The personnel office nudged agencies to finish coding cybersecurity job descriptions as part of an ongoing workforce assessment.
Federal agencies have until April 2018 to analyze their cybersecurity workforces and categorize the specific skills and responsibilities pertinent to each role.
The Office of Personnel Management issued a memo this week about next steps for agencies covered by the 2015 Federal Cybersecurity Workforce Assessment Act, which aims to standardize the definitions for various cybersecurity roles to better anticipate training and recruitment needs.
OPM directed agencies to code the positions for IT and cyber roles, and to identify which of those positions were in critical need in their internal workforce. Agencies are then required to submit to OPM a report about the level of need, due in April 2019.
The coding standards are similar to an early version of the National Initiative for Cybersecurity Education cybersecurity workforce framework, which outlines nine categories and 31 specialties tagging various positions. A cybersecurity executive leadership position, for instance, might require responsibilities related to decision-making, establishing an organization’s top-down mission, and allocating resources. A cyber-defense analyst, in contrast, might need to collect data from network traffic logs to analyze their own environments and mitigating threats.
OPM is currently developing the guidance that agencies should use to determine the cyber roles in the most critical need, the memo noted.