Careers
IT and cyber specialisms, the real job roles behind the buzzwords, the qualifications that matter, and how to choose a path that suits you.
A practitioner-led journey from "what is cyber security?" to a working understanding of how networks operate and how ethical hackers test them. Delivered free to schools, colleges, and community groups.
The session is built around four objectives, moving from career awareness, through underpinning theory, into hands-on practical hacking against safe targets.
IT and cyber specialisms, the real job roles behind the buzzwords, the qualifications that matter, and how to choose a path that suits you.
The building blocks: hosts and devices, networking fundamentals, the OSI and TCP/IP models, and ports & services.
The seven-phase penetration testing methodology, applied to both infrastructure and web application targets.
Honest self-assessment: hands-on vs. strategic, and whether you want to protect, build, or analyse.
Technology is not one job — it is a family of related disciplines. Most careers start in one area and branch out over time.
| Specialism | Example roles |
|---|---|
| Technical Support | Helpdesk, IT Technician |
| Networking | Network Engineer, Systems Administrator |
| Software Development | Web Developer, App Developer |
| Cyber Security | Security Analyst, Penetration Tester, SOC Analyst, Information Security Manager |
| Cloud & DevOps | Cloud Engineer, DevOps Specialist |
| Data & AI | Data Analyst, AI Developer |
Within cyber security, two complementary mindsets dominate. Red teams simulate attackers to find weaknesses; blue teams defend, detect, and respond.
| Red Team | Blue Team | |
|---|---|---|
| Objective | Simulate real-world attacks to identify vulnerabilities and security gaps. | Provide monitoring and detection across systems, networks, and applications. |
| Responsibilities | Test detection and incident response; recommend remediation. | Investigate, contain, and respond to security incidents. |
| Tools & techniques | Pentest methodology, Kali Linux, password cracking, intercepting proxies, exploitation & evasion tools, privilege escalation scripts, C2 frameworks. | IDS/IPS, EDR, SIEM, malware analysis, forensics, IAM, and cloud security tooling. |
| Example roles | Penetration Tester, Red Team Operator, Security Researcher. | SOC Analyst, Malware Analyst, GRC Analyst, Threat Intel Analyst, Forensic Investigator, Security Engineer, CISO. |
| Qualifications | OSCP/OSEP, CEH, GPEN, PenTest+, CSTM, CSTL, CPSA, CRT, CCT, CRTO. | CySA+, CISA, CISM, CISSP, GREM, EC-Council CSA. |
You do not need every certification — you need the right next one. A common, vendor-neutral progression starts with CompTIA and builds toward specialist credentials.
Before you can attack or defend a network, you need to understand what is actually on it and how the pieces talk to each other.
A host is any device on a network. These include End User Devices (EUDs), servers, workstations, and virtual machines (such as Azure Virtual Desktops, AWS EC2, VirtualBox, and VMware guests). In your home lab, your Kali attack box and your vulnerable targets are all hosts.
| Layer | Function | Examples |
|---|---|---|
| 7 · Application | Services used by end-user applications. | HTTP, HTTPS, FTP, DNS, SSH, SNMP, SMTP |
| 6 · Presentation | Formats, encrypts, and decrypts data for the user. | JPG, GIF, SSL, TLS |
| 5 · Session | Establishes and ends connections between hosts. | NetBIOS, PPTP |
| 4 · Transport | Transport protocol and error handling. | TCP, UDP |
| 3 · Network | Reads the IP address from the packet. | Routers, Layer 3 switches |
| 2 · Data Link | Reads the MAC address from the data frame. | Switches |
| 1 · Physical | Sends data onto the physical medium. | Hubs, NICs, cabling |
| Layer | Function | Examples |
|---|---|---|
| 4 · Application | Network services to applications; high-level protocols. | HTTP, HTTPS, SSH, DNS, FTP, SMTP, SNMP |
| 3 · Transport | End-to-end communication, reliability, flow and error control. | TCP, UDP |
| 2 · Internet | Best path through the network; logical addressing and routing. | IP, ICMP, ARP, IGMP |
| 1 · Network Access | Physical addressing, media access, and framing. | Ethernet, Wi-Fi, MAC, switches, NICs |
Ports are logical endpoints a host uses to manage multiple network connections and services at once. A single host can run many services, each listening on a specific port number.
80 HTTP, 443 HTTPS, 22 SSH, 25 SMTP, 53 DNS, 21 FTP.3306 MySQL.Tools such as netstat (local) and nmap (remote) reveal which ports and services are active on a host — the first thing an attacker enumerates.
Professional testing follows a repeatable, ethical process. We apply this same seven-phase methodology in the Learning Hub against both infrastructure and web application targets.
| Phase | Purpose | Common actions & tools |
|---|---|---|
| 1 · Reconnaissance | Gather information about the target. | Passive & active OSINT — Recon-ng, Maltego, theHarvester, Google dorking, WHOIS, Shodan. |
| 2 · Scanning | Identify live hosts, open ports, services, and vulnerabilities. | Nmap, Masscan, Nessus, Nikto, OpenVAS. |
| 3 · Exploitation | Use vulnerabilities to gain initial access. | Metasploit, Hydra, SQLmap, Burp Suite. |
| 4 · Privilege Escalation | Move from user to admin/root; lateral movement. | Linux Exploit Suggester, WinPEAS, LinPEAS, PowerUp. |
| 5 · Post-Exploitation | Maintain access and extract value. | Mimikatz, Empire, Meterpreter, BloodHound. |
| 6 · Covering Tracks | Remove evidence (in authorised engagements). | Log clearing, Auditpol, Clear-EventLog. |
| 7 · Reporting | Document findings and remediation. | Dradis, Faraday, Serpico, custom templates. |
Targeting servers, services, and operating systems — exactly what you will practise against Metasploitable in the Learning Hub.
Infrastructure targets →Targeting websites and web apps — practised safely against DVWA, covering injection, access control, and more.
Web app targets →There is no single "right" route. The best starting point is honest self-reflection:
We deliver the IT & Cyber Security Career Workshop free of charge to schools, colleges, and youth and community organisations across the UK.