NICE Cybersecurity Workforce Framework
NICE Cybersecurity Workforce Framework is a 2-day training that provides an overview of NICE Cybersecurity Workforce Framework. Participants will learn how to apply the NICE Cybersecurity Workforce Framework to their cybersecurity workforce needs.
The NICE Framework is comprised of categories, specialty areas and work roles components. NICE, led by NIST, is a partnership between government, academia, and the private sector working to promote cybersecurity education, training, and workforce development. The NICE Framework uses a top-down approach where each of seven Categories are comprised of Specialty Areas (33 total) which are then broken down into Work Roles (52 total):
- Categories (7) A high-level grouping of common cybersecurity functions
- Specialty Areas (33) Distinct areas of cybersecurity work
- Work Roles (52) The most detailed groupings of cybersecurity work comprised of specific knowledge, skills, and abilities (KSAs) required to perform tasks in a Work Role
This tool is based on the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NIST Special Publication 800-181, August 2017).
The NICE Cybersecurity Workforce Framework is the foundation for increasing the size and capability of the U.S. cybersecurity workforce. Participants will learn about a common definition of cybersecurity, a comprehensive list of cybersecurity tasks, and the knowledge, skills, and abilities required to perform those tasks. In addition the course covers the building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work performed by individuals and teams. The NICE Framework enables organizations to develop their workforces to perform cybersecurity work.
Who Should Attend
This course is designed for engineers, scientists, managers, analysts, and other professionals who need to develop or use a cyber security workforce plan. Participants will learn how to improve their organization’s cybersecurity performance and assign cybersecurity roles mapped to NICE framework.
- Educators can create programs that are aligned to jobs.
- Employers can recruit from a larger pool of more qualified candidates.
- Employees will have portable skills and better defined career paths and opportunities.
- Policy makers can set standards to promote workforce professionalization.
Overview of NICE Cybersecurity Workforce Framework
- Specialty Areas
- Work Roles
Overview of NICE Seven Categories
- Common cybersecurity workforce functions
- Collect and Operate
- Operate and Maintain
- Oversee and Govern
- Protect and Defend
- Securely Provision
Overview of Work Roles
- Concept of Knowledge, Skills, and Abilities (KSAs)
- KSAs vs. Tasks
Analyze Cybersecurity Information
- Mapping Information to Intelligence
- All-Source Analysis
- Exploitation Analysis
- Language Analysis
- Threat Analysis
Collect and Operate
- Denial and Deception Operations and Collection of Cybersecurity Information
- Collection Operations
- Cyber Operational Planning
- Cyber Operations
- Cybersecurity events or crimes
- Information technology (IT) systems, networks, and digital evidence
- Cyber Investigation
- Tactics, techniques, and procedures
- Interview and interrogation techniques
- Surveillance, counter surveillance, and surveillance detection
- Digital Forensics
- Tools to Collect, process, preserve, analyze, and present computer-related
- Network vulnerability mitigation and/or criminal, fraud, counterintelligence, or law enforcement investigations
Operate and Maintain
- Support, administration, and maintenance
- Efficient information technology (IT) system performance and security.
- Customer Service and Technical Support
- Data Administration
- Knowledge Management
- Network Services
- Systems Administration
- Systems Analysis
Oversee and Govern
- Leadership, management, direction, or development
- Conduct cybersecurity work.
- Cybersecurity Management
- Executive Cyber Leadership
- Legal Advice and Advocacy
- Program/Project Management and Acquisition
- Strategic Planning and Policy
- Training, Education, and Awareness
Protect and Defend
- Cyber Defense Analysis
- Cyber Defense Infrastructure Support
- Incident Response
- Vulnerability Assessment and Management
- Risk Management
- Software Development
- Systems Architecture
- Systems Development
- Systems Requirements Planning
- Technology R&D
- Cybersecurity Test and Evaluation