The road to a cybersecurity career begins with a discovery of the various roles available. There are a diverse set of cybersecurity roles. Knowing what roles exist and which suit your skills and interests, provides you a goal to work towards as you transition to the Self-Education Phase of the Roadmap to a Cybersecurity Career.
The NICE Cybersecurity Workforce Framework is a very helpful resource to get an introduction to the wide breadth of specialties and roles in cybersecurity. The Framework’s 33 Specialty Areas and 52 Work Roles are grouped into seven high-level Categories of common cybersecurity functions. These Categories are:
Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
Collect and Operate
Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence.
Operate and Maintain
Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security.
Oversee and Govern
Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.
Protect and Defend
Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.
Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development.
What Specialty Areas would be interesting for cybersecurity aspirants? Here are a few highlights:
Cyber Defense Analysis
Vulnerability Assessment and Management
Program/Project Management (PMA) and Acquisition
Legal Advice and Advocacy
While it’s a helpful resource, the NICE Cybersecurity Workforce Framework does have a bit of a federal government agency flavor to it. (There’s not much demand for Exploitation Analysts in private security.) It is a great starting point though.
You have to do your homework into cybersecurity specialties and roles. Getting a feel for the types of specialities is key. Once you better understand your cybersecurity interests, you can determine what to study.