The National Cybersecurity Workforce Framework
The number of cybersecurity-related jobs already outpaces the number of people qualified to fill them, and that demand is growing rapidly. The Department of Homeland Security (DHS) is working with our nation’s private industry, academia, and government to develop and maintain an unrivaled, globally competitive cyber workforce.
One of the biggest challenges is the lack of consistency in the way cybersecurity is defined. Job descriptions and titles for the same job roles vary from employer to employer. This makes it harder for universities and colleges to prepare students for their first job. Employers spend time and resources retraining new hires and employees do not have clear career options.
The National Cybersecurity Workforce Framework is the foundation for increasing the size and capability of the U.S. cybersecurity workforce. It provides a common definition of cybersecurity, a comprehensive list of cybersecurity tasks, and the knowledge, skills, and abilities required to perform those tasks. By using the Framework:
-
Educators can create programs that are aligned to jobs.
-
Students can graduate with knowledge and skills that employers need.
-
Employers can recruit from a larger pool of more qualified candidates.
-
Employees will have portable skills and better defined career paths and opportunities.
-
Policy makers can set standards to promote workforce professionalization.
DHS partnered with industry, academia, and government to develop the Workforce Framework. It is being implement across the Federal Government and is accepted as a best practice resource to define the field of cybersecurity. DHS has also published resources to help employers, educators, and training providers implement the Workforce Framework within their organizations and communities.(2)
The National Cybersecurity Workforce Framework provides a blueprint to categorize, organize, and describe cybersecurity work into Specialty Areas, tasks, and knowledge, skills, and abilities (KSAs). The Workforce Framework provides a common language to speak about cyber roles and jobs and helps define personal requirements in cybersecurity.
Within the Framework, there are seven Categories, each comprising of several Specialty Areas. This organizing structure is based on extensive job analyses that groups together work and workers that share common major functions, regardless of job titles or other occupational terms.
Category One) Analysis specialty areas are responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence:
-
All Source Intelligence analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
-
Exploitation Analysis specialists analyze collected information to identify vulnerabilities and potential for exploitation.
-
Targets specialists apply current knowledge of one or more regions, countries, non-state entities, and/or technologies.
-
Threat Analysis specialists identify and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
Category Two) Collect and Operate areas are responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence:
-
Collection Operations specialists execute collection using appropriate strategies and within the priorities established through the collection management process.
-
Cyber Operations specialists perform activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.
-
Cyber Operations Planning specialists perform in-depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conduct strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations.
Category Three) Investigate has specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence:
-
Digital Forensics specialists collect, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations.
-
Investigation specialties apply tactics, techniques, and procedures for a full range of investigative tools and processes to include but not limited to interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering.
Category Four) Operate and Maintain has specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security:
-
Customer Support specialists address problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries.
-
Data Administration specialists develop and administers databases and/or data management systems that allow for the storage, query, and utilization of data.
-
Knowledge Management specialists manage and administer processes and tools that enable the organization to identify, document, and access intellectual capital and information content.
-
Network Services specialists install, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.
-
System Administration specialists install, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability. Also manages accounts, firewalls, and patches. Responsible for access control, passwords, and account creation and administration.
-
Systems Security Analysts conduct the integration/testing, operations, and maintenance of systems security.
Category Five) Oversight and Development specialty areas provide leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work:
-
Education and Training specialists conduct training of personnel within pertinent subject domain. Develop, plan, coordinate, deliver and/or evaluate training courses, methods, and techniques as appropriate.
-
Information Systems Security Operations (Information Systems Security Officer) oversee the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., ISSO).
-
Legal Advice and Advocacy specialists provide legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocates legal and policy changes, and makes a case on behalf of client via a wide range of written and oral work products, including legal briefs and proceedings.
-
Security Program Management (Chief Information Security Officer) manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., CISO).
-
Strategic Planning and Policy Development specialists apply knowledge of priorities to define an entity.
Category Six) Protect and Defend specialty areas are responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks:
-
Computer Network Defense Analysts use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
-
Computer Network Defense Infrastructure Support specialists test, implements, deploys, maintains, reviews and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources. Monitors network to actively remediate unauthorized activities.
-
Incident Response specialists respond to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats and use mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.
-
Vulnerability Assessment and Management specialists conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
Category Seven) Securely Provision specialty areas are concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development:
-
Information Assurance Compliance specialists oversee, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements and ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
-
Software Assurance and Security Engineering specialists develop and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
-
Systems Development specialists work on the development phases of the systems development lifecycle.
-
Systems Requirements Planning specialists consult with customers to gather and evaluate functional requirements and translate those requirements into technical solutions while providing guidance to customers about applicability of information systems to meet business needs.
-
Systems Security Architecture specialists develop system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.
-
Technology Research and Development specialists conduct technology assessment and integration processes; provides and supports a prototype capability and/or evaluates its utility.
-
Test and Evaluation specialists develop and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating IT.(3)