Prompt:
Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.
Answer:
The workforce area that is most interesting to me is that of Cyberspace Intelligence and the least interesting is Design and Development. There are several reasons why I prefer the area of Cyberspace Intelligence, one being that I feel that the area is the most proactive in approach. It is proactive because without properly identifying and evaluating threats, the enterprise cannot begin to determine or implement appropriate defenses. Bad intelligence can also result in an enterprise overestimating and therefore overspending for a non-existent threat or can result in the enterprise being underprepared and being compromised as a result. In the majority of professionals roles I have had, my company overestimated our risks because of higher exposure to industry news and resources, however, our clients often underestimated the potential risks because they were not technical and were cost averse. In both cases, these were failures of intelligence gathering on our part, as proper intelligence would have led our company to be more cost efficient and our clients to be more open to implementation of proper controls.
The area that is least appealing to me professionally is that of Design and Development, and there is one reason why. Designers and Developers are far more reactive in nature than intelligence professionals. This is due to the fact that after infrastructure is deployed or an application is published, these professionals will need to rush patches or quickly implement controls in response to real world vulnerabilities that may be identified. They can attempt to implement best practices and perform security testing before they deploy assets, but they may not replicate real world problems nor will they prevent adversarial hackers from mis-using the software to find bugs. As the world learned with the Microsoft Windows outage in July of 2024, a poorly formed software update as in the case of Crowdstrike can potentially do more damage than the best executed cybercrime.