7 Key Infosec Occupation Categories

Gov't Draft Aims to Help Better Architect IT Security Staffs

By , November 9, 2011.
7 Key Infosec Occupation Categories


See Also: Actionable Threat Intelligence: From Theory to Practice

he United States government is circulating a draft document of seven high-level categories that details descriptions, tasks, skills and job titles of IT security occupations that should help the federal government - and other public and private organization - to architect more effectively their staffs to safeguard data and systems (details of the categories are provided below).

NICE Cybersecurity Workforce Framework, from the National Initiative on Cybersecurity Education, provides detailed descriptions of the cybersecurity roles of and skills for scores of occupations, including some that might not appear to be tied to IT security.

Government agencies have been hampered in setting basic requirements, identifying skills and furnishing training to workers because of a lack of a common language to understand the work and skills required to secure IT. "There has not been a consistent way to define or describe cybersecurity work across the federal workforce," NICE Leader Ernest McDuffie said in a statement issued with the draft publication. "Other professions have organized their specialties, and now it is time for a common set of definitions for the cybersecurity workforce."

Occupational classifications for IT security within government would help simplify recruiting - recruiters would know the specific expertise to seek - and facilitate training by defining what skills need to be developed. Today, most cybersecurity professionals are classified as information technology specialists.

Karen Evans, the top IT official in the second Bush administration, said the framework will help individuals as well to "move from place to place and build upon their skills set ... due to having a common way to refer to knowledge, skills and abilities."

The publication of the cybersecurity workforce framework from NICE, an interagency effort coordinated by the National Institute of Standards and Technology, comes a year after the Commission on Cybersecurity for the 44th Presidency recommended to the federal government its own taxonomy on IT security occupations (see 9 Key Cybersecurity Roles for Government ).

Franklin Reeder, a former Office of Management and Budget executive and co-author with Evans of the commission white paper on IT security skills, said defining roles on real tasks is critical in developing IT security curriculum, creating certification programs and screening professionals. "Very different skill sets and proficiencies are required for the various roles involved in securing our cyber assets," Reeder says. "An intrusion detection analyst does very different things from, say, a software developer or a system administrator. ... Ultimately, we need a regime of screening tools and professional certifications that test proficiency, not just knowledge and skills."

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Leveraging DMARC to Fight Phishing

Taking full advantage of the DMARC standard can help mitigate the risk of phishing campaigns, says...

Latest Tweets and Mentions

ARTICLE Leveraging DMARC to Fight Phishing

Taking full advantage of the DMARC standard can help mitigate the risk of phishing campaigns, says...

The ISMG Network