I’m a 3rd year Cyber Security undergraduate from a well-known private university. I’ve completed a cyber security internship at a reputed telco and have around 1 year of corporate exposure in security-related work.

I’m trying to understand career growth beyond intern/junior level in Sri Lanka, especially with layoffs increasing even in reputed companies.

From an industry perspective (discussion only):

Between SOC and Penetration Testing, which path has better long-term growth and stability locally?

Which roles are generally retained and valued during downturns?

What types of companies in Sri Lanka are known to have strong, mature cyber security teams (e.g., banks, telcos, MNCs, consultancies), without referring to hiring?

This is purely to understand the local cyber security landscape and plan my skill development (not a job or referral request.)

Would appreciate insights from professionals working in cyber security or IT in Sri Lanka.

Thanks 🙏