Careers & People

11/8/2016
01:50 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

The 7 Types Of Security Jobs, According To NIST

NIST's Cybersecurity Workforce Framework gives the security industry a way to classify specific specialty areas and work roles and identify a path for career growth.
Previous
1 of 8
Next

Image Source:Pixabay

Image Source:Pixabay

Making sense of the complex. That’s what NIST’s National Initiative for Cybersecurity Education (NICE) aims to do in developing the draft NICE Cybersecurity Workforce Framework (NCWF).

Bill Newhouse, NICE deputy director and lead author of the draft document, said in developing the NCWF, NIST synthesized the diverse field of cybersecurity by identifying seven categories of job functions for security professionals.

Newhouse introduced the NCWF publicly for the first time last week at the 2016 NICE Conference and Expo in Kansas City. The goal of this year’s conference was for leaders in government, business, and academia to share best practices for growing the cyber workforce. 

Dark Reading's all-day virtual event Nov. 15 offers an in-depth look at myths surrounding data defense and how to put business on a more effective security path. 

 

“Nothing like the NCWF has ever existed before, primarily because security is a new field that has largely developed out of the intelligence and defense communities,” Newhouse said. “The NCWF can help an organization identify cybersecurity tasks within a work role that are vital to its mission and then examine if its current staff can perform those tasks and if not, hire staff who can.”

The NCWF also identifies the skills that security professionals need to develop and gives them a sense of what skills they need to add. In fact, terminology from the NCWF has been incorporated into two new online resources for the cybersecuruity field: the CyberSeek jobs map that graphically displays the nation’s cybersecurity job demand and availability; and the Career Pathway, which helps students and job seekers new to the field develop career plans.

“The NCWF gives the training groups like CompTIA and ISC2 a better idea of what they need to present to the workforce,” Newhouse said. “Plus a security professional can look at the list and realize that there are various skills they need to develop to get to the next level or a job they are interested in. The other big point is that all of this is presented in a common lexicon and format that everyone can agree on.”

The draft NCWF is now out for public comment until Jan. 6, 2017. Those who want to comment on the draft can download the template form.  

Read on to see NIST's seven categories of cybersecurity job functions.

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/18/2016 | 1:19:50 PM
Re: ewangelia na dziś
It's actually a cool and useful piece of information. I am glad that you shared this helpful information with us. Please keep us informed like this. Thank you for sharing.
ClaireEllison
50%
50%
ClaireEllison,
User Rank: Apprentice
11/18/2016 | 11:29:28 AM
Re: amazing
Excellent article plus its information and I positively bookmark to this site because here I always get an amazing knowledge as I expect.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/12/2016 | 10:10:34 AM
Re:
Thank you for this incredible information. It was very useful for me, I ll be looking forward your new posts. 
Lily652
100%
0%
Lily652,
User Rank: Moderator
11/12/2016 | 5:05:18 AM
prayer times

I have a hard time describing my thoughts on content. but I really felt I should here. Your article is really great. I like the way you wrote this information.

5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.