Careers & People

01:50 PM
Steve Zurier
Steve Zurier
Connect Directly

The 7 Types Of Security Jobs, According To NIST

NIST's Cybersecurity Workforce Framework gives the security industry a way to classify specific specialty areas and work roles and identify a path for career growth.
1 of 8

Image Source:Pixabay

Image Source:Pixabay

Making sense of the complex. That’s what NIST’s National Initiative for Cybersecurity Education (NICE) aims to do in developing the draft NICE Cybersecurity Workforce Framework (NCWF).

Bill Newhouse, NICE deputy director and lead author of the draft document, said in developing the NCWF, NIST synthesized the diverse field of cybersecurity by identifying seven categories of job functions for security professionals.

Newhouse introduced the NCWF publicly for the first time last week at the 2016 NICE Conference and Expo in Kansas City. The goal of this year’s conference was for leaders in government, business, and academia to share best practices for growing the cyber workforce. 

Dark Reading's all-day virtual event Nov. 15 offers an in-depth look at myths surrounding data defense and how to put business on a more effective security path. 


“Nothing like the NCWF has ever existed before, primarily because security is a new field that has largely developed out of the intelligence and defense communities,” Newhouse said. “The NCWF can help an organization identify cybersecurity tasks within a work role that are vital to its mission and then examine if its current staff can perform those tasks and if not, hire staff who can.”

The NCWF also identifies the skills that security professionals need to develop and gives them a sense of what skills they need to add. In fact, terminology from the NCWF has been incorporated into two new online resources for the cybersecuruity field: the CyberSeek jobs map that graphically displays the nation’s cybersecurity job demand and availability; and the Career Pathway, which helps students and job seekers new to the field develop career plans.

“The NCWF gives the training groups like CompTIA and ISC2 a better idea of what they need to present to the workforce,” Newhouse said. “Plus a security professional can look at the list and realize that there are various skills they need to develop to get to the next level or a job they are interested in. The other big point is that all of this is presented in a common lexicon and format that everyone can agree on.”

The draft NCWF is now out for public comment until Jan. 6, 2017. Those who want to comment on the draft can download the template form.  

Read on to see NIST's seven categories of cybersecurity job functions.


Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

1 of 8
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/18/2016 | 1:19:50 PM
Re: ewangelia na dziś
It's actually a cool and useful piece of information. I am glad that you shared this helpful information with us. Please keep us informed like this. Thank you for sharing.
User Rank: Apprentice
11/18/2016 | 11:29:28 AM
Re: amazing
Excellent article plus its information and I positively bookmark to this site because here I always get an amazing knowledge as I expect.
User Rank: Apprentice
11/12/2016 | 10:10:34 AM
Thank you for this incredible information. It was very useful for me, I ll be looking forward your new posts. 
User Rank: Moderator
11/12/2016 | 5:05:18 AM
prayer times

I have a hard time describing my thoughts on content. but I really felt I should here. Your article is really great. I like the way you wrote this information.

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Pat Osborne, Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation Center,  3/12/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.