A blueprint to define cybersecurity work and develop cybersecurity talent in the workforce is now available for public comment.
The Cybersecurity Workforce Framework by the National Initiative on Cybersecurity Education, a nationally coordinated effort focused on cybersecurity awareness and training, provides both public and private organizations a common strategy for building, training and retaining cybersecurity talent.
"Today, there is little consistency in how cybersecurity work is defined or described throughout the federal government and the nation," the framework states. "The absence of a common language to discuss and understand the work and skill requirements of cybersecurity professionals hinders our nation's ability to baseline capabilities, identify skill gaps, develop cybersecurity talent in the current workforce and prepare the pipeline of future talent."
The framework organizes jobs into seven categories, grouping together employees and work that share common functions. The framework also gives job title examples for each category. The seven categories are:
- Securely provision -- workers who conceptualize, design and build secure IT systems;
- Operate and maintain -- workers who are responsible for providing support, administration and maintenance necessary to ensure effective and efficient IT system performance and security;
- Protect and defend -- a specialty area for those responsible for identifying, analyzing and mitigating threats to internal IT systems or networks;
- Investigate -- workers responsible for investigating cyber events and/or crimes of IT systems, networks and digital evidence;
- Operate and collect -- professionals responsible for collecting cybersecurity information to be used in developing intelligence;
- Analyze -- professionals responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence; and
- Support -- workers who provide support so that others may effectively conduct cybersecurity work.
In 2010, the Obama administration launched the NICE initiative to bolster cyber awareness, education and training. The program is led by the National Institute for Standards and Technology, but also includes other agencies like the Homeland Security Department and Office of Personnel Management.
The framework "has been developed largely with input from the federal government, but that is not sufficient," the framework states. "We need to ensure that this framework can be adopted and used across the nation in both the public and private sectors."
Comments on the NICE framework will be accepted through Dec. 16 and can be e-mailed to NICEFrameworkComments@nist.gov.