-Baseline capabilities,
-Identify skill gaps,
-Develop cybersecurity talent in the workforce, and
-Prepare the pipeline of future talent."
Thus, a workforce framework has been developed by NICE, a unit of the National Institute of Standards and Technology (NIST).
The seven NICE categories are:
1. Securely provision - conceptualizing, designing and building secure IT systems;
- Information assurance compliance
- Software engineering
- Enterprise architecture
- Technology Demonstration
- Systems requirements planning
- Test and evaluation
- Systems development.
2. Operate and maintain - the support, administration and maintenance necessary to ensure effective and efficient IT system performance and security;
- Data administration
- Information system security management
- Knowledge management
- Customer service and technical support
- Network services
- System administration
- Systems security analysis.
3. Protect and defend - the identification, analysis, and mitigation of threats to IT systems and networks;
- Computer network defense
- Incident response
- Computer network defense infrastructure support
- Security program management
- Vulnerability assessment and management.
- Investigation
- Digital forensics.
5. Operate and collect - the highly specialized collection of cybersecurity information that may be used to develop intelligence;
- Collection operations
- Cyber operations planning
- Cyber operations.
- Cyber threat analysis
- Exploitation analysis
- All source intelligence
- Targets.
- Legal advice and advocacy
- Strategic planning and policy development
- Education and training.
