Credit: Natasha Hanacek/NIST
Yesterday, the National Institute of Standards and Technology released a finalized draft of its Cybersecurity Workforce Framework, which aims to provide organizations a common lexicon when describing the role, area of specialty, scope of work, and the knowledge, skills, and abilities (KSA) of cybersecurity professionals. Organizations may use the framework to better define cybersecurity-related job descriptions or to make distinctions between the types of IT security positions in the workforce. NIST also hopes the framework will give cybersecurity professionals and employers a common language when skills and abilities are referenced in job descriptions. “The NICE Cybersecurity Workforce Framework improves communication, about how to identify, recruit, develop, and retain cyber security talent,” according to the NIST report. “It is a resource from which organizations or sectors can develop additional publications, or tools that meet their needs to define or provide guidance on different aspects of workforce development, planning, training, and education.”
The roles of cybersecurity professionals vary between organization and sectors, but the framework, developed by the NIST-led National Initiative for Cybersecurity Education (NICE) with contributions from the Departments of Defense and Homeland Security will serve as a source of reference across sectors.
NICE expects the framework to serve as a foundation for the development of training standards, and also to help organizations understand how an entire workforce may already contribute to cybersecurity-related roles. “When identifying their cybersecurity staff, many organizations overlook cybersecurity tasks being performed by lawyers, auditors and procurement officers,” said William Newhouse, NICE deputy director and lead author of the document, back in 2016. “The NCWF can help an organization identify cybersecurity tasks within a work role that are vital to its mission and then examine if its current staff can perform those tasks and, if not, hire staff who can.”
Access the complete copy of the NIST Cybersecurity Workforce Framework
