Defining Infosec Jobs: A Helpful Tool

Framework Could Aid Organizations in Making Hiring Decisions

By , December 3, 2011.
Defining Infosec Jobs: A Helpful Tool

A proposed cybersecurity workforce framework by NICE represents a consensus of government thought on how best to define IT jobs, skills and tasks. While these definitions don't need to be agreed upon and followed by all, NICE's Ernest McDuffie says, the framework can serve as a helpful tool for organizations that may need assistance deciding what competencies are relevant for their enterprise.

See Also: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

"The goal here is for this to be a living document that ... would help the entire field as a whole to have these well-defined competencies laid out to have as many people as possible mapped to them in terms of training and curriculum development and academia," McDuffie, lead of the interagency National Initiative for Cybersecurity Education, says in an interviewwith Information Security Media Group's Eric Chabrow (transcript below).

Ultimately, McDuffie says, the framework is intended to be a guideline to aid organizations that are trying to make decisions on how to invest in cybersecurity (see 7 Key Infosec Occupation Categories).

"How do you measure the amount of money and funds that are being spent on this kind of nebulous enterprise of security in cyberspace," he says. "What all goes into that, and how do you make some kind of return-on-investment calculation?"

McDuffie, in the interview, discusses how the framework:

  • Can serve as a guideline to measure IT security investments.
  • Will evolve over the years as cybersecurity challenges evolve.
  • Could be used by individuals to map out their IT security careers.

NICE (see NICE: Fed's Cyber Education Initiative) is accepting public comments on the draft, which can be submitted by Dec. 16 through the framework's website.

Before being tapped last year to lead NICE, McDuffie served as associate director of the National Coordination Office for Networking and Information Technology Research and Development, a federal agency that supports the planning, budget and assessment activities for advanced information technologies such as computing, networking and software.

McDuffie received his Ph.D. and master degree in computer science from the Florida Institute of Technology.

NICE: Fed's Cyber Education Initiative

ERIC CHABROW: First off, please take a few moments to tell us a bit about NICE?

ERNEST MCDUFFIE: The previous administration started a thing called CNCI, Comprehensive National Cybersecurity Initiative. That was a federally focused, mostly classified, internally looking activity that was looking at all things cyber across the federal government. When the new administration came on board, it looked at that program and liked what it saw. They liked it so much in fact that it felt it needed to be expanded. It turned into a national initiative instead of an internal, federally focused one. Certainly all the things that we were doing internally we continue. Now we're just broadening them to take in the rest of country as well. There were 12 initiatives under CNCI. Initiative eight was the education initiative. NICE has inherited all things that were under CNCI 8, and the name reflects that it's turned it into a national initiative now for cybersecurity education. You want to take the word education very broadly because in fact we're interested in more than just formal education. We're also interested in cybersecurity awareness, the workforce structure, training and the professionalization of the workforce as well.

Cybersecurity Workforce Framework

CHABROW: I looked over the framework and it's quite impressive. I haven't seen such a detailed description of IT security job skills and responsibilities almost anywhere. What is the objective of the draft document and what should it lead to?

MCDUFFIE: There were a couple of objectives. Those listeners who are familiar with what's been happening inside federal government for the past few years ... have been aware that there has been a number of surveys, workshops, study groups that are focused on the workforce, trying to define what the workforce is for specific agents. There have been efforts headed up by the Office of Personnel Management, the Federal CIO Council and the Department of Defense, just to name a few. Those three groups were probably the major efforts that have gone on over the last couple of years.

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE RSA Conference: Talking Intelligence

Threat intelligence and information sharing - the quickly emerged as dominating topics at RSA...

Latest Tweets and Mentions

ARTICLE RSA Conference: Talking Intelligence

Threat intelligence and information sharing - the quickly emerged as dominating topics at RSA...

The ISMG Network