Proposal: A career path for federal cybersecurity pros

Responding to the lack of a consistent definition for cybersecurity jobs and their skill sets, an interagency workforce education group has proposed a framework to help provide a path for professional development in government for this increasingly critical area.

“The absence of a common language to discuss and understand the work and skill requirements of cybersecurity professionals hinders our nation’s ability to baseline capabilities, identify skill gaps, develop cybersecurity talent in the current workforce, and prepare the pipeline of future talent,” according to the Cybersecurity Workforce Framework released for public comment.

The framework, created by the interagency National Initiative on Cybersecurity Education, organizes cybersecurity jobs into specific areas and includes the responsibilities and required skills for each.

Cybersecurity is a recent and rapidly developing specialty in government, which does not fit into the standard occupations, job titles, position descriptions, and federal job classification and grading systems managed by the Office of Personnel Management. This has made identifying, educating, recruiting and retaining this workforce a challenge for many agencies.

The demand for cybersecurity professionals is estimated to grow to 2.5 million new workers by 2015, and government will have to compete with the private sector for skilled workers. NICE, an interagency program coordinated by the National Institute of Standards and Technology, is an effort to increase cybersecurity awareness in general, promote education from primary grades through university level, and improve workforce development.

The framework provides a working taxonomy intended to fit into an organization’s existing occupational structure in both the public and private sectors. It is based on information gathered from federal agencies over two years of surveys and workshops by OPM, a Defense Department study of the cybersecurity workforce, and a study by the Federal CIO Council.

Jobs are organized into seven high-level categories, grouping together work and workers that share common functions. The categories, together with included specialty areas, are:

Securely provision, which includes the conceptualization, design and building of secure IT systems:

  • Information assurance compliance.
  • Software engineering.
  • Enterprise architecture.
  • Technology demonstration.
  • Systems requirements planning.
  • Testing and evaluation.
  • Systems development.
Operate and maintain, which includes the support, administration and maintenance needed to ensure performance and security:
  • Data administration.
  • Information system security management.
  • Knowledge management.
  • Customer service and technical support.
  • Network services.
  • System administration.
  • Systems security analysis.
Protect and defend, which includes identification, analysis and mitigation of threats:
  • Computer network defense.
  • Incident response.
  • Computer network defense infrastructure support.
  • Security program management.
  • Vulnerability assessment and management.
Investigate security incidents, breaches and crimes:
  • Investigation.
  • Digital forensics.
Operate and collect cybersecurity information that could be used to develop intelligence:
  • Collections operations.
  • Cyber operations planning.
  • Cyber operations.

Analyze, which includes the review and evaluation of incoming information to determine its usefulness for intelligence:

  • Cyber threat analysis.
  • Exploitation analysis.
  • All source intelligence.
  • Targets.

Support to others conducting cybersecurity work:

  • Legal advice and advocacy.
  • Strategic planning and policy development.
  • Education and training.
Other framework documents available online provide more information on the job titles, tasks, knowledge and skills needed in each specialty area.

Comments on the framework are due by Dec. 16. Links to all of the framework documents as well as to a template for comments are available at

About the Author

William Jackson is a Maryland-based freelance writer.


  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.