Role for Initiative: Mapping Cybersecurity Jobs to D&D Classes (PART 1)
Introduction Welcome, weary traveler. The realm before you is vast and often misunderstood, filled with winding roads, hidden passageways, and ever-present threats moving through the shadows. Word has spread across the land that the digital kingdoms are under constant siege, and the call has gone out for new adventurers; Some arrive with years of experience and others with little more than curiosity and a willingness to learn. Regardless of background, all stand at the edge of an unfinished map, gazing at unknown terrain and contemplating which path will be theirs to tread. As with any great adventure, the first step is not charging into battle, but rather, understanding the world around you. Every successful campaign begins by gathering information, learning the landscape, and equipping yourself with the right knowledge and tools for the job. In the following text, we will explore the many corners of cybersecurity and the kinds of adventurers who thrive within them. Think of this as a guide to setting out on the quest that best fits your strengths. What this blog is about: Professional Development Cybersecurity Domains Cybersecurity Workforce Frameworks Practical Training Options Cybersecurity Roles Actualizing Innate Potential Who is this blog for: Cybersecurity Hopefuls Career Transitioners Technical Practitioners Promotion Seekers Forever Learners D&D and RPG Fans Where to Start Whether you’re new to cybersecurity or have been in the field for a while and are planning on your next big move, the same question remains: “What next?” This type of self-examination has many follow-up questions as well: “What do I want?” “Where do I start?” “How will I progress?” “What’s my endgame?” Since cybersecurity is such a broad field, given the seemingly innumerable domains, it can be difficult to carve out a path, particularly when there are so many details to sift through. Above all else, you have to discern where you’re at right now. Understanding your baseline is key. From there, things will become more clear and, as a byproduct, goals will become more attainable. While this blog won't give you all the answers, it aims to provide the essential framework, prompts, and perspective to assist in uncovering your own solutions. First Time Adventurers For novices, the journey may appear to be engulfed by fog and surrounded in mystery while the ground beneath you feels like it could crumble at any moment. But, worry not! A tavern keeper offers some helpful advice: “Know not only what you seek, but also yourself. For that might uncover more than you expect. To know is to ask and to ask is to know.” Given their advice, you begin to ponder: “Do I have a technical background?” “Where can I find training materials suitable for a beginner?” “What transferable skills might I have for an entry-level position?” “Which roles are considered entry-level in cybersecurity, anyway?” While entry-level cybersecurity positions exist, they are highly competitive and often require prior IT experience, making it challenging to enter the field without a technical background. As a result, finding your first technical role can feel a bit overwhelming. Starting in Help Desk is a great way to gain hands-on, foundational experience. It's a classic stepping stone to becoming a Systems Administrator or Network Engineer, giving you real-world skills in user management, networking, and infrastructure. Plus, it provides a solid foundation for pivoting into a specialized security role with further education. If you’re looking to jumpstart your journey, Immersive’s Cyber Million program empowers aspiring cybersecurity professionals with the hands-on skills and job-ready experience employers are looking for. With its two distinct pathways— Cyber Fundamentals and Defensive Security Operations— candidates have access to on-demand, browser-based labs that allow them to level-up their technical skills and prove their ability to potential employers. Cyber Million prepares candidates for entry-level positions within the cybersecurity industry, which can include the following: Cybersecurity Operations Analyst Information Security Operations Analyst Security Monitoring Analyst Cyber Operations Analyst Security Operations Center (SOC) Analyst Information Technology (IT) Security Analyst Network Security Analyst Campaign Veterans Those who have been around the block know what to expect but may still have some lingering questions, particularly when it comes to navigating the revolving door of industry norms. Even with years of experience, seasoned professionals can find themselves wondering if their skills are still relevant, or if their experience is still valued in an era obsessed with everything “new and shiny.” Reflecting on this, you decide to brainstorm and consult the Orb of Interrogation, an item you obtained from a previous quest. A swirl of mist within the orb dissipates and the following questions appear: “What is my motivation for this change?” “Do I have what it takes to move into this particular role?” “Is the role I’m after something that will suit my interests?” “What evidence can I bring to the table to validate my skills?” Sometimes, change is necessary. Whatever your reasons, be sure you’re prepared for the new challenges and opportunities that lie ahead. While many employers traditionally view certifications as a benchmark for skill validation, the hiring landscape is leaning toward a more practical approach: Experiential learning. This phenomenon refers to the process of learning through experience, or “learning by doing” and is rapidly becoming a more preferred indicator of job readiness. If your objectives demand new capabilities, prioritize focused, targeted upskilling. To maximize results, diversify your methodology and employ facets of experiential learning, such as hands-on labs, exercises, and workshops. Provided you’re looking to move into a different role and your company is already using Immersive, you can satisfy skill requirements by taking adaptive assessments, working through role-based career paths within the platform, and earning badges. Generally, a "Demonstrate Your Skills" lab is located at the end of a lab collection to verify your proficiency in that topic. Beyond having an extensive training catalog, Immersive also provides free resources like blogs, ebooks, webinars, podcasts, and infographics to further expand your knowledge. The Lay of the Land Cybersecurity Relationally speaking, cybersecurity is a subcategory of information security— “The practice of protecting information and information systems from unauthorized access, use, and disclosure, including means for protecting personal privacy and proprietary information”— as per the National Institute of Standards and Technology (NIST). Cybersecurity, specifically, pertains to “the ability to protect or defend the use of cyberspace from cyber attacks.” Moreover, it can be further defined as “the process of preventing damage to, protecting, and restoring computers, electronic communications systems, and services, including their stored information.” That said, cybersecurity has several domains and fields of study to explore. Cybersecurity Domains At the highest level, domains can be described as key focus areas that lend structure to the various components of cybersecurity. Cybersecurity domains are interdependent, working together like gears in a complex machine. Without governance, there are no policies, procedures, and standards. Without standards, architecture becomes a chaotic, inconsistent, and fragmented collection of unmanageable solutions. Without architecture, business strategies cannot be translated into functional, scalable, or secure technology solutions. And so on and so forth… Cybersecurity Domains, Henry Jiang The Map of Cybersecurity Domains by Henry Jiang serves as an effective, comprehensive framework for understanding core security disciplines, though it does not cover every aspect. On that note, depending on where you look, you might find conflicting representations of cybersecurity domains and their associated functions. Nonetheless, there seems to be somewhat of a consensus across various sources that underscores a foundational, integrated approach to managing people, processes, and technology. In the professional landscape, these conceptual domains can be translated into specialized work roles that constitute the backbone of modern security teams. For instance, in the United States, the National Initiative for Cybersecurity Education (NICE) Framework, led by NIST, “acts as a partnership between government, academia, and the private sector designed to energize and promote a robust, integrated ecosystem of cybersecurity education, training, and workforce development to address the shortage of skilled professionals.” Meanwhile, across the pond, the European Union Agency for Cybersecurity has their own blueprint: The European Cybersecurity Skills Framework (ECSF). Similar to the NICE Framework, ECSF serves as “a practical tool to support the identification and articulation of tasks, competencies, skills, and knowledge associated with the roles of European cybersecurity professionals.” While some of the phrasing might be different, both frameworks outline cybersecurity work roles and the skills needed to obtain or excel in them, providing a standardized language that helps professionals, educators, and employers map out career paths and identify critical training requirements. Depending on where you’re located and the organization you’re looking to work for, these expectations may vary. Finding Your Next Role But what about roles? What roles belong to each category? And more importantly, how do you figure out which one is right for you? Let’s borrow the concept of cybersecurity domains and reshape them into a set of basic role categories to help you identify your professional “archetype.” To make this even more relatable, we have also paired each category with a Dungeons & Dragons class to paint a clear picture of what type of person is best suited for each role category. As an added bonus, each class features a hand-drawn illustration… of animals. Because who doesn’t like animals!? Please note that these classifications are generalizations and the included roles are by no means comprehensive. Cybersecurity Architecture D&D Class: The Artificer Saves: Constitution and Intelligence D&D Class Description: A master of invention and magical engineering. More than using tools, they build the very infrastructure and enchanted items that keep the party safe, obsessing over every piece of gear and rune. Real-World Summary: Cybersecurity Architects design the secure foundations that modern systems rely on. They think about how networks, cloud services, applications, and security tools fit together so organizations can operate safely without slowing down the business. Their work usually starts long before a system is built. Architects review technologies, choose security frameworks, and help teams design environments that reduce risk from the start. They work closely with engineers and developers so things like authentication, encryption, and monitoring are built into the design instead of being added later. Because they look at systems as a whole, architects often catch problems early. Their decisions influence how technology is deployed and how well it can stand up to real threats. NICE Work Role Category: Design and Development (DD) Roles: Cloud Security Architect, Cybersecurity Architect, Solutions Architect Appeal: Is your Steam library full of real-time strategy games? Do you find yourself thinking several steps ahead? Cybersecurity Architecture is a good fit for people who like seeing the big picture and planning how complex systems come together. Cybersecurity Leadership D&D Class: The Bard Saves: Dexterity and Charisma Class Description: An inspiring performer of music, dance, and magic. Bards are charismatic strategists who inspire allies and coordinate the party’s strengths. They rely on communication, diplomacy, and knowledge to guide others and keep the group aligned toward a common goal. Real-World Summary: Cybersecurity Leadership decides how an organization approaches security. They guide strategy, manage teams, and make sure security efforts support the goals of the business. Instead of focusing on one technical issue or “getting in the weeds”, they look at risk across the entire organization. They help leadership understand security problems in plain terms and decide where time and money should be spent. They also make sure security teams have what they need to do their jobs. Another part of the role is shaping culture. Good leaders help people across the company understand why security matters and how their everyday work affects it. NICE Work Role Category: Oversight and Governance (OG) Roles: Chief Information Officer, Chief Information Security Officer, Technical Manager Appeal: Do you enjoy guiding teams and helping people work toward a shared goal? Cybersecurity leadership fits people who communicate well, think strategically, and like connecting technical work to real business decisions. 👉 PART TWO OF THE BLOG HERE!Role for Initiative: Mapping Cybersecurity Jobs to D&D Classes (PART 2)
Continuing on from the roles in the previous blog... Defensive Cyber D&D Class: The Fighter Saves: Strength and Constitution D&D Class Description: A master of all arms and armor. Reliable, disciplined, and always ready for battle. Fighters hold the line when enemies attack, relying on training, vigilance, and well-practiced tactics to defend their allies. Real-World Summary: Defensive cybersecurity teams protect systems from ongoing threats. They monitor networks, review alerts, and investigate activity that does not look right. For instance, SOC Analysts watch incoming alerts and check system logs for signs of intrusion. Engineers build and maintain the tools that help detect attacks and stop them before they spread. When they’re not monitoring activity, deploying solutions, or configuring controls, they’re on the front lines the moment something goes awry. NICE Work Role Category: Protection and Defense (PD) Roles: Cloud Security Analyst, Cloud Security Engineer, Cybersecurity Analyst, Cybersecurity Engineer, Detection Engineer, Information Security Analyst, Information Security Engineer, SOC Analyst, SOC Engineer Appeal: Is being on the front line your thing? Do you have a knack for recognizing patterns? Defensive Cyber is a good match for people who like watching systems closely and reacting when something looks off. Digital Forensics D&D Class: The Ranger Saves: Strength and Dexterity D&D Class Description: A wandering warrior imbued with primal magic. Rangers are expert trackers who can read the smallest signs in the environment, following trails and analyzing enemies to better understand their patterns and behaviors. Real-World Summary: Digital Forensics Specialists investigate cyber incidents after they happen. Their job is to figure out what occurred, how it happened, and what systems were affected. They examine logs, network activity, and stored data to rebuild the timeline of an attack. Sometimes they analyze malware or review disk images to understand how an attacker moved through a system. Evidence has to be handled carefully since it may be used in legal cases or internal investigations. Their findings help organizations understand what went wrong and how to prevent it from happening again. NICE Work Role Category: Protection and Defense (PD) Roles: Computer Forensics Investigator, Digital Forensics Analyst, eDiscovery Specialist, Insider Threat Analyst, Malware Analyst Appeal: Want to put your detective skills to work? Enjoy finding that needle in the haystack? Digital Forensics is a strong fit for people who like digging into details and figuring out the story behind a cyber incident. Governance, Risk, and Compliance D&D Class: The Paladin Saves: Wisdom and Charisma D&D Class Description: A devout warrior of sacred oaths. Driven by a strict code and ancient scrolls of law, Paladins ensure everyone follows the “Oath” to maintain the sanctity of the realm through established order and divine justice. Real-World Summary: Professionals in Governance, Risk, and Compliance (GRC) ensure that an organization operates responsibly, securely, and within legal and regulatory requirements. They develop policies, assess risks, audit systems and processes, and ensure that the organization follows internal standards as well as external laws and regulations. In practice, this means translating complex laws, industry frameworks, and security standards into clear expectations that employees and technical teams can follow. GRC professionals review how systems are built and used, identify gaps that could expose the organization to legal, financial, or security risks, and recommend improvements. They also document controls, prepare for audits, and work with different departments to ensure policies are understood and applied consistently. NICE Work Role Category: Oversight and Governance (OG) Roles: Compliance Officer, Data Privacy Officer, GRC Analyst, IT Auditor, Risk Officer Appeal: Do you enjoy bringing order to chaos and making sure people follow the rules? GRC tends to attract people who value structure and clear expectations. The work involves reading policies, interpreting regulations, and helping teams understand what they need to do to stay compliant. It suits people who are patient, detail oriented, and comfortable working with documentation. Incident Response D&D Class: The Cleric Saves: Wisdom and Charisma D&D Class Description: A miraculous priest of divine power. Clerics assume the role of the party’s protector and healer in moments of crisis. When things go wrong, they stabilize allies, restore order, and help the group recover from dangerous encounters. Real-World Summary: Incident Responders deal with cyber attacks as they unfold. Their goal is to contain the threat, reduce damage, and get systems back to normal as quickly as possible. When an incident is detected, the team begins investigating right away. They isolate affected systems, coordinate with analysts and engineers, and decide what steps will stop the attack. Every action is documented so the organization understands what happened. Once the situation is under control, the team reviews the event and looks for ways to improve defenses going forward. NICE Work Role Category: Protection and Defense (PD) Roles: Incident Commander, Incident Responder Appeal: Are you cool as a cucumber when things get hectic? Incident Response roles tend to fit people who can think clearly under pressure and enjoy solving problems when time is of the essence. Offensive Cyber D&D Class: The Rogue Saves: Dexterity and Intelligence D&D Class Description: A dexterous expert in stealth and subterfuge. Rogues rely on their cunning, stealth, and the vulnerabilities of their foes to get the upper hand in any situation. Their preferred style of combat heavily relies on both deception and precision. Real-World Summary: Offensive Cybersecurity Teams test systems by acting like attackers. Their goal is to find any weaknesses before someone else with bad intentions does first. Penetration Testers and Red Team Operators simulate attacks against networks and applications. They search for vulnerabilities, explore how systems behave, and sometimes test how employees respond to social engineering attempts. The results help organizations understand where their defenses fall short and what needs to be fixed. NICE Work Role Category: Protection and Defense (PD) Roles: OSINT Specialist, Penetration Tester, Red Team Operator, Social Engineer, Vulnerability Analyst, Vulnerability Assessor Appeal: How often do you catch yourself pushing systems just to see where they fail? What about taking things apart to understand how they really work? Offensive Cyber tends to attract curious people who enjoy probing limits, experimenting, and uncovering weaknesses others might miss. Secure Software Development D&D Class: The Wizard Saves: Intelligence and Wisdom D&D Class Description: A scholarly magic user of arcane power, defined by the exhaustive study of magic’s inner workings. Wizards study complex, abstract languages and write their own spells, carefully crafting each incantation to achieve the precise effects to solve problems in creative ways. Real-World Summary: Secure Software Developers write code with security in mind from the beginning. Instead of adding protection later, they design applications so common weaknesses never appear in the first place. They manage authentication, data handling, and application architecture, all while upholding the integrity of the full Software Development Lifecycle. To that end, many incorporate automated checkpoints to detect code flaws early, ensuring both quality and security before release. When security is built into the development process, software is more reliable and easier to maintain, thereby drastically reducing the need for costly rework. NICE Work Role Category: Design and Development (DD) Roles: Automation Engineer, DevOps Engineer, DevSecOps Engineer, Software Developer, Web Application Developer Appeal: Do you like seeing your ideas come to life? Secure Software Development suits people who enjoy coding, solving technical problems, and creating software, applications, and tools others rely on. Threat Intelligence D&D Class: The Warlock Saves: Wisdom and Charisma D&D Class Description: An occultist empowered by otherworldly pacts. Warlocks quest for knowledge that lies hidden in the fabric of the multiverse, piecing together arcane secrets to bolster their own power. Their proclivity to learn and deepen their skills is driven by an insatiable desire. Real-World Summary: Threat Intelligence Professionals study the attackers who target organizations. Their goal is to understand who the adversaries are, how they operate, and what they might do next. They analyze threat reports, malware campaigns, and indicators of compromise from many different sources. By connecting these pieces of information, they help security teams recognize patterns and anticipate potential attacks. The insights they produce help organizations prepare defenses earlier and focus on the threats that matter most. NICE Work Role Category: Protection and Defense (PD), Investigation (IN) Roles: Cybercrime Investigator, Cyber Threat Intelligence Analyst, Intelligence Officer, Security Researcher, Tactical Intelligence Analyst Appeal: What does your ideal day look like? Would you say it involves research, analysis, and making connections across broad sets of data? Threat Intelligence work blends technical investigation with strategic thinking, making it a good fit for people who like understanding the “why” behind attacks and staying ahead of emerging threats. Note: The Dungeons & Dragons classes featured in this blog were derived from The Player’s Handbook and Eberron: Forge of the Artificer. This information was sourced from DnD Beyond under the Creative Commons Attribution 4.0 International License. Putting the Pieces Together The cybersecurity job market has been in flux over the past few years. It behaves paradoxically; ebbing and flowing, waxing and waning, all while being predictable in some ways while wildly unpredictable in others. As the threat landscape continues to transform and new technologies emerge, there will always be a need for human talent— even in a world where automation, Artificial Intelligence (AI), and Large Language Models (LLMs) are altering how organizations perceive workplace performance. Cybersecurity is the type of field that calls for “Forever Learners”: People who are always looking to educate themselves and stay up to date with new information. For some, it can be equal parts exhilarating and exhausting, especially with the cultural shift from prevention to resilience and recovery. But, if it’s something you want, give it a shot. Many find the field rewarding, particularly when they’re able to snag the role that’s right for them. No one wants to work in a role that is undesirable and unfulfilling, professionally speaking. Beating the Odds If you’re just getting started, don’t overthink your entry point. Instead, focus on momentum. Know what you want, but understand that before getting to your destination it could be necessary to first establish a foothold. A foundational position in administration, support, or even sales can open more doors than you might expect. From there, you build context, relationships, and credibility to move with intention. To stack the odds in your favor, go beyond just training. The people who break in are the ones who stay engaged in the field and understand it on a deeper level. Here are some things you can do to stand out: Attend job fairs Build a home lab Improve your resume Join local cybersecurity groups Go to cybersecurity conferences Listen to cybersecurity podcasts Seek out free webcasts and webinars Sign up for cybersecurity newsletters Read cybersecurity news, blogs, and reports Connect with company “Talent Communities” Network with cybersecurity professionals Find someone in the field willing to mentor you The goal isn’t to do everything at once, but to stay consistently involved. Small, steady effort compounds faster than sporadic bursts of motivation. Doing too much too soon or all at once can be conducive to burnout. Be the tortoise, not the hare. For those with existing experience who might be aiming for a role at a new company, referrals will give you a serious edge, but they’re not the only way in. A carefully tailored resume carries a lot of weight as well. Mirror the language of the job posting, highlight your transferable skills, and call out hands-on experience with the exact tools they mention. Make it obvious you can step in and contribute. On the other hand, if you’re applying for a role at the company you’re currently working for, usually that makes things a little easier. When your desired role becomes available, you can speak with your manager and the hiring manager about interviewing for the position. Your existing track record, reputation, and familiarity with the organization can give you leverage that outside candidates simply don’t have. All in all, no matter where you’re at, you’re not starting from zero. You’re bringing along your existing knowledge, skills, and experience. Finding your next role can feel like a roll of the dice, but as long as you have your saves and a bit of luck by your side, anything can happen.
