This is an ongoing project to capture the layout of the industries that comprise cybersecurity, privacy, and risk.
The mapping project is a combination of visuals, definitions, and examples from each area of the ecosystem. Seeing the ecosystem from multiple views is the most practical approach to grappling with the enormity of it all.
A table of contents is available to help you navigate through the mapping. It's large, and there is no way to simplify it without losing important details.
Various image formats and source files are also available at the bottom. You're welcome to use them as you please.
For more background on the thought process behind the project, check out the introductory article:
I hope you find this useful as you build your understanding of cybersecurity and plot your course in the industry.
Overview: Processes and tools for preventing and monitoring malicious attacks and misuse of APIs.
Overview: Techniques and tools for assessing website bots and blocking malicious activity.
Overview: An approach to software development that includes the combination of development, security, and operations as a shared responsibility throughout the lifecycle of an application.
Example(s): NIST: DevSecOps
Software Composition Analysis
Overview: Processes to identify use of open source software in a codebase to evaluate security, quality, licensing, and other software supply chain risks.
Software Supply Chain Security
Overview: The identification, analysis, monitoring, and mitigation of security risks from third party software vendors, packages, integrations, and other components.
Static and Dynamic Application Security Testing (SAST/DAST)
Overview: Methodologies and tools for identifying security vulnerabilities in applications.
Web Application Firewall (WAF)
Overview: Systems to protect web applications or APIs against exploits, bots, and attacks that compromise the security and availability of web applications.
Blockchain and Web3
Overview: Tools for securing and managing risks on blockchain and Web3 platforms.
Cloud Access Security Brokers (CASB)
Overview: Platforms to help secure and manage use of cloud-based SaaS applications and infrastructure.
Cloud Infrastructure Entitlements Management (CIEM)
Overview: Tools to help companies manage permissions and detect excessive or risky access in cloud environments.
Cloud Security Posture Management (CSPM)
Overview: Continuous management, monitoring, policy enforcement, and compliance for cloud environment configurations.
Cloud Workload Protection Platforms (CWPP)
Overview: Processes and tools for securing containers and workloads within different cloud environments.
Overview: Techniques and tools to logically divide networks into security segments at the workload level with specific controls based on the risk and requirements of each segment.
Certifications and Training
Overview: Official cybersecurity professional credentialing programs offered by governing bodies.
Overview: Education and learning courses or materials about cybersecurity-related topics.
Advanced Persistent Threats (APT)
Overview: Organized groups of threat actors who gain unauthorized access to networks for political or economic reasons.
Overview: A network of compromised devices under the organized control of an attacker.
Overview: A hidden area of internet sites and services, accessible only from a specialized web browser or proxy.
Fraud and Scams
Overview: Content, phishing, spam, and other fraudulent activity intended to trick users into sharing sensitive information.
Example(s): Marketplace Fraud, Account Takeover (ATO), Employment Scams
Overview: Intrusive software developed by cybercriminals to steal data or damage systems and networks.
Overview: A specific type of malware and associated techniques for restricting access to data or other resources until a ransom is paid.
Spyware and Stalkerware
Overview: Tools that enable someone to spy on another person's digital activity without their knowledge.
Overview: Platforms for identifying, tracking, controlling, and managing user access to applications and infrastructure.
Overview: Use of physical or behavioral traits to authenticate and verify identity.
Customer Identity (CIAM)
Overview: Systems for controlling customer access to applications and managing customer profile information.
Overview: Government systems for digital proof of identity for citizens and organizations.
Identity Graphing and Resolution
Overview: Services that correlate online and offline identifiers with consumer identities to create an accurate view of customers.
Overview: A service used for verifying a user's identity based on life history or other data aggregated from public and proprietary data sources.
Passwordless and Multi-Factor Authentication
Overview: Authentication that replaces traditional passwords or combines two or more authentication requirements (e.g. password and one-time token) for increased security.
Overview: Tools to help users generate, store, and use secure passwords.
Overview: Sign in to third party sites using authentication from social networks.
Overview: Services that compile and help verify employment, criminal, financial, and other records for people and organizations.
Data Access Governance
Overview: Systems for gaining visibility and enforcing access control policies on unstructured data (spreadsheets, documents, PDFs, etc.).
Overview: A repository for collecting information about users, devices, and resources for authentication and authorization. LDAP is a common standard for directory services.
Identity Governance and Administration (IGA)
Overview: Systems for administering accounts and credentials, access provisioning, and access reviews.
Identity Theft Protection
Overview: Services that monitor and restore the personal data of consumers in the event of abnormal activity and theft.
Overview: Identity stores that allow users to manage and share their digital identity credentials and data.
Physical Access Control
Overview: Solutions that manage physical identities and access to physical locations and spaces.
Privileged Access Management (PAM)
Overview: Systems for managing privileged (elevated) access for users, shared accounts, secrets, keys, and other high risk credentials.
Fraud and Transaction Security
Fraud and Risk
Overview: Systems and processes to monitor, detect, prevent, and remediate fraudulent transactions and activities.
Trust and Safety
Overview: Business practices, workflows, and tools used by online platforms to reduce the risk of users experiencing harm, fraud, abuse, and other negative behaviors.
Governance, Risk, and Compliance
Overview: Systems to automate and integrate enterprise, operational, and IT risk management processes and data.
Metrics and Dashboards
Overview: Tools used to track and display key performance indicators to measure cybersecurity risk and effectiveness.
Example(s): UpGuard, custom internal dashboards
Policies and Procedures
Overview: Written documents and tools for managing rules for individuals accessing an organization's systems and data.
Overview: A core information security function that defines and guides architectural requirements and design of security-relevant elements within an organization.
Overview: Training, instruction, and tools to educate users within an organization how to protect themselves and the company's assets from loss or harm.
Segregation of Duties (SOD)
Overview: Automated enforcement of shared responsibilities among multiple people for execution of critical processes. Reduces fraud and errors.
Standards and Frameworks
Overview: Documented guidance for policies and controls to systematically manage security and risk.
Overview: Specialty business insurance for protection against cybersecurity-related losses, including data breaches, ransomware, and other incidents.
Enterprise Risk Management
Overview: Identification, management, and remediation of company-wide risk at an executive level.
Overview: Assessment and quantification an organization's cybersecurity risk level.
Auditors and Assessors
Overview: Firms authorized to conduct independent reviews and certify compliance with regulations and standards.
Overview: Tools for automating compliance processes and continuous controls monitoring.
Overview: Official rules to enforce laws created by governments. Implemented and maintained by authorized government agencies.
Third Party Assurance
Overview: An examination of a service provider's services, internal controls, and risks conducted by a third party on behalf of customers. Results are documented in a compliance report.
Government and NGOs
Overview: Government agencies specializing in cybersecurity policy, research, and protection.
Overview: International government organizations specializing in cybersecurity policy, research, and protection.
Overview: Nonprofit organizations specializing in cybersecurity policy, research, and protection.
Overview: Cybersecurity research and education programs at public and private universities.
Overview: Services to throttle and prevent distributed denial of service attack disruptions.
Overview: Services and administration for DNS, DHCP, and IP addressing used on a network.
Overview: Network security devices to regulate network traffic based on rules.
Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
Overview: Systems to monitor and prevent network traffic matching recognized security threat profiles.
Overview: Processes and tools to secure and protect messaging and communication infrastructure, primarily focused on email-based threats.
Network Access Control (NAC)
Overview: Systems that provide visibility and control of devices accessing a network.
Overview: Policies, processes, and tools to augment networking with additional security controls. An adjacent domain with several features related to cybersecurity.
Secure Web Gateway
Overview: Systems to filter user-initiated internet traffic and enforce corporate and regulatory content policies.
Overview: Tools that provide visibility into encrypted network traffic for monitoring and threat analysis.
Virtual Private Networks (VPN)
Overview: Systems that enable users to securely and privately browse public internet sites and access private networks across a public network.
Overview: Prevention of damage and unauthorized access via wireless networks.
Zero Trust Network Access (ZTNA)
Overview: Products that broker access to applications and network resources based on identity and context.
Overview: Approach and tools for protecting against execution of malware and unapproved applications on endpoints.
Endpoint Detection and Response
Overview: Tools installed on endpoints to record key activity for monitoring and threat investigations.
Overview: Software to protect endpoints from threats, including malware, ransomware, phishing, and data theft.
File Integrity Monitoring
Overview: Solutions to monitor changes in operating system, database, and application files.
Host Intrusion Prevention System (HIPS)
Overview: Endpoint-based intrusion detection and prevention system to monitor and analyze internals and network traffic on the endpoint for prevention and detection of threats.
Example(s): McAfee Host Intrusion Prevention
Overview: Management of endpoints for containment of threats and secure enterprise network access.
Secure Web Browsers
Overview: Security-focused web browsers and isolation for enterprises.
Data Center Security
Backup and Recovery
Overview: Processes and tools for creating, storing, and restoring copies of data to protect against data loss.
Overview: Processes, hardware, and facilities for maintaining data security and integrity.
Angel and Seed Investors
Overview: Independent individual investors or a group of individual investors who invest capital in early stage cybersecurity companies.
Overview: Advisors and intermediaries for financial transactions, including mergers, acquisitions, and large scale investments.
Overview: Late stage private equity firms and investment banks with significant portfolios of cybersecurity companies.
Overview: Institutional venture capital firms with a significant number of cybersecurity investments and exits.
Overview: Firms and independent analysts covering cybersecurity companies and trends.
Overview: Authors writing books about cybersecurity topics.
Overview: Conferences and events related to cybersecurity.
Overview: Media and independent journalists covering cybersecurity news and events.
Overview: Magazines, journals, and other digital media about cybersecurity topics.
Overview: Tools protect sensitive information stored on mobile devices, including smartphones, tablets, and wearables.
Connected Car Security
Overview: Protection of vehicle electronic systems, software, and data from malicious attacks.
Connected Home Security
Overview: Protection of home electronic systems, software, and data from malicious attacks.
Overview: Protecting the firmware of computers or devices from compromise.
Internet of Things (IoT) Security
Overview: Security for Internet of Things (IoT) devices and connected networks.
Operational Technology (OT) Security
Overview: Tools to monitor and control the security of Industrial Control Systems (ICS).
Overview: Tools and protocols for protecting and anonymizing user internet traffic to conceal location, usage, and identity against network surveillance or traffic analysis.
Breach Notification Services
Overview: Services that help inform users if their personal information, such as email address or passwords, have been leaked in data breaches.
Personal Data Economy
Overview: Platforms that enable individuals to take ownership of their information and potentially profit from selling data.
Personal Information Removal
Overview: Services that centralize and automate the process of opting out and removing personal data from data brokers.
Overview: Tools to help users understand and manage access to their private data.
Overview: Platforms for private messaging and information sharing through encrypted communication channels.
Data Loss/Leakage Prevention
Overview: Systems to detect and prevent transmission of sensitive data.
Overview: Tools, controls, and processes to protect databases from compromise.
Overview: Identification, collection, and storage of electronic information for investigations and legal requests.
Public Key Infrastructure
Overview: Infrastructure to establish and manage public key encryption for user identities, device identities, and secure end-to-end communications.
Overview: Software to help companies protect digital content (videos, images, files, etc.) from unauthorized distribution and duplication.
Enterprise Privacy Management
Data Discovery and Classification
Overview: The process of scanning data sources to find and classify structured and unstructured data, with a focus on sensitive and/or regulated data.
Data Deidentification and Pseudonymity
Overview: Tools to redact and deidentify data for use by researchers, data scientists, and other parties without compromising the privacy of people in the dataset.
Overview: Messaging solutions to help employees and partners within an organization communicate securely.
Encryption and Tokenization
Overview: Processes and tools for transforming sensitive data into an encrypted or masked value.
Privacy Program Management
Overview: Workflows and automation for various functions of a privacy program.
Overview: Systems and processes for notifying users about personal data collection and collecting explicit consent.
Overview: Tools to help organizations map data flows across the enterprise.
Data Subject Request Automation
Overview: Processes and tools to support individual requests for personal data and use under data privacy laws.
Privacy Information Managers
Overview: Information and updates for understanding global privacy laws and regulations.
Example(s): OneTrust DataGuidance
Overview: Tools to check websites to identify which cookies, beacons, and trackers are in use.
Managed Detection and Response (MDR)
Overview: Outsourced management and monitoring for advanced cybersecurity functions and systems, including threat intelligence, threat hunting, and incident response.
Managed Security Service Provider (MSSP)
Overview: Outsourced management and monitoring for basic cybersecurity functions and systems.
Overview: External management of specific cybersecurity functions (typically operational tasks). Often focused on cost reduction.
Overview: Specialized cybersecurity, privacy, or risk consulting practices within small professional services firms.
Overview: Cybersecurity, privacy, and risk consulting practices within large professional services firms.
Overview: Platforms for short-term cybersecurity gigs or contracts for 1099 workers through an employer.
Overview: Public platforms for specific cybersecurity services, such as bug bounties.
Monitoring and Operations
Overview: Data analytics platforms to proactively monitor and analyze security data.
Application Performance Monitoring (APM)
Overview: Software for application monitoring, tracing, diagnostics, and performance. This domain is adjacent to cybersecurity with some common cybersecurity features.
Overview: Processes and tools to extract, normalize, and enrich security data from multiple tools.
Overview: Monitoring tools for logging and measuring employee activity and productivity.
Network Performance Monitoring
Overview: Platforms to visualize, monitor, optimize, troubleshoot, and report on the health and availability of networks.
Security Information and Event Management (SIEM)
Overview: Tools to consolidate and correlate log data for identification of security incidents.
User and Entity Behavior Analytics (UEBA)
Overview: Processes and tools to detect threats based on patterns in user behavior.
Vulnerability Assessment and Management
Overview: Platforms for hands-on cybersecurity attack training and practice.
Overview: Intentional attacks on applications, networks, and infrastructure to identify exploitable vulnerabilities.
Overview: Techniques to manipulate people into exposing confidential information, allowing unauthorized access, and other human-exploitable vulnerabilities.
Vulnerability Management and Testing
Overview: Processes and tools for discovering, classifying, prioritizing, and remediating software and infrastructure vulnerabilities.
Overview: Processes and tools for identifying and managing IT assets and their potential security risks.
Configuration Management Database (CMDB)
Overview: A database for storing information about hardware and software assets. CMDBs are primarily used for IT Service Management; however, much of the data is applicable to security operations.
Patch and System Management
Overview: Processes and tools for keeping applications and infrastructure up to date with patches to address bugs and vulnerabilities.
Incident Management and Response
Overview: Tools and techniques to deceive and catch attackers by imitating real assets as traps and decoys.
Extended Detection and Response (XDR)
Overview: Systems to aggregate and analyze data to improve threat detection and incident response.
Overview: Tracking and analysis of data on networks, mobile devices, computers, and storage devices for cybercrime investigations.
Security Orchestration, Automation, and Response (SOAR)
Overview: Systems and processes for collecting data from various security operations sources to define, prioritize, and automate incident response activities and workflows.
Open Source Intelligence (OSINT)
Overview: Collection of publicly available data and information sources to provide actionable intelligence.
Overview: Collection of intelligence used to understand current or future threats to an organization.
The cybersecurity ecosystem mapping is free for you to use and republish. Several variations in multiple file formats are available here.
The full ecosystem map was created in a resolution suitable for 24x36 posters.
A vector graphic in SVG format for dynamic resizing and printing.
A raster graphic in PNG format.
A printable graphic in PDF format.
The original Figma source file in read-only format.
Text for the definitions and mapping in Markdown format.
Multiple sources were used for this meta-analysis of the cybersecurity ecosystem, including the following:
- CB Insights: The Periodic Table of Cybersecurity Startups
- CTech: Israel's 2020 Cyber Landscape
- Foundation Capital: Cybersecurity, The Next Trillion-Dollar Market?
- Gartner: Information Technology Glossary
- Henry Jiang: Cybersecurity Domain Map
- IAPP: IAPP 2021 Privacy Tech Vendor Report
- Liminal: Liminal Landscape
- Michael Tefula: The Evolution of Privacy Tech
- Momentum Cyber: CyberSCAPE
- Okta: Identity and Access Management Glossary
- Optiv: Cybersecurity Technology Map, Cybersecurity Dictionary
- Redpoint: Introducing Redpoint’s Data Security Landscapes
- UC Berkeley: SCET Explains — Cybersecurity