How to use the NICE Cybersecurity Workforce Framework to plan career progression: A practitioners’ guide

Introduction: An overview of the NICE Cybersecurity Workforce Framework

In 2017, the National Institute of Standards and Technology (NIST) published Special Publication 800-181, the NICE Cybersecurity Workforce Framework (or NICE Framework); the document categorizes and describes cybersecurity work as well as the knowledge, skills and abilities (KSAs) needed by professionals to complete tasks in the field. SP 800-181 is updated periodically and continues to serve as a means to map the work roles in this ever-evolving field based on continuous updating and much interdisciplinary.

With a total of 52 identified work roles, the usefulness of this NICE Framework can be great under many points of view: it can help organizations to operate successfully by allowing them to define position descriptions that are adequate and current to meet the challenges of the time. Jobs can be identified by their category and specialty area, through a sequential number (e.g., SP-RSK-001 is the first work role in the SP Category and RSK Specialty Area) and companies can precisely align their positions to the Workforce Framework. This not only helps ensure proper placement of staff, but also the planning of the best possible development plan through role-based training or upskilling.

SP 800-181 can also assist recruiters in identifying the right people for available positions by looking for the specific KSAs needed to perform the requested tasks. The framework can help education institutions to tailor their programs to the needs of the labor market and assist professionals in building and advancing their career by providing guidance on the skills and knowledge they need to obtain as they progress through their employment life.

How the NCWF is structured

The NICE Cybersecurity Workforce Framework has several components:

  • Categories (7): A collection of common cybersecurity functions
  • Specialty Areas (33): Areas of work (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Brecht. Read the original post at: