Skip to content

Defining Cybersecurity Career Baselines & Roadmap in your Career or Company



From a cybersecurity workforce development perspective, I recommend understanding the business needs; from there, you can map out the cybersecurity skills needed to accomplish those requirements. Start with dissecting the Knowledge, Skills & Abilities (KSAs) required to deliver the needed business outcomes, and it provides you with a great way to help manage, measure, and plan the growth of your team. Taking advantage of the great work performed by others, I usually recommend that others consider using the NIST NICE Framework as a guide to mapping these skills. NICE Framework allows companies to understand the needed KSAs for their current roles and how they can find them within their existing teams or if they need to recruit outside for them.

NICE Framework Provides Resource for a Strong Cybersecurity Workforce KANSAS CITY, Mo.-The U.S. Commerce Department's National Institute of Standards and Technology ( NIST) released a…

Starting with a framework, like the NIST NICE Workforce development tool (, which according to the website, “takes the guesswork out of using the NICE Framework — simply answer questions about each cybersecurity-related position, and the tool will show you how each position aligns to the NICE Framework and what can be done to strengthen your cybersecurity team” is an easy step to getting started with the Framework. The tool asks you to select one of the high-level categories, the job descriptions, add job statements, any functional areas that it might align with, and some of the KSAs needed by the position. This tool was created for creating federal job descriptions and provides an excellent foundation for the private sector.

By looking at its elements, let’s go into more detail about how this was designed to work. The Framework ( works by dissecting the work role into a set of knowledge skills and abilities based on the various tasks that need to be completed. As a hiring manager, if you could break out all the functions required to describe the work and what the learner needs, you should be able to assess the knowledge, skills, and abilities of your needed workforce. NICCS has already done much of the hard work for you by splitting rolls up into categories, specialty areas, and specific work roles. More details can be found here ( and you use ( the nice framework_pdf.pdf?trackDocs=using the nice framework_pdf.pdf) as a how-to guide. For those who like to automate, you can visit this site (, and it has the framework data in an Excel sheet and JSON file. With this, you have the basic foundation of what’s needed for your job descriptions and understand how the roles can be mapped out in your organization’s cyber security practice. You can also use this to assess your current workforce and how their KSAs align with the business needs and potentially the roles you need to fill.

Understanding your staff’s current level is the start of their career journey within your cyber organization. From there, you want to ensure that you can develop a strategic pipeline that allows them to grow and your organization to have the needed skills and leadership within it as these resources mature. NICCS also develop a road mapping tool that allows for the development of career paths across the 52 different NICE Framework work roles ( This road mapping tool can be used to plan and project the needed KSAs for resources as they grow from one position to another within the organization. It allows for the intended measurement of progress for resources in your organization. Having a defined growth path and promoting resources that have achieved the needed KSAs to get to the next level helps encourage staff loyalty and longevity.

This provides the foundation to identify and recruit the skillsets to your security program to deliver on business objectives successfully.



12 Rules For Life, by Jordan Peterson

In order to help us better deal with the realities of the world we live in, Jordan Peterson gives us his 12 Rules For Life.

Click here to view this summary.


Blog comments