NIST-NICE Framework

CYBERSECURITY WORKFORCE FRAMEWORK

The NICE Framework (NIST SP 800-181) is a lexicon of categories and work roles, with statements that describe tasks, knowledge, and skills (TKSs) providing a foundation for cybersecurity work.

NICE Framework: How it’s organized

The NICE Framework aims to facilitate the exchange in communication of cybersecurity work across organizations, at a peer level, sector level, national level, or international level.

The two main concepts of the NICE Framework are:

Blue box with "THE WORK" text
Turquoise box with "THE LEARNER" text

The cybersecurity work is referred to as Task statements and describes Knowledge and Skills statements that provide a foundation for learners including self-starters, students, job seekers, and employees.

 

NICE Framework Diagram
CyberKnights Data Visualization, Tree Diagram of the NIST NICE Framework
Ex. NICE Framework Tree Diagram in CyberKnights portal

NICE Cybersecurity Categories

Categories provide the overarching organizational structure of the NICE Framework. There are seven Categories and all are composed of Work Roles. This organizational structure is based on extensive job analysis, which group together work and workers that share common major functions, regardless of job titles or other occupational terms.

  • Securely ProvisionSecurely Provision
  • Operate & MaintainOperate & Maintain
  • Oversee & GovernOversee & Govern
  • Protect & DefendProtect & Defend
  • AnalyzeAnalyze
  • Collect & OperateCollect & Operate
  • InvestigateInvestigate
cybersecurity work roles

Cybersecurity Work Roles

Work roles are the most detailed groupings of cybersecurity and related work which include a list of attributes required to fulfill that role in the form of Tasks, Knowledge, and Skills (TKSs) performed in that role.

Cybersecurity TKSs

cybersecurity tasks icon

Tasks – is a specified defined piece of work that, combined with other identified Tasks, composes the work in a specific speciality area or work role.

cybersecurity knowledge icon

Knowledge – is a body of information applied directly to the performance of a function.

cybersecurity skills icon

Skills – needed for cybersecurity rely less on physical manipulation of tools and instruments and more on applying tools, frameworks, processes and controls that have an impact on the cybersecurity posture of an organization or individual.

Utilizing the NICE Framework for Employers, Individuals & Educators

Employers

The use of the NICE Framework’s common lexicon enables employers to inventory and develop their cybersecurity workforce. CyberKnights enables employers and organizational leadership to:

  • Establish a shared terminology between hiring managers and human resource staff for recruiting, retention, and trainings
  • Inventory and track their cybersecurity workforce to gain a greater understanding of the strengths and gaps in TKSs performed;
  • Identify training and qualification requirements to develop TKSs;
  • Improve position description and job vacancy announcements by selected relevant TKSs by for an existing employee or candidate for automatic match;
  • Identify the most relevant work roles and develop career paths to guide staff in gaining requisite skills for each role

Using the CyberKnights online platform, employers looking for cybersecurity talent can match with the exact talent they need based on the NICE framework. Cybersecurity recruiting is made easy as employers can quickly match with individuals of specific talents to provide the cybersecurity intellect that their company needs.

More on NICE Framework Skills Gap Matching

Individuals

The NICE Framework supports those in the cybersecurity field, and those who might wish to enter the cybersecurity field, to explore tasks within cybersecurity categories and work roles. The framework also assists those who support these workers, such as human resource staffing specialists and guidance counselors, to help job seekers and students understand the cybersecurity work roles and which associated TKSs are being valued by employers for in-demand cybersecurity jobs and positions.

CyberKnights leverages the NICE Framework’s common lexicon to provide clear and consistent descriptions of jobs and automatically matches the needs of the employer to what the individual has. Leveraging CyberKnights as a means to upskill and/or reskill is an important feature to making yourself more marketable within cybersecurity. CyberKnights also enables an individual to create a career map that helps keep them focused on their goals and how to achieve them.

More on NICE Framework Cybersecurity Career Development

Educators and Training Providers

The NICE Framework provides a reference for educators to develop cybersecurity curriculum, certificate or degree programs, training programs, courses, seminars, and exercises or challenges that cover the TKSs described in the NICE Framework. Human resource staffing specialists and guidance counselors can also use the NICE Framework as a resource for cybersecurity career exploration.

Within CyberKnights, cybersecurity professors can understand their student TKSs and realize how their cybersecurity curriculum supports the student. This enables professors to look at future course development or a modification of existing courseware. CyberKnights helps to connect cybersecurity academics with cybersecurity training providers in order to support collaboration and increase classroom enrollment. CyberKnights also helps students obtain high-paying job opportunities before, during, or after their education is complete, making the job searching process easier.

More on NICE Framework Curriculum & Training Alignment

Frequently Asked Questions

Why should I use CyberKnights?

CyberKnights uniquely leverages the NICE Framework for talent assessment, recruiting, development, and retention. One of the key components of CyberKnights is that it is an online platform that supports an individual’s career from beginning-to-end. It also enables the employer and educational provider to focus on talent ability to increase in K&Ss over time and to progress within the cybersecurity workforce. CyberKnights is specially designed to support Cybersecurity and IT professionals.

I work in IT, can CyberKnights help me?

Yes. CyberKnights is inclusive of IT related K&S. Register today to learn more.

Can Human Resources use CyberKnights?

Yes, human resource workers can leverage CyberKnights to understand the existing talent K&S and to post open job vacancies.

How does CyberKnights help me identify a cybersecurity education provider?

CyberKnights has a list of education and training providers which includes the courses that they offer. You can review these opportunities to determine which one is the best fit for you and/or your organization.

What cybersecurity certifications should I take or obtain?

CyberKnights gives individuals and employers the ability to look at the certifications that an employee is most likely to pass based on existing K&S. Register with CyberKnigths to learn these features.

How do employers use CyberKnights?

Employers can utilize CyberKnights for a variety of functions, such as talent assessment and identification of development opportunities which result in higher retention rates. Contact CyberKnights for a demonstration today.

Can I find a job within CyberKnights?

Yes, once you establish a profile in CyberKnights you will be able to see the available jobs and necessary information that pertains to each job. Employers use the NICE Framework to post the jobs and the K&S that are required.

Why is the NICE Framework important?

It provides a common lexicon which helps to provide clear and consistent descriptions of the cybersecurity workforce.