Looking over and being able to read more about the NICE Workforce Framework is rather interesting. While it does not necessarily come as a surprise to me that a framework exists, it is, however, the first time I have seen a framework that aims to help standardize the type of roles and duties of those in the cybersecurity field. It even goes to show just how broad the cybersecurity field actually is, with roles varying from management and oversight, all the way down to the help-desk worker that provides technical support to the end user.

Oversight and governance roles, admittedly, are not very attractive to myself. I do find it important that there needs to be strong leadership to oversee their respective domains, but I have never considered myself the “management” type. I have always had the preference of getting my hands dirty and working directly with the people and systems when it relates to my work. I strongly prefer to perform, rather than direct others to do the same. I have always felt this has given myself better insight to exactly what our customers are experiencing first hand, allowing the possibility to better refine our documentation, policies, and workflow if there happens to be an item requiring improvement on our end.

My current role in cybersecurity fits into three separate categories: Design/Development, Implementation/Operation and Protection/Defense. My current job title is Cybersecurity Analyst, but in the NICE Workforce Framework, the two separate roles that closely define my duties are Systems Testing and Evaluation and Vulnerability Analysis. Some of my main responsibilities include vulnerability assessments and using those assessments to best guide some of our clients to better improve their cybersecurity posture. Or, more commonly, to implement these changes ourselves. Occasionally, I’ll travel to a site and perform a test on all the patches and configuration changes on a live network that we are looking at implementing before a full deployment. This field of work is not my career goal of penetration testing, but it does allow me to get my hands dirty directly with different systems.