Ready to Start Your Career?

Using the NICE Framework for Early Career Planning

Jay James's profile image

By: Jay James

June 9, 2020

Getting Started

"The secret of getting ahead is getting started" – Mark Twain.

The problem, for many starting in the cybersecurity field, is knowing where to start. Thousands of blog posts, articles, websites, and videos of the vast realm of cybersecurity careers can quickly become overwhelming.

There are three high-level steps to help quiet the noise and create a starting point:

Step 1: Know all your career options
Step 2: Understand what skills and knowledge areas are needed to be successful in a chosen specialization
Step 3: Begin learning those skills and building a growth plan to reach your end goal

One of the best tools available to accomplish this is the NICE Workforce Framework by the National Institute of Standards and Technology (NIST).

What is the NICE Workforce Framework?

The NICE (National Initiative for Cybersecurity Education) Cybersecurity Workforce Framework has one goal: to categorize, organize, and describe the work of cybersecurity professionals. By doing so, those who are in, or contribute to, the industry can better talk about the skills and experiences needed for the various roles.

The NICE Workforce Framework breaks down into seven workforce categories:

  • Security Provision (SP)
  • Operate and Maintain (OM)
  • Oversee and Govern (OV)
  • Protect and Defend (PR)
  • Analyze (AN)
  • Collect and Operate (CO)
  • Investigate (IN)

The Framework then breaks down the seven workforce categories into 33 specialty areas and 52 work roles. The 33 Specialty Areas describe the specialties in each of the workforce categories. Then the 52 work roles, which are not job titles, but are closely related to what you may see on organizational charts and job applications, derive from the 33 specialty areas.

The Framework provides the following information on each work role to help individuals learn more about a specific role:

Work Role Description: The short, high-level description of the role
Task: the various functions that someone in a specific role may encounter

Knowledge Areas: The list of knowledge areas that someone in the role might be able to exhibit
Skills: The specific expertise that may be necessary for the role
Abilities: The abilities that someone should be able to demonstrate in the role

You can learn about the NICE Cybersecurity Workforce Framework in the NIST Special Publication 800-181 and on the NICE Website.

Tip: Use the NIST SP 800-81 Reference Spreadsheet to navigate and explore through each role easily.

Below you can find a summary of the workforce categories and the career possibilities in each.

Security Provision (SP)

NIST SP 800-181 defines the "Security Provisions" workforce category as anyone who "Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of a system and/or network development."

The Specialty areas for this category include Risk Management (RSK), Software Development (DEV), Systems Architecture (ARC), Technology R&D (TRD), Systems Requirements Planning (SRP), Test, and Evaluation (TST), and Systems Development (SYS). Roles Include:

  • Authorizing Official/Designating Representative
  • Security Control Assessor
  • Software Developer
  • Secure Software Assessor
  • Enterprise Architect
  • Security Architect
  • Research & Development Specialist
  • Systems Requirements Planner
  • System Testing and Evaluation Specialist
  • Information Systems Security Developer
  • Systems Developer

Operate and Maintain (OM)

NIST SP 800-181 defines the "Operate and Maintain" workforce category as anyone who "Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security."

The Specialty Areas include Data Administration (DTA), Knowledge Management (KMG), Customer Service and Technical Support (STS), Network Services (NET), Systems Administration (ADM), and Systems Analysis (ANA). Roles Include:

  • Database Administrator
  • Data Analyst
  • Knowledge Manager
  • Technical Support Specialist
  • Network Operations Specialist
  • System Administrator
  • Systems Security Analyst

Oversee and Govern (OV)

NIST SP 800-181 defines the "Oversee and Govern" workforce category as anyone who "Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work."

The Specialty Areas include Legal Advice and Advocacy (LGA), Training, Education, and Awareness (TEA), Cybersecurity Management (MGT), Strategic Planning and Policy (SPP), Executive Cyber Leadership (EXL), and Program/Project Management (PMA) and Acquisition. Roles Include:

  • Cyber Legal Advisor
  • Privacy Officer/Privacy Compliance Manager
  • Cyber Instructional Curriculum Developer
  • Cyber Instructor
  • Information Systems Security Manager
  • Communications Security (COMSEC) Manager
  • Cyber Workforce Developer and Manager
  • Cyber Policy and Strategy Planner
  • Executive Cyber Leadership
  • Program Manager
  • IT Project Manager
  • Product Support Manager
  • IT Investment/Portfolio Manager
  • IT Program Auditor

Protect and Defend (PR)

NIST SP 800-181 defines the "Protect and Defend" workforce category as anyone who "Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks."

The Specialty Areas include Cybersecurity Defense Analysis (CDA), Cybersecurity Defense Infrastructure Support (INF), Incident Response (CIR), and Vulnerability Assessment and Management (VAM). Roles Include:

  • Cyber Defense Analyst
  • Cyber Defense Infrastructure Support Specialist
  • Cyber Defense Incident Responder
  • Vulnerability Assessment Analyst

Analyze (AN)

NIST SP 800-181 defines the "Analyze" workforce category as anyone who "Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence."

The Specialty Areas include Threat Analysis (TWA), Exploitation Analysis (EXP), All-Source Analysis (ASA), Targets (TGT), and Language Analysis (LNG). Roles Include:

  • Threat/Warning Analyst
  • Exploitation Analyst
  • All-Source Analyst
  • Mission Assessment Specialist
  • Target Developer
  • Target Network Analyst
  • Multi-Disciplined Language Analyst

Collect and Operate (CO)

NIST SP 800-181 Defines the "Collect and Operate" workforce category as anyone who "Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence."

The Specialty Areas include Collection Operations (CLO), Cyber Operational Planning (OPL), and Cyber Operations (OPS). Roles Include:

  • All Source-Collection Manager
  • All Source-Collection Requirements Manager
  • Cyber Intel Planner
  • Cyber Ops Planner
  • Partner Integration Planner
  • Cyber Operator

Investigate (IN)

NIST SP 800-181 Defines the "Investigate" workforce category as anyone who "Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence."

The Specialty Areas include Cyber Investigation (INV) and Digital Forensics (FOR). Roles Include:

  • Cyber Crime Investigator
  • Law Enforcement /Counterintelligence Forensics Analyst
  • Cyber Defense Forensics Analyst


The NICE Workforce Framework serves as an excellent resource for those starting their career, changing paths, or honing in on their skills for their specialization. Be sure to take time to explore the NIST SP 800-181 and supplemental resources on the NIST website, to learn skills needed to reach a dream cybersecurity job.

After you create a roadmap for your skills and experiences, the next step is to take action. Gain knowledge in a systematic approach, explore Cybrary's guided Career Paths for how to become a Pen Tester, SOC Analyst, Network Engineer, Cybersecurity Engineer, and more.

Though the cybersecurity space can be expansive, proper research and planning can guide cybersecurity practitioners to the fulfilling career that best suits their interests and talents.

Schedule Demo