9 Key Cybersecurity Roles for Government

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

At first glance, the list of roles looks like those for traditional IT jobs - system administration, programming, technical writing - but the nine key skills categories proposed by the Commission on Cybersecurity for the 44th Presidency involve the know-how needed to build a highly qualified information security workforce.

"When we talk about cybersecurity professionals, we're not necessarily talking about people who are typically identified as cybersecurity types," said Frank Reeder, a former Office of Management and Budget executive who with Karen Evans, a top IT official in the Bush White House, coauthored the white paper, A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters, issued this week by the commission.

The white paper identified the nine key IT security roles as:

• System administration: client systems and servers;
• Network administration and network security operations;
• Security assessment, security auditing and information assurance;
• Threat analysis, intrusion and data analysis, intelligence and counter intelligence;
• Forensics investigation;
• Programming;
• Technical writing;
• Security architecture and engineering; and
• Information security and incident management.

"Systems administrators, network administrators, those who write code are typically not identified as cybersecurity types," Reeder said in an interview Tuesday. "But what they do or the manner in which they do it is critical both to deploying technology that is to the extent that we can make it safe and given that there is no such thing as absolutely safe technology, having the skills necessary to protect it and defend it and ultimately recover when bad stuff happens because bad stuff will happen."

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

The Federal Chief Information Officers Council and the Office of Personnel Management, as well as other organizations, are working to develop occupational classes for cybersecurity professionals, and the commission recommendations are aimed at identifying the key roles in cybersecurity, the functions they perform and the specific skills - including requisite training and education - required to do those jobs.

Occupational classifications for IT security within government would help simplify recruiting - recruiters would know the specific expertise to seek - and facilitate training by defining what skills need to be developed. Today, most cybersecurity professionals are classified as information technology specialists.

"Because cybersecurity work is performed in many different positions and places throughout the federal government, it is not easy to identify them by looking solely at job titles or organization charts," John Berry, director of the Office of Personnel Management, said last November when he unveiled the government's IT security classification initiative.

By reaching a consensus on the roles and requisite skills, the commission report says, educators would have a much better understanding of the labor market their graduates will enter, purchasers of cybersecurity services could more clearly specify the qualifications they seek from service providers and the sometimes confusing regime of professional certifications programs could reflect the needs of potential employees.