Reviewing the NICE Workforce Framework

The NICE Workforce Framework for Cybersecurity is a lexicon that categorizes cybersecurity jobs and what those jobs would require workers to know and be able to do. It lists the task statement, knowledge statement, skill statement, work roles, and competency areas for the job. The NICE Framework shows the cybersecurity categories, specialty areas, and work roles, with each getting deeper into detail.

There are seven categories for cybersecurity; analyzing, collecting and operating, investigating, operating and maintaining, overseeing and governing, protecting and defending, and securing provision. The categories that interest me most are overseeing and governing, protecting and defending, and securing provision.

Starting with overseeing and governing. Some of the specialty areas that interest me in this category are cybersecurity management, strategic planning and policy, and education. Cybersecurity management would see me overseeing the cybersecurity program for a system or network. Meanwhile, strategic planning would have me develop policies and advocate for changes. Lastly, for education, I’d be teaching methods and techniques to help others excel in the field of cybersecurity.

For protecting and defending, the areas that interest me most are cyber defense infrastructure support, incident response, and vulnerability assessment and management. Cyber defense infrastructure support would test, implement, deploy, maintain, review, and administer infrastructure hard and software to manage computer networks. Next, incident response responds to urgent situations with eh aim to mitigate immediate and potential threats. Vulnerability assessment and management conduct assessments of threats and vulnerabilities, assessing the level of risk, and developing mitigation countermeasures.

Secure provision interests me due to software development, systems architecture, and technology R&D. Software development is developing and writing code for computer applications, software, and programs. To do systems architecture, I’d have to develop system concepts and work on a system’s development life cycle. I’d also be translating technology and environmental conditions into system and security designs. Finally, technology R&D is conducting assessments of technology and integration processes, providing and supporting the capability of a prototype.

While I listed all of the categories that interest me the most, the category I would look at last is investigation. Investigation in cybersecurity consists of investigating cyber events or crimes related to IT systems, networks, and digital evidence. There are two specialty areas in this field. The first is cyber investigating, which identifies, collects, and examines the evidence. The other area is digital forensics. They collect, process, preserve, analyze, and present computer-related evidence to support mitigation and aid in law enforcement investigations.