CYBER SECURITY WORKFORCE DEVELOPMENT FRAMEWORK https://www.nist.gov/itl/applied-cybersecurity/nice

SECURELY PROVISION OVERSEE AND GOVERN Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct with responsibility for aspects of system and/or network development. cyber security work.

• Risk Management • Systems Architecture • Test and Evaluation • Legal Advice and Advocacy • Cyber Security Management • Executive Cyber Leadership Oversees, evaluates, and supports the Develops system concepts and works on the Develops and conducts tests of systems to evaluate Provides legally sound advice and recommendations Oversees the cyber security program of an information Supervises, manages and/or leads work and workers documentation, validation, assessment and capabilities phases of the systems development compliance with specifications and requirements by to leadership and staff on a variety of relevant topics system or network, including managing information performing cyber and cyber-related and/or cyber authorization processes necessary to assure that life cycle; translates technology and environmental applying principles and methods for cost-effective within the pertinent subject domain. Advocates legal security implications within the organization, specific operations work. existing and new information technology (IT) systems conditions (e.g., law and regulation) into system and planning, evaluating, verifying and validating of and policy changes, and makes a case on behalf program or other area of responsibility, to include meet the organization’s cyber security and risk security designs and processes. technical, functional and performance characteristics of client via a wide range of written and oral work strategic, personnel, infrastructure, requirements, • Program/Project Management requirements. Ensures appropriate treatment of risk, (including interoperability) of systems or elements of products, including legal briefs and proceedings. policy enforcement, emergency planning, security and Acquisition compliance and assurance from internal and external • Technology R&D systems incorporating IT. awareness and other resources. Applies knowledge of data, information, perspectives. Conducts technology assessment and integration • Training, Education and Awareness processes, organizational interactions, skills processes; provides and supports a prototype • Systems Development Conducts training of personnel within the pertinent • Strategic Planning and Policy and analytical expertise, as well as systems, • Software Development capability and/or evaluates its utility. Works on the development phases of the systems subject domain. Develops, plans, coordinates, Develops policies and plans and/or advocates networks and information exchange capabilities Develops and writes/codes new (or modifies existing) development life cycle. delivers and/or evaluates training courses, methods for changes in policy that support organizational to manage acquisition programs. Executes duties computer applications, software or specialized • Systems Requirements Planning and techniques as appropriate. cyberspace initiatives or required changes/ governing hardware, software, and information utility programs following software assurance best Consults with customers to gather and evaluate enhancements. system acquisition programs and other program practices. functional requirements and translates these into management policies. Provides direct support for technical solutions. Provides guidance to customers acquisitions that use information technology (IT) about applicability of information systems to meet (including National Security Systems), applying business needs. IT-related laws and policies, and provides IT-related guidance throughout the total acquisition life cycle. INVESTIGATE Investigates cyber security events or crimes related to information technology (IT) systems, networks, and digital evidence. PROTECT AND DEFEND Identifies, analyzes and mitigates threats to internal information • Cyber Investigation • Digital Forensics technology (IT) systems and/or networks. Applies tactics, techniques and procedures for a full Collects, processes, preserves, analyzes and range of investigative tools and processes to include, presents computer-related evidence in support of but not limited to, interview and network vulnerability mitigation and/or criminal, techniques, , counter surveillance, and fraud, or law enforcement • Cyber Defense Analysis • Incident Response surveillance detection, and appropriately balances investigations. Uses defensive measures and information Responds to crises or urgent situations NICE the benefits of prosecution versus intelligence collected from a variety of sources to identify, within the pertinent domain to mitigate National Initiative for gathering. analyze and report events that occur or immediate and potential threats. Uses might occur within the network to protect mitigation, preparedness and response and information, information systems and recovery approaches, as needed, to maximize Cybersecurity Education networks from threats. survival of life, preservation of property and information security. Investigates and • Cyber Defense Infrastructure analyzes all relevant response activities. Support Work Roles | Tasks | Skills ANALYZE Tests, implements, deploys, maintains, • Vulnerability Assessment and Knowledge | Abilities Performs highly specialized review and evaluation of incoming cyber reviews and administers the infrastructure Management hardware and software that are required to Conducts assessments of threats and security information to determine its usefulness for intelligence. effectively manage the computer network, vulnerabilities; determines deviations from defense service provider network and acceptable configurations, enterprise or resources. Monitors network to actively local policy; assesses the level of risk; and remediate unauthorized activities. develops and/or recommends appropriate • Threat Analysis • All-Source Analysis mitigation countermeasures in operational Identifies and assesses the capabilities and Analyzes threat information from multiple and nonoperational situations. activities of cyber security criminals or foreign sources, disciplines and agencies across intelligence entities; produces findings to the Intelligence Community. Synthesizes and help initialize or support law enforcement places intelligence information in context; and counterintelligence investigations or draws insights about possible implications. activities. • Targets • Exploitation Analysis Applies current knowledge of one or more Analyzes collected information to identify regions, countries, non state entities and/or vulnerabilities and potential for exploitation. technologies. • Language Analysis OPERATE AND MAINTAIN Applies language, cultural and technical Provides the support, administration and maintenance necessary to ensure effective and efficient expertise to support information collection, information technology (IT) system performance and security. analysis and other cyber security activities.

• Data Administration • Customer Service and Technical Support • Systems Administration Develops and administers databases and/or data Addresses problems; installs, configures, troubleshoots, and Installs, configures, troubleshoots and maintains server COLLECT AND OPERATE management systems that allow for the storage, query, provides maintenance and training in response to customer configurations (hardware and software) to ensure their protection and utilization of data. requirements or inquiries (e.g., tiered-level customer confidentiality, integrity and availability. Manages Provides specialized denial and operations and collection of support). Typically provides initial incident information to accounts, firewalls and patches. Responsible for cyber security information that may be used to develop intelligence. • Knowledge Management the Incident Response (IR) Specialty. access control, passwords and account creation and Manages and administers processes and tools that administration. enable the organization to identify, document and access • Network Services intellectual capital and information content. Installs, configures, tests, operates, maintains, and • Systems Analysis • Collection Operations • Cyber Operational Planning • Cyber Operations manages networks and their firewalls, including hardware Studies an organization’s current computer systems and Executes collection using appropriate strategies Performs in-depth joint targeting and cyber security Performs activities to gather evidence on criminal (e.g., hubs, bridges, switches, multiplexers, routers, procedures, and designs information systems solutions and within the priorities established through the planning processes. Gathers information and develops or foreign intelligence entities to mitigate possible cables, proxy servers and protective distributor systems) to help the organization operate more securely, efficiently collection management process. detailed Operational Plans and Orders supporting or real-time threats, protect against and software that permit the sharing and transmission of and effectively. Brings business and information requirements. Conducts strategic and operational- or insider threats, foreign sabotage, international all spectrum transmissions of information to support the technology (IT) together by understanding the needs and level planning across the full range of operations for terrorist activities, or to support other intelligence security of information and information systems. limitations of both. integrated information and cyber space operations. activities.

Further information regarding this poster‘s topic can be found on this website: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework and in this NIST Special Publication 800-181: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf?trackDocs=NIST.SP.800-181.pdf