data and infrastructure are protected. They manage a team of cybersecurity professionals and coordinate security initiatives across departments.


Cybersecurity Engineer

Cybersecurity Engineers focus on designing and building secure systems. They are responsible for the technical implementation of security systems that prevent attacks and ensure the integrity and confidentiality of sensitive data.


IT Auditor

IT Auditors evaluate the effectiveness of an organization’s IT controls, policies, and procedures. They ensure compliance with laws and regulations, safeguarding against inefficiencies and ensuring the security of IT systems and business operations.


Cybersecurity Specialist

Cybersecurity Specialists are hands-on professionals who address various aspects of information security, from configuring networks and patching vulnerabilities to running risk assessment and response protocols.


Cybersecurity Consultant

Cybersecurity Consultants assess cybersecurity risks, problems, and solutions for different organizations and advise on best security practices. They may also design and implement security solutions.


Incident & Intrusion Analyst

These analysts detect and respond to cyber incidents and intrusions. They analyze security breaches to understand the root cause, mitigate damage, and develop strategies to prevent future incidents.


Cybersecurity Architect

Cybersecurity Architects are responsible for creating, maintaining, and updating an organization's security architecture. They plan and design security systems that address the

organization's needs against cyber threats.


Cyber Crime Analyst

Cyber Crime Analysts focus on investigating cybercrimes. They collect evidence, analyze data breaches, and work with other cybersecurity professionals to prevent future cybercrimes.


To complete the overview, always with the help of Cyberseek data, we can see how 6 out of 7 of
the highest-paying cybersecurity job titles in the US are for blue team roles:


●      Security Architect: $151,547

●      Cybersecurity Manager: $128,665

●      Cybersecurity Engineer: $127,094

●      Security Analyst: $107,517

●      Cybersecurity Specialist: $106,265

●      IT Security Auditor: $105,692


This analysis highlights the significance and the highly rewarding nature of blue team roles in the cybersecurity field.


The Role of Blue Teams in Shaping the Use of AI in Cybersecurity

During my tenure at a top-tier cybersecurity training company, I observed a curious paradox. The market was flooded with AI-based platforms, marketed as the next big thing in bolstering organizational cyber defenses. Yet, as these platforms proliferated, so did cyber attacks. The core of the issue lay not in the technology itself but in its users. Many blue team professionals, responsible for operating these platforms, lacked the necessary skills to leverage these advanced technologies effectively. It became clear that while AI could offer cutting-edge solutions, its true potential was only unlocked through the expertise of well-trained individuals.

In the cybersecurity arena, the allure of AI as a silver bullet for automated defense is a myth that blue teams know all too well. As discussed earlier, the pressing demand for "critical thinkers" underscores a truth in the cybersecurity field: the human element is irreplaceable. AI platforms, while revolutionary, fall short without the discerning judgment and analytical prowess of skilled professionals.

Blue teams, the guardians of company infrastructures, are critical in shaping the role of AI in cybersecurity. AI can process and analyze data at a speed and scale unattainable by humans alone, yet it lacks the nuanced understanding that comes from years of experience in the field. For AI to be truly effective, it requires the oversight of those who can interpret its data and understand its implications—roles that blue teams are perfectly suited to fill.

Incorporating AI into cybersecurity strategies enhances capabilities, but it does not negate the need for blue teams. Instead, it amplifies their importance. Teams composed of adept individuals can utilize AI to sift through noise, pinpoint anomalies, and prioritize threats. This synergy between human insight and machine efficiency is where the true power lies.

Blue teams' ability to employ critical thinking enables them to fine-tune AI tools, tailor them to specific organizational needs, and, importantly, question their output. This is crucial because AI, for all its advancements, can still be misled or manipulated. It is the role of the blue team to detect when AI is being deceived and to step in before any damage is done.

By embracing AI as a tool—not a replacement—blue teams can elevate their defense mechanisms to outmaneuver threat actors. The future of cybersecurity hinges on this partnership, where AI extends the reach of human capabilities, and blue teams provide the strategic context and ethical framework that AI alone cannot achieve. As we continue to embrace AI, it's the blue teams, with their critical thinking and analytical skills, who will lead the charge in securing our digital frontiers.


Training Resources to Explore a Blue Team Career

For students eager to start a career in blue team cybersecurity, there are numerous free resources available that provide a solid grounding in the field without the need for significant financial investment. These resources are not only accessible but also offer high-quality information and training to help kickstart a successful career in cybersecurity defense.


The following are some notable resources:


  1. Online Blogs and Tutorials:



  2. YouTube Channels Covering Various Aspects of Blue Team Cybersecurity:



These resources are not only easily accessible but also provide high-quality training and information, setting the foundation for a successful career in cybersecurity defense.


Flipping the narrative

The cybersecurity industry, traditionally driven by exceptional individuals and ethical hackers at heart, has shaped newcomers' perceptions of careers in this field. However, we are now entering a phase of maturity that calls for the adoption of a new perspective.

This shift is vital not only to steer new talents in the right direction but also to assist employers in addressing their evolving needs. This evolution in perspective reflects a deeper understanding of the industry's dynamics and the importance of aligning talent development with the changing demands of cybersecurity, ensuring a more strategic and inclusive approach to both career development and recruitment.