There is no standard career in cybersecurity. However, people generally work in one of three areas. First, building and/or running an information security program; this could be in a public or private company, or government entity. Second, for service providers, including professional services companies (such as Deloitte, E&Y, KPMG, PwC, etc.), advising clients in the first group as well as Value Added Resellers (VARs) that commonly provide selling combined with advisory services (such as Optiv). Third, for security vendors, companies like Symantec and Cisco, building and/or selling the products needed to protect data and systems.
Professionals may zigzag between these areas or stay in a single lane. There are also career opportunities that are auxiliary to these including Privacy, Internal Audit, Risk Management, Secure Software development (aka Application Security, or AppSec), academic security research, and others.