NICE, or the National Initiative for Cybersecurity Education, is part of the National Institute of Standards and Technology (NIST). NICE works within private and public sectors, the federal government, and academia to improve the quality and quantity of solutions to cybersecurity challenges. It accomplishes this with the NICE Cybersecurity Workforce Framework. Since 2014, the Framework has been available to the public, initially used voluntarily. However, in 2015, the Federal Cybersecurity Workforce Assessment Act was passed. The Act required federal agencies to use the NICE Framework to recruit technology and cybersecurity professionals to fill federal roles.
How Does the NICE Framework Work?
The NICE Framework aims to organize and define cybersecurity activities into categories, specialties, work roles, and knowledge, skills, and abilities (KSA). The Framework uses common terminology to provide consistency in communication in the cybersecurity industry, defining the criteria and requirements for job roles.
The seven categories of the NICE Framework are Analyze, Collect and Operate, Investigate, Operate and Maintain, Oversee and Govern, Protect and Defend, and Securely Provision. Within the categories, 32 specialty areas represent areas of concentrated functions or work in cybersecurity. The work roles section of the Framework consists of a detailed list of attributes (KSAs) and tasks that are required to perform specific roles.
In general terms, the NICE Framework is an excellent high-level tool for organizations and managers who seek to improve the process of identifying, recruiting, developing, and retaining cybersecurity talent. Using the Framework, you can effectively define your cybersecurity workforce and identify gaps in your current team.
The NICE Framework is used by numerous organizations, including education providers, training and certification providers, and technology providers. Managers who use the Framework are able to accurately detail each role within their team, understanding exactly which KSAs are needed.
Cybersecurity Roles Aligned with the NICE Framework
The following are five top cybersecurity work roles and how they align with the NICE Framework.
The Systems Administrator role falls under the Operate and Maintain category and the Systems Administration specialty area of the NICE Framework. The role encompasses 52 of the Framework’s KSAs and is responsible for installing, configuring, maintaining, and updating systems or components of systems. Additionally, the Systems Administrator may manage accounts and access to systems and perform connectivity and functional testing to minimize downtime.
Information Systems Security Manager
An Information Systems Security Manager oversees the information security of an organization, a program, or a region. In this role, the professional may be charged with updating senior leadership about any changes that could affect the company’s security posture. They may oversee cybersecurity staffing, budget, contracting, and target or threat analysis.
The Information Systems Security Manager work role is part of the Oversee and Govern category and Cybersecurity Management specialty area, and it consists of 59 of the NICE Framework’s KSAs.
Cyber Defense Forensics Analyst
The role of Cyber Defense Forensics Analyst falls under the Investigate category and Digital Forensics specialty area of the NICE Framework. It contains 70 of the Framework’s KSAs. In the workplace, a Cyber Defense Forensics Analyst is responsible for analyzing digital evidence and investigating cybersecurity incidents to gain useful information that supports network and system vulnerability mitigation. The duties of this role include analyzing evidence, log files, and other data to determine the best course of action for discovering network intrusion perpetrators.
The Systems Developer work role consists of 79 of the KSAs associated with the Securely Provision category and Systems Development specialty area. A Systems Developer builds, tests, and modifies prototypes of products utilizing theoretical or working models. They develop and direct testing and validation methods and documentation. A Systems Developer may also use configuration management processes.
Cyber Defense Analyst
As part of the Protect and Defend category and Cybersecurity Defense Analysis specialty area, the Cyber Defense Analyst work role is responsible for mitigating cyber threats. They do so by using the data gathered from various cyber defense tools and analyzing events occurring within the environment. This role has 91 of the NICE Framework’s KSAs associated with it. It is essential because it works to identify and analyze abnormal activity and potential threats to the network and infrastructure so that they can be mitigated.
Final Thoughts about Roles Aligned with the NICE Framework
With the current deficit of qualified cybersecurity professionals in the industry, finding and retaining talent is a critical task for hiring managers. For organizations, it’s essential to adopt a hiring and training strategy where the key roles within the company include KSA requirements that relate directly to safeguarding organizational data.
Additionally, it’s important for organizations to understand the most efficient and effective way to develop current employees to add value to their cybersecurity teams. TrainACE can help with that. We offer many training courses and certification preparation classes for roles contained within the NICE Framework. Contact TrainACE today to find out how we can help improve your organization’s cybersecurity team.