256 Security De-engineering
Infosec Vocational Classications
We do not do ourselves any favors in security by creating so many dier-
ent job titles. I have already covered the ill-advised practice of overspe-
cialization of security and also covered industry sector specialization.
e industry has a need for people who specialize as security ana-
lysts, security architects, and security managers (the particulars of this
role are covered in the subsequent section), and it does not need to be
more complicated than this. ere could also be a categorization that
is “security consultant,” but really this position is eectively Security
Analyst plus communication skills.
Is there a need for a role titled “penetration tester”? Not really
because sec