Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.
The NICE Framework, short for The Workforce Framework for Cybersecurity, is a resource that helps employers recruit, train, and evolve their cybersecurity workforce in an enterprise. It helps to categorize the type of work employees do, and where they do it, no matter what it is, which helps to simplify matters for administrators not associated with the cybersecurity sector of an enterprise. It is comprised of 7 categorizes of common cybersec functionality, 33 special areas of work in cybersec, and 52 roles grouping many different employees based on work they do, their experience and qualifications, and the like. The 7 top categorizes are Analyze, Collect and Operate, Investigate, Operate and Maintain, Oversee and Govern, Protect and Defend, and finally Securely Provision. Each category has their own subsectors of special areas, ad even those have their own subsets of employee groups.
Out of the seven categories listed, I think I would be most interested in Protect and Defend. It’s essentially a very core aspect of cybersecurity, and the special areas involved in it are very interesting to me as well. Cyber Defense Analysis analyze threats to the network, and past intrusion attempts to keep it up to date against attacks while Cyber Defense Support implements many defensive changes, and maintains them if need be. Incident response is a role that is (hopefully) very rarely utilized, but they mainly react to and actively defend against ongoing intrusion attempts, or soon after. Finally, Vulnerability Assessment and Management is a key role in assessing the risk posed to a network. I actually have a friend who works in this role a Cybersecurity Auditor for a California based company, and he says the work is relatively manageable; they assess a companies protocols and procedures, including the training of their employees and the reliability of their networks, and they perform intrusion tests if need me. Finally, they have a meeting with the heads of the audited branch to report their findings, and offer recommendations to bolster their performance moving forward. I think that would be very interested to do as well.
The least interesting category to me would probably be Operate and Maintain. It includes a lot of technical support, knowledge management, and day-to-day upkeep of a network or systems. I was interested in it in the past, but it just seems so dreary after a while. From the outside, it looks very monotonous, but not very difficult. The most interesting one would definitely have to be Systems Admin for me, but when that would be a bit unsatisfying after a while. While Operate and Maintain are important roles in a network, Protect and Defend is both key to network security, and also looks far more interesting to me.