For all the building, breaking, and defending going on in any given enterprise, there needs to be some form of guiderails. These recipes are provided by a group I refer to as the “bakers.” These are the people who collect, collate, and disseminate the security and privacy requirements placed on the enterprise. These requirements can be derived from customers, regulators, laws, compliance mandates, and other forms of governance. This is a critically important and often overlooked role for cybersecurity. Job seekers who want to be in cyber but don't want a heavy technical role should look to be a baker. There is a heavy focus on risk assessment, compliance management, and security oversight.

Privacy has emerged as a strong force in this group as well, fueled by the omnipresence of laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Privacy implications for builders and defenders are highly relevant and far too often ignored or misunderstood. Bakers are associated with the color of a kitchen apron—white. They sit at the center of my color wheel because they touch every other color in some manner.

Sniffing Out the Bakers

In Chapter 2, I listed 50 cybersecurity jobs that are either common or trending in the industry. Of those jobs, these are the ones I consider to be part of the “bakers” (aka makers)—the policy creators, governors, watchers, and ...