Cybersecurity Career Path: Infrastructure Security
Career Path Series
In this post, we’ll be going over another domain of Cybersecurity: Infrastructure Security, otherwise known as InfraSec.
This is the next post on the career path series.
Cybersecurity Career Path: Application Security
Continuing on with the Career Path Series, this will be a deep dive on Application Security, part 4 of the series where we discuss different career paths and roles within Cybersecurity.
Let’s take a look at what this could look like on the job
Infrastructure Security
One way to think of InfraSec is the Engineer for the Engineers. What I mean by this is that many of the projects they work on: improvement of deployment services, or building high availability of widely used security services are for the Engineers of the company.
They often build the Security services that other engineers and developers will utilize for their work. A lot of what they do is centered around developer productivity.
Just like a bridge or public transit enables people to get to work and do their job.
For example, projects around PKI, Identity Security, secrets management, or securing CI/CD could all be under the scope of work involved here. This could end up being a Service Catalog for others to benefit from.
As you can infer from the scope of projects for the role, a skillset that would transfer well here is that of a Software Engineer.
This aligns with last week’s domain of AppSec. A difference here is that InfraSec is more geared towards services, where AppSec will be around the product and public facing applications.
Let’s take a look at a sample job description.
Example Job Description
https://www.linkedin.com/jobs/view/4083072994
As noted in the job description, some of the responsibilities include:
Drive a culture of “secure by default” development lifecycle
Direct contributions to work with Terraform, managing Linux Enterprise system, CI/CD pipelines
This is an emphasis on enabling a secure SDLC and providing widely used security services for Engineers at the company.
What I Read This week
Passkeys: they’re not perfect but they’re getting better
Widespread support, and Device loss scenarios
YaraMonitor: YARA Open Source Project
Currently monitors MalwareBazaar recent uploads
Agents of Change: Building Collective SIEM Intelligence
A continuation of how collaborative AI agents can augment Security Operations
Wrapping Up
This is a good career path to go down if you enjoy building things for other engineers, with a deep interest in Infrastructure, and is a highly impactful one.
If you enjoyed this post, check out the rest of the series.
See you in the next one.