You are on page 1of 22

Cybersecurity

Workforce

Framework

Consequently. The absence of a common language to discuss and understand the work and skill requirements of cybersecurity professionals hinders our nation’s ability to baseline capabilities. Therefore. The NICE Cybersecurity Workforce Framework. have codified their specialties. highly skilled workforce capable of responding to a dynamic and rapidly developing array of cyber threats. and prepare the pipeline of future talent. including academia. identify skill gaps. . is available online (please see the end of this booklet). education. establishing and using a common lexicon and taxonomy for cybersecurity work and workers is not merely desirable. we seek to refine this framework with input from every sector of our nation’s cybersecurity stakeholders. develop cybersecurity talent in the current workforce. and private industry. each comprising several specialty areas. regardless of actual job titles or other occupational terms. only the framework is published here.INTRODUCTION The National Initiative for Cybersecurity Education (NICE) is a nationally coordinated effort focused on cybersecurity awareness. training. This organizing structure is based on extensive job analyses and groups together work and workers that share common major functions. Two Executive Branch initiatives. founded the NICE. but that is not sufficient. there is little consistency in how cybersecurity work is defined or described throughout the Federal Government and the nation. as well as more information about the framework in general. and non-profit organizations. Additional details regarding each specialty area. Much as other professions such as medicine and law. Therefore. the framework should address emerging work requirements to help ensure the nation has the skills to meet them. Moreover. the goal of this document is simply to introduce you to The NICE Cybersecurity Workforce Framework and to seek your help to ensure that it is a robust foundation for creating and sustaining a world-class cybersecurity workforce for America. This framework organizes cybersecurity into seven high-level categories. it is now time to forge a common set of definitions for the cybersecurity workforce. It seeks to encourage and build cybersecurity awareness and competence across the nation and to develop an agile. but vital to the nation’s cybersecurity. To this end. As the job analysis information regarding these specialty areas is extensive. and professional development. It has been developed largely with input from the Federal Government. puts forth a working taxonomy and common lexicon that can be overlaid onto any organization’s existing occupational structure. Today. professional. this document. in 2008 and 2010. we need to ensure that this framework can be adopted and used across the nation in both the public and private sectors.

.

evaluating.. provides and supports a prototype capability and evaluates its utility. Risk/Vulnerability Analyst. Validator) Information Assurance Compliance Systems Requirements Planning Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions. with responsibility for some aspect of the systems’ development. Systems Engineer. Systems Security Analyst) Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning. functional.g. validation. Business Process Analyst. R&D Engineer. and performance characteristics (including interoperability) of systems or elements of systems incorporating IT. and writes/codes new (or modifies existing) computer applications. Software Developer. Security Solutions Architect. and validating of technical. Web Application Developer) Test and Evaluation Enterprise Architecture Develops system concepts and works on the capabilities phases of the systems development lifecycle. evaluates. Security Control Assessor. (Example job titles: Analyst Programmer. Program Developer. IA Software Engineer. Auditor. R&D Engineer. Quality Assurance Tester. Contracting Officer’s Technical Representative (COTR). (Example job titles: Application Security Tester. Systems Engineer. Requirements Analyst. verifying. Certification Agent. Computer Programmer. and building secure IT systems. Testing and Evaluation Specialist) Systems Development Works on the development phases of the systems development lifecycle. Ensures compliance from internal and external perspectives. Portfolio Manager. R&D Engineer) . Designated Accrediting Authority. IA Engineer. and supports the documentation. Systems Analyst. translates technology and environmental conditions (e. Systems Engineer) Technology Demonstration Conducts technology assessment and integration processes. Information Systems Security Engineer. SECURELY PROVISION Oversees. IA Compliance Analyst/Manager. Authorizing Official Designated Representative. Certifying Official. creates. Human Factors Engineer. Security Architect. A Software Developer. Computer Systems Analyst. Network Security Analyst. Information Systems Security Engineer. R&D Engineer. designing.Specialty areas concerned with conceptualizing. Information Security Architect. (Example job titles: IA Architect. Security Engineer. (Example job titles: Capabilities and Development Specialist. Contracting Officer. IA Engineer. Provides guidance to customers about applicability of information systems to meet business needs. (Example job titles: Accreditor. Security Engineer. IA Manager. or specialized utility programs. Security Engineer. Solutions Architect. Configuration Manager. Systems Consultant. (Example job titles: Business Analyst. (Example job titles: IA Developer. law and regulation) into system and security designs and processes. and accreditation processes necessary to assure that new IT systems meet the organization’s IA requirements. Compliance Manager. Systems Engineer) Software Engineering Develops. Information Systems Security Engineer. IA Officer. Secure Software Engineer. software.

.

firewalls. (Example job titles: IA Manager. Technical Support Specialist) Conducts the integration/testing. (Example job titles: Computer Support Specialist. Data Architect. and maintenance of systems security. IA Security Officer. Platform Specialist. Security Administrator. Systems Administrator. proxy servers. Content Administrator. Systems Administrator. document. Information Systems Security Engineer. Freedom of Information Act Official. tests. troubleshoots. switches.g. Data Manager.g. Website Administrator) Customer Service and Technical Support Systems Security Analysis Addresses problems. and maintenance necessary to ensure effective and efficient IT system performance and security.OPERA TE and maintain Specialty areas responsible for providing the support. (Example job titles: Cabling Technician. Telecommunications Engineer) Oversees the information assurance program of an information system inside or outside the network environment. and manages networks and their firewalls. Network Analyst/Designer/ Engineer. System Operations Personnel. and access intellectual capital and information content. Database Administrator. (Example job titles: IA Operational Engineer. Network Systems and Data Communications Analyst. and maintains server configurations (hardware and software) to ensure their confidentiality. and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems. ISSO). Also manages accounts. maintains. bridges. Information Security Analyst/Administrator/Manager. and patches. Data Warehouse Specialist. multiplexers. Information Manager. Information Resources Manager) Installs. (Example job titles: LAN Administrator. operations. may include procurement duties (e. Converged Network Engineer. Information Owner. administration. operates. Information Dissemination Manager) Data Administration Network Services Information System Security Management Installs. installs. Security Control Assessor) . troubleshoots. query. Document Steward. cables. configures.. Database Developer. integrity. including hardware (hubs. routers. and utilization of data. Service Desk Operator. and availability. Information Security Program Manager) System Administration Knowledge Management Manages and administers processes and tools that enable the organization to identify. Platform Specialist. Responsible for access control/ passwords/ account creation and administration. Business Intelligence Manager. Security Administrator. (Example job titles: Content Staging Specialist. Network Administrator. Information Systems Security Officer (ISSO). Customer Support. configures. Server Administrator. Security Analyst. Help Desk Representative. Information Assurance Security Officer. configures. Develops and administers databases and/or data management systems that allow for the storage. and provides maintenance and training in response to customer requirements or inquiries (e.. (Example job titles: Business Analyst. tiered-level customer support).

.

personnel. assesses the level of risk.PROTECT AND DEFEND Specialty areas responsible for the identification.g. Internal Enterprise Auditor. and mitigation of threats to internal IT systems or networks. to maximize survival of life. Reverse Engineer. Intrusion Analyst) Vulnerability Assessment and Management Computer Network Defense Infrastructure Support Conducts assessments of threats and vulnerabilities. Facility Security Officer. IT Director. Network Defense Technician. as needed.g. analysis. Principal Security Architect. implements. and information security.. information security) implications within the organization. CISO). Security Analyst. emergency planning. Incident Analyst. and report events that occur or might occur within the network in order to protect information. (Example job titles: CND Analyst (Cryptologic). Uses mitigation. security awareness. Security Operator. Senior Agency Information Security Officer) Incident Response Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats. Information Systems Security Engineer. deploys. determines deviations from acceptable configurations. Security Specialist) . (Example job titles: Blue Team Technician. IDS Engineer. Common Control Provider. preservation of property. Cyber Security Intelligence Analyst. Security Engineer. (Example job titles: IDS Administrator. Enterprise Security Officer. Ethical Hacker. Compliance Manager. analyze. specific program. CND Auditor. Close Access Technician. and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. policy enforcement. Focused Operations Analyst. enterprise or local policy. Sensor Analyst) Computer Network Defense Security Program Management Manages relevant security (e. Penetration Tester. and other resources (e. and response and recovery approaches. maintains. infrastructure. (Example job titles: Chief Information Security Officer (CISO). Uses defensive measures and information collected from a variety of sources to identify. Monitors network to actively remediate unauthorized activities. or other area of responsibility. IDS Technician. Security Analyst. Red Team Technician. information systems. Network Analyst. Investigates and analyzes all relevant response activities. Network Security Engineer/Specialist.. and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources. to include strategic. Network Administrator. Governance Manager. preparedness. (Example job titles: Computer Crime Investigator. Incident Responder. and networks from threats. Risk/Vulnerability Analyst/Manager) Tests. Risk Executive. Incident Handler.

.

techniques. fraud. Digital Media Collector. (Example job titles: Computer Network Defense Forensic Analyst. Special Agent) Investigation Digital Forensics Collects. analyzes. Forensic Technician. and procedures for a full range of investigative tools and processes to include. countersurveillance. interview and interrogation techniques.INVESTIGA TE Specialty areas responsible for the investigation of cyber events and/or crimes of IT systems. and appropriately balances the benefits of prosecution versus intelligence gathering. surveillance. Forensic Analyst (Cryptologic). and presents computer-related evidence in support of network vulnerability mitigation. or law enforcement investigations. but not limited to. Forensic Analyst. processes. networks. and digital evidence. counterintelligence. (Example job titles: Computer Crime Investigator. preserves. and/or criminal. Applies tactics. Digital Forensic Examiner. Network Forensic Examiner) . and surveillance detection.

.

Executes collection using appropriate collection strategies and within the priorities established through the collection management process. Collection Operations Cyber Operations Uses automated tools to manage. Conducts strategic and operationallevel planning across the full range of operations for integrated information and cyberspace operations.OPERA TE AND COLLECT Specialty areas responsible for the highly specialized collection of cybersecurity information that may be used to develop intelligence. Cyber Operations Planning Gathers information and develops detailed Operational Plans and Orders supporting requirements. . monitor. and/or execute large-scale cyber operations in response to national and tactical requirements.

.

countries. . Applies current knowledge of one or more regions. produces findings to help initialize or support law enforcement and counterintelligence investigations or activities. non-state entities. disciplines. draws insights about the possible implications. and/or technologies. Exploitation Analysis Targets Analyzes collected information to identify vulnerabilities and potential for exploitation. Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities. Cyber Threat Analysis All Source Intelligence Analyzes threat information from multiple sources. Synthesizes and places intelligence information in context. and agencies across the Intelligence Community.ANALYZE Specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

.

Command IO. (Example job titles: Chief Information Officer (CIO). Information Security Policy Analyst. plans. (Example job titles: Legal Advisor/SJA) Legal Advice and Advocacy Education and Training Conducts training of personnel within pertinent subject domain. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements. Information Security Policy Manager. Information Security Trainer. Develops. including legal briefs and proceedings. Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. and techniques as appropriate. (Example job titles: Cyber Trainer. methods. determine how to allocate resources. Policy Writer and Strategist) . and evaluates training courses.support Specialty areas providing support so that others may effectively conduct their cybersecurity work. and identify programs or infrastructure that are required to achieve desired goals within domain of interest. Security Training Coordinator) Strategic Planning and Policy Development Applies knowledge of priorities to define an entity’s direction. coordinates. Advocates legal and policy changes and makes a case on behalf of client via a wide range of written and oral work products.

.

tasks.LEARN MORE Online you will find links to a more in-depth and interactive document that dives into each specialty area providing example job titles. skills. and abilities (KSAs) associated with each specialty area. The following provides a sample of the kind of information you can find online: For detailed job descriptions go to: http://csrc.gov/nice/framework .nist. and knowledge.

.

accessible through the URL above. Are the specialty areas appropriately grouped within each major category? 2.nist.GET INVOLVED This online document also contains additional background information and instructions for providing feedback.e. Is there a specialty area you believe is not represented? 3. Below are a few questions you may find helpful in formulating your comments. . tasks and skills necessary to perform the work). Is there a specialty area that should be deleted? In the full document.. Your feedback and expertise are invaluable to this process. Please use the QR code or URL below for online access: http://csrc. you will also have an opportunity to review and provide feedback on the more detailed information within each specialty area (i.gov/nice/framework/ NICE is committed to developing a comprehensive and meaningful framework and lexicon that effectively defines our current cybersecurity population. 1.

nist.http://csrc.gov/nice SEPTEMBER 2011 .