Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

01:50 PM
Steve Zurier
Steve Zurier
Connect Directly

The 7 Types Of Security Jobs, According To NIST

NIST's Cybersecurity Workforce Framework gives the security industry a way to classify specific specialty areas and work roles and identify a path for career growth.
1 of 8

Image Source:Pixabay

Image Source:Pixabay

Making sense of the complex. That’s what NIST’s National Initiative for Cybersecurity Education (NICE) aims to do in developing the draft NICE Cybersecurity Workforce Framework (NCWF).

Bill Newhouse, NICE deputy director and lead author of the draft document, said in developing the NCWF, NIST synthesized the diverse field of cybersecurity by identifying seven categories of job functions for security professionals.

Newhouse introduced the NCWF publicly for the first time last week at the 2016 NICE Conference and Expo in Kansas City. The goal of this year’s conference was for leaders in government, business, and academia to share best practices for growing the cyber workforce. 

Dark Reading's all-day virtual event Nov. 15 offers an in-depth look at myths surrounding data defense and how to put business on a more effective security path. 


“Nothing like the NCWF has ever existed before, primarily because security is a new field that has largely developed out of the intelligence and defense communities,” Newhouse said. “The NCWF can help an organization identify cybersecurity tasks within a work role that are vital to its mission and then examine if its current staff can perform those tasks and if not, hire staff who can.”

The NCWF also identifies the skills that security professionals need to develop and gives them a sense of what skills they need to add. In fact, terminology from the NCWF has been incorporated into two new online resources for the cybersecuruity field: the CyberSeek jobs map that graphically displays the nation’s cybersecurity job demand and availability; and the Career Pathway, which helps students and job seekers new to the field develop career plans.

“The NCWF gives the training groups like CompTIA and ISC2 a better idea of what they need to present to the workforce,” Newhouse said. “Plus a security professional can look at the list and realize that there are various skills they need to develop to get to the next level or a job they are interested in. The other big point is that all of this is presented in a common lexicon and format that everyone can agree on.”

The draft NCWF is now out for public comment until Jan. 6, 2017. Those who want to comment on the draft can download the template form.  

Read on to see NIST's seven categories of cybersecurity job functions.


Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

1 of 8
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/18/2016 | 1:19:50 PM
Re: ewangelia na dziś
It's actually a cool and useful piece of information. I am glad that you shared this helpful information with us. Please keep us informed like this. Thank you for sharing.
User Rank: Apprentice
11/18/2016 | 11:29:28 AM
Re: amazing
Excellent article plus its information and I positively bookmark to this site because here I always get an amazing knowledge as I expect.
User Rank: Apprentice
11/12/2016 | 10:10:34 AM
Thank you for this incredible information. It was very useful for me, I ll be looking forward your new posts. 
User Rank: Moderator
11/12/2016 | 5:05:18 AM
prayer times

I have a hard time describing my thoughts on content. but I really felt I should here. Your article is really great. I like the way you wrote this information.

Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Artist Uses Malware in Installation
Dark Reading Staff 5/17/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-05-20
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
PUBLISHED: 2019-05-20
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web r...
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
PUBLISHED: 2019-05-17
Typora (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.