9 Key Cybersecurity Roles for Government

Traditional IT Skills Evolve into Needed IT Security Know-How
9 Key Cybersecurity Roles for Government
At first glance, the list of roles looks like those for traditional IT jobs - system administration, programming, technical writing - but the nine key skills categories proposed by the Commission on Cybersecurity for the 44th Presidency involve the know-how needed to build a highly qualified information security workforce.

"When we talk about cybersecurity professionals, we're not necessarily talking about people who are typically identified as cybersecurity types," said Frank Reeder, a former Office of Management and Budget executive who with Karen Evans, a top IT official in the Bush White House, coauthored the white paper, A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters, issued this week by the commission.

The white paper identified the nine key IT security roles as:

  • System administration: client systems and servers;
  • Network administration and network security operations;
  • Security assessment, security auditing and information assurance;
  • Threat analysis, intrusion and data analysis, intelligence and counter intelligence;
  • Forensics investigation;
  • Programming;
  • Technical writing;
  • Security architecture and engineering; and
  • Information security and incident management.

"Systems administrators, network administrators, those who write code are typically not identified as cybersecurity types," Reeder said in an interview Tuesday. "But what they do or the manner in which they do it is critical both to deploying technology that is to the extent that we can make it safe and given that there is no such thing as absolutely safe technology, having the skills necessary to protect it and defend it and ultimately recover when bad stuff happens because bad stuff will happen."

The Federal Chief Information Officers Council and the Office of Personnel Management, as well as other organizations, are working to develop occupational classes for cybersecurity professionals, and the commission recommendations are aimed at identifying the key roles in cybersecurity, the functions they perform and the specific skills - including requisite training and education - required to do those jobs.

Occupational classifications for IT security within government would help simplify recruiting - recruiters would know the specific expertise to seek - and facilitate training by defining what skills need to be developed. Today, most cybersecurity professionals are classified as information technology specialists.

"Because cybersecurity work is performed in many different positions and places throughout the federal government, it is not easy to identify them by looking solely at job titles or organization charts," John Berry, director of the Office of Personnel Management, said last November when he unveiled the government's IT security classification initiative.

By reaching a consensus on the roles and requisite skills, the commission report says, educators would have a much better understanding of the labor market their graduates will enter, purchasers of cybersecurity services could more clearly specify the qualifications they seek from service providers and the sometimes confusing regime of professional certifications programs could reflect the needs of potential employees.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.