Notes inspired by this page.
á Large Enterprises: Usually Fortune 1000 companies
á Federal Sector (DoD): NSA, DISA, CIA, etc.
á Federal Sector (non-DoD): FDA, DoE, DoJ, etc.
á Big consulting non-specialized: Usually personnel that work on a lot of different things (E&Y, Crowe Horwath, Deloitte)
á Big consulting specialized: Usually personnel who work on specific teams (NCC Group, IOActive, Optiv)
á Security Software Product/SaaS: Attack driven turnkey solutions to combat APT and improve your ROI to reduce the threat landscape in the cloud *barf* (FireEye, Tenable, HP Enterprise Security, etc.)
Most common enterprise roles
á Team Managers
á AppSec SDLC
á App Security Architect
á Assessments: Code audits, app pen-tests, full-scope pen-test, network pen-tests, WLAN, etc.)
á Server/Endpoint security engineer
á Incident Handler
á Network Security Engineer/Architect
á Fraud Team (E-Commerce)
á Reverse Engineer
Most common consulting roles
á Service delivery consultant (junior/senior/manager)
á Customer relationship managers/account managers
á Sales/new biz development
á Non-delivery roles (PM, tech reviewers, schedulers, etc.)
á Marketing security research
How to learn web application securityÉ.do these things well: