So, you want to join the dark side of cybersecurity?

Frederick Scholl June 03, 2020

A male and female student in business attire sit at a table looking at an open laptop.

No, I don’t mean working for criminal hackers. I’m writing about the security vendor space. There are many opportunities on the security vendor side.

Today there are over 2,000 security vendors. Just don’t expect a lot of love from practitioners. You will have to earn it. This blog post will give you an introduction to career opportunities in the cybersecurity vendor space.

Worldwide there are about 365,000 people working at such vendors. This compares with estimates of 2.8 million people in cybersecurity within major economies.

Working for a vendor can be rewarding and a good career path into the enterprise space. My interview with Richard Stiennon discusses security careers in more detail.

Richard has recently published a detailed analysis of the vendor space.1

He breaks down the entire vendor space into 16 broad categories:


Category Description
Network Security The granddaddy of the space, including firewalls, VPN gateways and related tools and services
Data Security Including encryption and Information Rights Management (IRM)
Identity and Access Management Keeping the bad guys out: Active Directory, password managers, biometric devices, etc.
Governance, Risk and Compliance Including tools to assure compliance as well as risk posture
Endpoint Security Started with McAfee anti-virus in 1988; products have grown in sophistication to counter endpoint threats
Operations Tools to improve efficiency and effectiveness in operations centers including detecting and responding to threats and incidents.
IoT Security The newest category of products focused on securing new internet connected and managed devices
Managed Security Service Providers (MSSP) Services to manage security of an enterprise and eliminate the need to purchase and manage the other categories of products
Application Security Tools to manage security within the software development lifecycle (SDL)
Security Analytics Tools to support attack and breach detection, including SIEM, IDS and Breach Detection and Response
Fraud Prevention Fraud can be internal (employee based) or external (customer based). Broad category of defenses including behavior monitoring, user behavior analytics, geolocation, account takeover, etc.
Threat Intelligence Trying to predict attacks before they occur including reputation services, malware analysis, threat actor research and dark web research
Email Security This category includes both endpoint and network protections such as: anti-phishing, anti-spam, encryption, monitoring and auditing, inbound attack prevention, outbound Data Loss Prevention (DLP)
Training Awareness, compliance training and cyber range practice labs
Deception This takes four forms: honeypots, honey networks, tainted files and deceptive credentials posted on social networks

Automated attack and penetration testing tools

What are the jobs within these types of organization? In a previous interview I discussed security roles with Diedre Diamond, President of CyberSN, a provider of security recruiting services. Their list of 35 security job categories is worth reading.

A selection of roles that uniquely applies to the vendor space would include:

  • Account Executive
  • Business Development Representative
  • Security Sales
  • Security Sales Engineer
  • Security Product Manager

These vendors will also have opportunities for roles that are like enterprise roles, such as CISO, Application Security Director, Security Compliance Director, Risk Management Director, etc.

The actual job responsibilities at a vendor may be different from the same role in enterprises. Typically, the roles will be more customer-focused.

For readers based in Connecticut, I did a survey of security companies based here; these names are taken out of Richard Stiennon’s book.

The list is short, but there are some top-notch companies represented here.


Name Website Business
Awareness Technologies Monitoring for home and business
Interguard Employee monitoring
Netlib Data encryption
Owl Cyber Defense Data diode security products
Polarity Desktop AR
Protegrity Data security
SDG Corporation Security services
SecureRF Corporation IoT Security (now Veridify)
Syferlock Authentication solutions
Wymsical Authentication solutions
Zorus Web site security
Apex Technology Security services and IT services
Kelser Corporation Managed services and security services
Quinnipiac’s online MS in Cybersecurity program trains technically proficient security defenders.

Learn more about how the MS in Cybersecurity can give you the necessary skills to pursue a career in the security vendor space.

1Security Yearbook 2020, Richard Stiennon, IT Harvest Press, 2019.


Stay in the Loop

Sign Up Now