ITL's National Initiative for Cybersecurity Education Released Its Cybersecurity Workforce Framework

The national need for a common lexicon to describe and organize the cybersecurity workforce and requisite knowledge, skills, and abilities (KSAs) led to the creation of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework). The NICE Framework defines the spectrum of cybersecurity work as well as tasks and knowledge, skills, and abilities (KSAs) for over 50 common Work Roles. While the Work Roles have made the NICE Framework easier to associate to specific positions, they do not provide organizations with guidance on how to determine if a professional can perform a Work Role. This report provides capability indicators which are intended to help organizations address this challenge. Capability indicators are recommended education, certification, training, experiential learning, and continuous learning that could signal an increased ability to perform a given Work Role. Though capability indicators are not formal qualification requirements, they provide a menu of characteristics recommended by subject matter experts (SMEs) that should be customized by each organization based on need and incorporated into hiring and employee development efforts (e.g., recruiting, building career paths). Overarching findings pertaining to capability indicators across Work Roles and proficiency levels are also provided in this report.