In this video, you will learn to describe the various roles typical to a Cybersecurity organization. Roles in information security. Even though this is not the complete list of roles because each organization may have specific roles for different information security areas. These are very common roles that you can find in large organizations. Like the Chief Information Security Officer, which is we can say fairly new role introduced to make sure that there's a head and someone in charge of the Information Security Division to supervise, manage and be the leader of the Information Security Tower. Now, then we have the Information Security Architect, Information Security Consultants Specialist, Information Security Analysts, Security Auditor, Security Software Developer, the Penetration Tester which is also known as member of the red team, a Vulnerability Assessor. We also have the Digital Forensic Analyst, who is part of a blue team for instance. We also have the SEM Engineer, the person who is familiar with different SEM technologies. So all of these roles are very important, and if you notice, they already existed in the IT realm. However, we are now early in the security portion to these roles to make them more specific and make sure that they are security-oriented. So they make sure that they guarantee that the organization follows security best practices and standards. To mention a few of the roles, we have the Chief Information Security Officer. As mentioned before, it is a high-level management position. This is the head of the security department and staff. Okay. So this person is responsible for supervising the entire security department. It's a very important role that in the past was not very common, but it is now very common to see this specific position or this specific role in organizations. Now, the information security analyst is more of day to day analyst. This person is in charge of analyzing events, alerts, alarms, and any information that could be useful to identify any threats. So this person should be able to verify for instance or analyze events that are collected by a SEM, like maybe curator, outside this plonk for instance, be able to understand and investigate alerts from this specific SEM platforms or any alarms are related to any health check of a specific device, anything that it could actually lead to a potential threat. For instance, if an IPS is sending a threat alert to the SEM, an information security analyst should be able to go to the SEM, get the alert, investigate the events, and even go to the IPS to understand what exactly trigger it and be able to follow up on that to a resolution. The Information Security Auditor on the other hand, is in charge of testing the effectiveness of computer information systems to make sure that they follow best practices, they follow standards as specific regulations like the ISO27001 or 002 for instance. That they follow at least the best practices defined in those revelations and that organizations are as protected as possible.