// career roadmaps

Year-by-year roadmaps for
every cyber role.

What "Year 0", "Year 2", "Year 5" and "Principal" actually look like — salary bands, certifications, and the moves that unlock each band.

GRC Analyst

How to break into and grow as a GRC (Governance, Risk, and Compliance) Analyst in cybersecurity — from £35k junior in a Big 4 consultancy to £90k Senior GRC Manager in financial services.

View roadmap

SOC Analyst

How to become a SOC Analyst (Security Operations Centre) in the UK — from £28k Tier 1 in an MSSP to £75k Detection Engineer in scale-up tech.

View roadmap

Security Architect

How to become a Security Architect — the senior technical role that designs secure systems end-to-end, typically £85k–£140k in UK enterprise.

View roadmap

Cloud Security Engineer

How to become a Cloud Security Engineer in AWS, Azure, or GCP — the highest-demand security role of 2026, £65k–£130k in the UK.

View roadmap

CISO

How to become a CISO (Chief Information Security Officer) — the executive cyber role responsible for organisation-wide security strategy. UK comp: £150k–£400k+.

View roadmap

Security Manager

The first true leadership rung in cybersecurity. You move from doing the work to multiplying the team that does it — runbooks, on-call health, hiring bar, performance, and translating executive direction into delivery.

View roadmap

Head of Security

You own the security org across SecOps, AppSec, GRC and IAM — typically reporting into the CIO or CTO. The job is org design, budget defensibility, board narrative, and hiring + retaining senior managers.

View roadmap

Application Security Engineer

How to become an Application Security Engineer — embedded with engineering, owning SDLC security. £70k–£140k in UK tech.

View roadmap

Penetration Tester

How to become a Penetration Tester in the UK — from £35k junior at NCC/PwC to £100k senior at a boutique. CREST CRT/CCT and OSCP are the credentials that gate the market.

View roadmap

Incident Responder

How to become an Incident Responder (DFIR) — investigating and containing live security incidents. £50k–£130k in UK consultancies (Mandiant, KPMG, NCC) and in-house at banks.

View roadmap

IAM Engineer

How to become an Identity and Access Management Engineer — the specialism that owns who-can-do-what across the enterprise. £60k–£120k in UK enterprise.

View roadmap

Security Consultant

How to become a Security Consultant — advising clients on cyber strategy, transformation, or compliance. £45k Big 4 grad to £150k+ Director.

View roadmap
// activate your career twin

One twin. One score.
Your next career move.

Activate your Career Twin in under a minute. Free to start. Cancel anytime.