Proposal: A career path for federal cybersecurity pros

Responding to the lack of a consistent definition for cybersecurity jobs and their skill sets, an interagency workforce education group has proposed a framework to help provide a path for professional development in government for this increasingly critical area.

“The absence of a common language to discuss and understand the work and skill requirements of cybersecurity professionals hinders our nation’s ability to baseline capabilities, identify skill gaps, develop cybersecurity talent in the current workforce, and prepare the pipeline of future talent,” according to the Cybersecurity Workforce Framework released for public comment.

The framework, created by the interagency National Initiative on Cybersecurity Education, organizes cybersecurity jobs into specific areas and includes the responsibilities and required skills for each.

Cybersecurity is a recent and rapidly developing specialty in government, which does not fit into the standard occupations, job titles, position descriptions, and federal job classification and grading systems managed by the Office of Personnel Management. This has made identifying, educating, recruiting and retaining this workforce a challenge for many agencies.

The demand for cybersecurity professionals is estimated to grow to 2.5 million new workers by 2015, and government will have to compete with the private sector for skilled workers. NICE, an interagency program coordinated by the National Institute of Standards and Technology, is an effort to increase cybersecurity awareness in general, promote education from primary grades through university level, and improve workforce development.

The framework provides a working taxonomy intended to fit into an organization’s existing occupational structure in both the public and private sectors. It is based on information gathered from federal agencies over two years of surveys and workshops by OPM, a Defense Department study of the cybersecurity workforce, and a study by the Federal CIO Council.

Jobs are organized into seven high-level categories, grouping together work and workers that share common functions. The categories, together with included specialty areas, are:

Securely provision, which includes the conceptualization, design and building of secure IT systems:

  • Information assurance compliance.
  • Software engineering.
  • Enterprise architecture.
  • Technology demonstration.
  • Systems requirements planning.
  • Testing and evaluation.
  • Systems development.
Operate and maintain, which includes the support, administration and maintenance needed to ensure performance and security:
  • Data administration.
  • Information system security management.
  • Knowledge management.
  • Customer service and technical support.
  • Network services.
  • System administration.
  • Systems security analysis.
Protect and defend, which includes identification, analysis and mitigation of threats:
  • Computer network defense.
  • Incident response.
  • Computer network defense infrastructure support.
  • Security program management.
  • Vulnerability assessment and management.
Investigate security incidents, breaches and crimes:
  • Investigation.
  • Digital forensics.
Operate and collect cybersecurity information that could be used to develop intelligence:
  • Collections operations.
  • Cyber operations planning.
  • Cyber operations.

Analyze, which includes the review and evaluation of incoming information to determine its usefulness for intelligence:

  • Cyber threat analysis.
  • Exploitation analysis.
  • All source intelligence.
  • Targets.

Support to others conducting cybersecurity work:

  • Legal advice and advocacy.
  • Strategic planning and policy development.
  • Education and training.
Other framework documents available online provide more information on the job titles, tasks, knowledge and skills needed in each specialty area.

Comments on the framework are due by Dec. 16. Links to all of the framework documents as well as to a template for comments are available at

About the Author

William Jackson is a Maryland-based freelance writer.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected