1. Application Security
   1. DevSecOps
   2. Vulnerability Management
   3. Secure coding
2. Offensive security
   1. Malware Analysis
   2. Adversary Emulation
3. Security Operations
   1. Security Architecture
      1. Threat Modeling
      2. Security by design and default
      3. Security UX
   2. Security Engineering
      1. Endpoint protection
      2. Network security
      3. Observability engineering
   3. Incident Response
   4. Identity and Access Management
   5. Data Protection
4. Risk Management
   1. Governance
      1. Policy
   2. Compliance
   3. Frameworks and standards
   4. Risk Assessment
   5. Security Posture
   6. Threat Intelligence
5. Security Awareness
   1. Education
   2. Training
   3. Public relations
   4. Reporting
6. Cyber-Physical Systems Security
   1. IoT security
7. Manuel D'Orso, v1, cc-by-sa