Cybersecurity Mindmap

Foundations
1. Asset
2. Vulnerability
3. Risk
4. Threat
5. Cybersecurity Frameworks
  1. CIA Traid
  2. National Institute of Standard and Technology (NIST)
  3. IASME
  4. COBIT
  5. CIS
  6. ISO Cybersecurity Framework
  7. Service Organization Control Type(SOC2)
  8. SIEM
  9. The Open Group Architecture Framework (TOGAF)
  10. MITRE ATT&CK Framework
  11. OWASP Top 10 (WebApp & API)
Career Development
1. Learning Resources
  1. #1 (Omniscient)
    1. Google.com
  2. #2
    1. Youtube.com
  3. Industry Learning Content Creator
    1. Cristizot
    2. David Bombal
    3. John Hammond
    4. Neal Bridges
    5. Heath Adams
    6. Network Chuck
    7. Dr.Gerald Auger
    8. Grant Collins
2. Certifications/Training
  1. Vendors
    1. SANS
    2. Offensive Security
    3. INE/eLearnSecurity
    4. TCM Security
    5. (ISC)2
    6. EC-Council
    7. CompTIA
  2. General
    1. CompTIA Security+
    2. (ISC)2 Certified Information Systems Security Professional (CISSP)
  3. Pentest/Red Team
    1. eLearnSecurity Junior Penetration Tester (eJPT)
    2. EC-Council Certified Ethical Hacker (C|EH)
    3. GIAC Penetration Tester (GPEN)
    4. CompTIA Pentest+
    5. PNPT
    6. eLearnSecurity Certified Professional Penetration Tester (eCPPT)
    7. Offensive Security Certified Professional (OSCP)
  4. Blue Team
    1. Security Blue Team Level 1 (BTL1)
    2. eLearnSecurity Certified Incident Responder (eCIR)
    3. eLearnSecurity Certified Threat Hunting Professional (eCTHP)
    4. GIAC Certified Incident Handler (GCIH)
  5. Auditing
    1. The Certified Information Systems Auditor (CISA)
  6. GRC/Management
    1. CompTIA Project+
    2. Project Management Professional (PMP)
    3. Certified Information Security Manager (CISM)
3. Experience
  1. Projects
    1. Labs
      1. HomeLabs
  2. Internships
  3. Non-profit Support
  4. Capture the flag (CTF)
    1. picoCTF
    2. VulnHub
    3. OverTheWire
    4. Hack The Box
    5. Try Hack Me
  5. Bug Bounty
    1. Bugcrowd
    2. Hackerone
    3. Syanck
    4. Intrigiti
  6. Advocacy/Awareness Trainer
4. College Degree
  1. Cybersecurity
  2. Computer Science
  3. Information Assurance
  4. Information Technology
5. Conferences
  1. Black Hat
  2. DEFCON
  3. RSA Conference
  4. THOTCON
  5. Grayhat
  6. Gartner's Identity and Access Management
  7. Cryptocon
  8. Bsides
Cyber Career Domains
1. Academics
  1. Cybersecurity Instructor
  2. Cybersecurity Trainer
  3. Cybersecurity Speaker
  4. Cybersecurity Awareness Trainer
2. Risk Assessment
  1. Penetration Testing
    1. Infrastructure (Network and Systems)
    2. Social Engineering
    3. DAST
    4. Application Pen Tests
  2. Risk Monitoring Services (Risk Score)
3. Governance
  1. Governance, Risk Management and Compliance (GRC)
4. Threat Intelligence
  1. External Threat Intelligence
    1. Open Source Intelligence
  2. Internal Threat Intelligence
5. Security Architecture
  1. Cloud Security
    1. Network Security
    2. Application Security
    3. Server Security
    4. Infrastructure Security
    5. Container Security
    6. Platform Security
    7. Workload Security
    8. File Storage Security
  2. Industrial Control Systems (ICSes)
    1. Operational Technology
  3. Security Engineering
  4. Cryptography
  5. Container Security
  6. Network Design
6. Security Operations
  1. Security Operation Center (SOC)
  2. Security Information and Event Management (SIEM)
    1. SOAR
  3. Incident Response
    1. Investigation
      1. Forensics
    2. Red Team
    3. Blue Team
  4. Digital Forensics
  5. Threat Hunting
  6. Vulnerability Management
7. Physical Security
  1. IOT Security
8. Enterprise Management
  1. Crisis Management
  2. Audit
    1. SOC1 / SOC2
    2. ISMS
  3. Cyber Insurance
9. Application Security
  1. API Security
  2. Security Code Analysis
Cyber Attacks
1. Distributed Denial of Service (DDoS)
  1. TCP SYN Flood Attack
  2. Smurf Attack
  3. Teardrop Attack
  4. Ping of Death Attack
2. Man-in-the-Middle
  1. Session Hijacking
  2. IP Spoofing
  3. Replay
3. Social Engineering
  1. Spearphishing
  2. Business Email Compromise (BEC)
  3. Phishing
  4. Vishing
  5. Drive-by Attack
4. Password Attack
  1. Brute-force attack
  2. Dictionary Attack
5. Cross-site Scripting Attack
6. SQL Injection Attack
7. Malware Attack
  1. Viruses
  2. Worms
  3. Fileless Malware
  4. Ransomware
  5. Cryptominers
  6. Botnets
  7. Spyware
  8. Trojans
  9. Rootkits
  10. Modular Malware
8. Eavesdropping Attack
Cyber Laws and Regulations
1. Health Insurance Portability and Accountability Act (HIPPA)
2. Consumer Privacy Protection Act
3. General Data Protect Regulation (GDPR)
4. California Consumer Privacy Act (CCPA)
5. Cybersecurity Information Sharing Act (CISA)
6. Cybersecurity Enhancement Act
7. Federal Exchange Data Breach Notification Act
8. National Cybersecurity Protection Advancement Act
9. Federal Information Security Management Act of 2002 (FISMA)
10. Cybersecurity Maturity Model Certification (CMMC)
Industry Sectors
1. Financial Services
2. Government Facilities
  1. Defense Industrial Base
3. Healthcare
4. Energy
  1. Nuclear reactors, materials and waste
  2. Water and wastewater systems
    1. Dams
  3. Chemical
  4. Critical Manufacturing
5. Manufacturing
6. Information Technology
  1. Communications
  2. Transportation Systems
  3. Emergency Services
7. Commercial Facilities
8. Food and Agriculture
Mindmap Created By ; Abhinav Pathak https://twitter.com/i_amsphinx