Cover image for blog post featuring gears, a thought bubble, and text

10 Cybersecurity Work Roles and their Alignment to the NICE Framework

March 18, 2021 | 5 minute read

Recognizing the NICE Framework as an essential tool, whether you’re building your resume and career path, recruiting and hiring cybersecurity talent for your organization, or formulating curricula to guarantee students’ success, is another step towards developing a formidable cybersecurity workforce. CISA states, “One of the biggest challenges is the lack of consistency in the way “cybersecurity” is defined. Job descriptions and titles for the same job roles vary from employer to employer. This makes it harder for universities and colleges to prepare students for their first job. Employers spend time and resources retraining new hires and employees don’t have clear career options.” This statement, first and foremost, calls for unity across industry, government, and higher education. Secondly, it begs the question of the directional impact federal support and standardization could have in developing the cybersecurity workforce.

Utilizing the NICE Framework

“Start by taking inventory of your transferable technical skills and make note of the skills you’d like to learn to land a job in cybersecurity. This applies to soft skills as well.” (CompTia) For an individual entering the cybersecurity workforce, or a current cybersecurity worker, the ability to take inventory of one’s skills across the span of your career, as well as find out what skills you are missing for a particular work role or task, is invaluable. If applying for a new job, or seeking a senior role within a company, it is always pertinent to provide KSAs, soft skills, and be able to describe, in detail, your experiences as they relate to each. This is where the NICE Framework comes in. It is a lexicon that aims to organize and clearly define cybersecurity work into Categories, Specialty Areas, Work Roles and Tasks, and Knowledge, Skills, and Abilities (KSAs). By developing a common language and standard of communication in the cybersecurity workforce, the NICE Framework defines professional requirements for cybersecurity job positions and creates a common standard of knowledge for each position within the industry.

“Start by taking inventory of your transferable technical skills and make note of the skills you’d like to learn to land a job in cybersecurity. This applies to soft skills as well.”

Below, we’ve pulled ten different work roles from CyberKnights portal, to show how they align to the NICE Framework, and the language used to describe each. This includes those work roles we’ve seen trending in research data, such as CyberSeek’s interactive heat map. In support of standardization, the job titles you see below, and their associated KSATs, are aligned directly to the NICE Framework and no alternatives are provided.

Secure Software Assessor

KSAs: 57

Category: Securely Provision

Specialty Area: Software Development

 Work Role Description: Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results. 

Examples of associated Tasks

  • Apply coding and testing standards, apply security testing tools including “‘fuzzing” static-analysis code scanning tools, and conduct code reviews.
  • Consult with engineering staff to evaluate interface between hardware and software.
  • Conduct trial runs of programs and software applications to ensure that the desired information is produced and instructions and security levels are correct.

Cyber Defense Analyst

KSAs: 91

Category: Protect and Defend

Specialty Area: Cybersecurity Defense Analysis

 Work Role Description: Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. 

Examples of associated Tasks

  • Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
  • Isolate and remove malware.
  • Reconstruct a malicious attack or activity based off network traffic.

Information Systems Security Manager

KSAs: 59

Category: Oversee and Govern

Specialty Area: Cybersecurity Management

 Work Role Description: Responsible for the cybersecurity of a program, organization, system, or enclave. 

Examples of associated Tasks

  • Advise appropriate senior leadership or Authorizing Official of changes affecting the organization’s cybersecurity posture
  • Lead and oversee information security budget, staffing, and contracting.
  • Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.

Network Operations Specialist

KSAs: 58

Category: Operate and Maintain

Specialty Area: Network Services

 Work Role Description: Plans, implements, and operates network services/systems, to include hardware and virtual environments. 

Examples of associated Tasks

  • Configure and optimize network hubs, routers, and switches (e.g., higher-level protocols, tunneling).
  • Install and maintain network infrastructure device operating system software (e.g., IOS, firmware).
  • Patch network vulnerabilities to ensure that information is safeguarded against outside parties.

Software Developer

KSAs: 63

Category: Operate and Maintain

Specialty Area: Network Services

 Work Role Description: Develops, creates, maintains, and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs. 

Examples of associated Tasks

  • Analyze information to determine, recommend, and plan the development of a new application or modification of an existing application.
  • Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.
  • Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.

Technical Support Specialist

KSAs: 33

Category: Operate and Maintain

Specialty Area: Customer Service and Technical Support

 Work Role Description: Provides technical support to customers who need assistance utilizing client-level hardware and software in accordance with established or approved organizational process components (i.e., Master Incident Management Plan, when applicable). 

Examples of associated Tasks

  • Troubleshoot system hardware and software.
  • Diagnose and resolve customer reported system incidents, problems, and events.
  • Administer accounts, network rights, and access to systems and equipment.

Systems Developer

KSAs: 79

Category: Securely Provision

Specialty Area: Systems Development

 Work Role Description: Designs, develops, tests, and evaluates information systems throughout the systems development life cycle. 

Examples of associated Tasks

  • Build, test, and modify product prototypes using working models or theoretical models.
  • Develop and direct system testing and validation procedures and documentation.
  • Employ configuration management processes.

Vulnerability Assessment Analyst

KSAs: 50

Category: Protect and Defend

Specialty Area: Vulnerability Assessment and Management

 Work Role Description: Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. 

Examples of associated Tasks

  • Analyze organization’s cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
  • Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
  • Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).

Systems Administration

KSAs: 52

Category: Operate and Maintain

Specialty Area: Systems Administration

 Work Role Description: Responsible for setting up and maintaining a system or specific components of a system (e.g. for example, installing, configuring, and updating hardware and software; establishing and managing user accounts; overseeing or conducting backup and recovery tasks; implementing operational and technical security controls; and adhering to organizational security policies and procedures). 

Examples of associated Tasks

  • Conduct functional and connectivity testing to ensure continuing operability.
  • Manage accounts, network rights, and access to systems and equipment.
  • Oversee installation, implementation, configuration, and support of system components.

Cyber Defense Forensics Analyst

KSAs: 70

Category: Investigate

Specialty Area: Digital Forensics

 Work Role Description: Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation. 

Examples of associated Tasks

  • Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion.
  • Decrypt seized data using technical means.
  • Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration.

In conclusion

What the NICE Framework has to offer cybersecurity workers, employers, and educators alike, is reliable, nationally recognized and adopted uniformity. It’s a tool that, when applied with other solutions, streamlines the applicant’s process of sifting through lengthy job postings, trying to find one that matches their skills and experiences. And on the opposite end, creates an opportunity for employers, recruiters, and educators to speak one, common language regarding cybersecurity. The potential this framework has to effectively scale the cybersecurity workforce hangs in the balance of stakeholders, academia, and the federal government, to invest more resources into furthering the development of innovative solutions that leverage the NICE Framework.

If you want to find out more about the work roles listed above, individual KSAs, and more associated tasks, simply register for CyberKnights. One feature of the portal, is that you can easily browse the NICE Cybersecurity Workforce Framework, as well as the Competency Framework. The Competency Framework is an alternative breakdown of KSAs, categorized by four competency groups (Leadership, Professional, Technical, and Operational) that are then broken out into competencies that align to specific KSAs. To enhance your cybersecurity career journey, become familiar with the terms, titles, and descriptions already being adopted and used in the cybersecurity recruitment and hiring process. Take our Soft Skills Assessment, to start earning KSAs and building your profile today!