This curriculum guide has been structured to provide a role-based perspective based on cyber security curriculum learning requirements and outcomes that contribute to specific technical and non-technical organizational roles. Illustrated below in Figure 2, the role-based model categorizes cyber security workforce roles into four main functions based on desired knowledge and skills without neglecting adjacent and contributing work.
Figure 2: Cyber Security Roles and Specializations
Figure 3 - Description
The figure contains a circle divided into four quadrants, each with a label. In the middle of the circle there are two curved arrows signifying that all quadrants are linked. Each quadrant partially overlaps a box that includes a description of the label. The labels and descriptions are as follows:
- Govern and Support: Specialty roles responsible for providing management, direction, and support to ensure the organization conducts effective cyber security work
- Protect and Defend: Specialty roles responsible for detecting, preventing, responding to, and recovering from cyber security incidents and threats
- Design and Develop: Specialty roles responsible for developing, securing, and testing hardware, software, networks, and systems, through a product’s life cycle
- Operate and Maintain: Specialty roles responsible for administration, maintenance, and support to ensure effective and efficient performance and cyber security
As cyber security is an interdisciplinary course of study, both computer-based and business-oriented disciplines are part of this guide’s focus in an attempt to provide a more comprehensive understanding of the cyber security workforce field. The majority of the non-technical cyber security related workforce roles are grouped under the Govern and Support function as the positions primarily involve decision making and governance. The technical workforce roles and specializations are grouped under the other three functions as they are more computer-based professions. These functions are guided by an appropriate level of leadership and extend into specializations that often require additional task-based training and expertise within the work area to become proficient. Some of these technical and non-technical roles, however, can overlap with roles within the other functions, particularly where key functional proficiencies are required. Individuals from other domains who have the experience may fill these workforce roles.
Those familiar with the NICE Cybersecurity Workforce Framework will note that there are many commonalities in specialized tasks, knowledge, and skills. This guide is focused only on cyber security elements, without reference to other common technical and non-technical curriculum. Additionally, this guide provides common proficiencies that should be included in the development of cyber security practitioners intended to support organizational security requirements.
3.1 Cyber Security Workforce Roles
3.1.1 Govern and Support
The cyber security workforce roles within the Govern and Support function (Table 1) are responsible for providing management, direction, and support to ensure an organization conducts effective cyber security work. The roles range from entry-level, to intermediate, to advanced, often requiring a significant amount of education, training, and work experience. Each of the workforce roles is explained in further detail in the tables under the Govern and Support section.
Table 1: Govern and Support Roles
3.1.2 Protect and Defend
The cyber security workforce roles within the Protect and Defend function (Table 2) are responsible for detecting, preventing, responding to, and recovering from cyber incidents and threats. The roles range from entry-level, to intermediate, to advanced, often requiring a significant amount of education, training and work experience. Each of the workforce roles is explained in further detail in the tables under the Protect and Defend section.
Table 2: Protect and Defend Roles
|Incident Response||Cyber Security Incident Responder/Handler|
|Digital Forensics||Digital Forensics Analyst|
3.1.3 Operate and Maintain
The cyber security workforce roles within the Operate and Maintain function (Table 3) are responsible for the administration, maintenance, and support to ensure effective and efficient performance and cyber security. The roles range from entry-level, to intermediate, to advanced, often requiring a significant amount of education, training and work experience. Each of the workforce roles is explained in further detail in the tables under the Operate and Maintain section.
Table 3: Operate and Maintain Roles
|Systems and Networks||
|Technical Support||Technical Support Specialist|
3.1.4 Design and Develop
The cyber security workforce roles within the Design and Develop function (Table 4) are responsible for developing, securing, testing, and integrating hardware, software, and systems throughout a product’s life cycle. The roles range from entry-level, to intermediate, to advanced, often requiring a significant amount of education, training and work experience. Each of the workforce roles is explained in further detail in the tables under the Design and Develop section.
Table 4: Design and Develop Roles
|Architecture and Engineering||
|Research and Development, Testing and Evaluation||
|Systems and Software Development||
3.2 Core Curriculum Topics
The curriculum for technical workforce roles assumes that individuals have technical education, training and/or experience within a cyber or IT related field, and that fundamental knowledge requirements of IT systems/software and networks have been met.
For those participants with limited or no technical background, they should be provided opportunities to attain a basic knowledge of the following:
- Data analysis;
- Scripting or introductory programming;
- Cyber defence;
- Cyber threats;
- Fundamental security design principles;
- IT system components;
- Networking concepts;
- System administration;
- Security approaches and models;
- Security management frameworks;
- Vulnerability management;
- Communications protocols, Internet security protocols, directory standards;
- Cloud computing and virtualization technologies;
- Network architecture and enterprise architecture models; and
- System and/or software development lifecycle, software development processes.
In general, a basic knowledge of the following is required for all technical and non-technical practitioners. The depth of understanding will vary for roles, depending on the business or organization:
- Cyber threat context (including class of attack (active, passive, insider); type of cyber threat; type of cyber actors and their tactics, techniques, and procedures (TTPs);
- Legal, policy, ethics and compliance related to cyber security and privacy;
- Cyber security risk management processes;
- Cyber security incident management – incident response and mitigation;
- Cyber security processes, technology, trends, and emerging issues;
- Sources of cyber security expertise and resources;
- Business continuity and disaster recovery; and
- Research, analysis and reporting.
3.3 Role-Based Curriculum Component Structure
Each of the role-based cyber security curriculum components provides:
- Role-based title;
- Basic job description;
- Cyber security related tasks;
- Commonly requested education, training and work experience;
- Primary training requirements – learning outcomes; and
- Key proficiencies.
Requirements for specific roles are identified in the tables that follow in the next section.