We at Pluralsight have seen an increase among both US public sector and global private sector companies utilizing the NIST National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (commonly referred to as the NICE Framework) to define their work roles in the information and cybersecurity sector. For many years there has been no single, agreed-upon, global source for organizations to assess their cybersecurity workforces, identify critical gaps in cybersecurity staffing, identify training needs, and improve job descriptions and requirements for recruitment. The mission of NICE is to “energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development," according to its website.
The NICE Cybersecurity Workforce Framework, as seen in the NIST Special Publication 800-181, is a resource that categorizes and describes cybersecurity work. It establishes a common lexicon that can be used to describe cybersecurity work, regardless of where or for whom the work is performed.
The first version of the NICE Framework was published in 2012, and at that time it had been built to provide a standard for roles within the federal government. The 2014 version included input from the private sector, however, the current version published in 2017 had a goal of emphasizing private sector applicability. The Special Publication explains that the NICE Framework is comprised of the following components:
Categories (7) – A high-level grouping of common cybersecurity functions
Specialty Areas (33) – Distinct areas of cybersecurity work
Work Roles (52) – The most detailed groupings of cybersecurity work comprised of specific knowledge, skills, and abilities (KSAs) required to perform tasks in a work role
Capability Indicators – A combination of education, certification, training, experiential learning, and continuous learning attributes that could indicate a greater likelihood of success for given work role
Using the components of the NICE Framework not only helps organizations to document the constituent parts of a role, it also provides clarity about what someone performing that role will be required to know and do. The Special Publication calls out the following use cases:
At Pluralsight, we are in the process of creating content for a new role profile: a Digital Forensic Analyst. This role has been created utilizing the NIST NICE Cybersecurity Workforce Framework knowledge, skills, abilities (KSAs), and tasks outlined in the Cyber Defense Forensics Analyst work role (IN-FOR-002). The role also maps to the KSAs and tasks outlined in the DoD Cyber Workforce Framework (DCWF) Cyber Defense Forensics Analyst work role (ID: 212).
The Pluralsight role will consist of three compulsory skills and one optional skill. The first skill can be seen here: Digital Forensics: Foundations. This will contain six courses, three of which have been published to date. The remaining courses and skills await production.
To enable learners to better understand the constituent parts of the role, skills, and courses, we have produced a visualization. To assist we have overlaid the KSA & T identification numbers for reference.
We are also in the process of completing a second role: Cyber Crime Investigator IN-INV-001 (DCWF Work Role ID: 221). In this role, the post holder identifies, collects, examines, and preserves evidence using controlled and documented analytical and investigative techniques. This role and the related courses will be coming soon.
Additional resources for the NICE Cybersecurity Workforce Framework can be found here: