NICE Framework

7 NICE Cybersecurity Workforce Framework categories: Everything you need to know

Beth Osborne
September 14, 2020 by
Beth Osborne


In the world of cybersecurity, there are many roles to play. While those roles can vary, there is also the NICE (National Initiative for Cybersecurity Education) Cybersecurity Workforce Framework to tie them together. This framework includes seven categories that describe cybersecurity work and workers. You can apply the NICE Framework to any sector — public, private or academia. 

In this article, we’ll be breaking down the seven categories and how you can effectively use them to source IT talent and continue to develop your workforce. 

The seven categories

The NIST (National Institute of Standards and Technology) developed the seven categories. The organization defined these different workers to highlight the “interdisciplinary nature” of the field of cybersecurity. It seeks to standardize the roles required in the cybersecurity workforce, which encompasses both technical and non-technical roles. 

Within each category, you’ll find specialty areas representing a component of specific work or function that relates to the main category. Further down, specialty areas break down into work roles. In each work role, knowledge, skills, abilities and tasks are defined. 

Security Provision (SP)

The SP category describes workers that “conceptualize, design, procure, and build secure information technology systems.” The position is responsible for system and network development. 

SP specialty areas and work roles:

Risk Management

  • Responsible for all aspects of cybersecurity risk requirements and ensures compliance, both internally and externally
  • Work roles: Senior Official and Security Control Assessor

Software Development

  • Writing code and designing software
  • Work roles: Software Developer and Secure Software Assessor

Systems Architecture

  • Works on system concepts and capabilities of the system, translating technology and other conditions to align with security designs and processes
  • Work roles: Enterprise Architect and Security Architect

Technology R&D

  • Assesses integration processes and supports prototype capabilities
  • Work role: Research and Development Specialist

Systems Requirements Planning

  • Customer-facing role that determines needs and converts them to technical solutions 
  • Work role: Systems Requirements Planner

Test and Evaluation

  • Testing of systems for compliance, specifications and requirements
  • Work role: System Testing and Evaluation Specialist

Systems Development

  • Oversees the development life cycle
  • Work roles: Information Systems Security Developer and Systems Developer

Operate and Maintain (OM)

The OM sector is responsible for supporting, maintaining and administering for effective and efficient use of IT systems.

OM specialty areas and work roles:

Data Administration

  • Maintains databases and data management systems that enable the storage, protection and use of data
  • Work roles: Database Administrator and Data Analyst

Knowledge Management

  • Manages tools for the organization to classify, document and access intellectual capital
  • Work role: Knowledge Manager

Customer Service and Technical Support

  • Addresses all challenges of customers and provides initial incident information
  • Work role: Technical Support Specialist

Network Services

  • Configures and maintains networks, firewalls, hardware and software to enable the sharing of information that supports security objectives
  • Work role: Networks Operations Specialist

Systems Administration

  • Supports server configurations to ensure confidentiality and integrity by managing accounts, firewalls, access control and patches
  • Work role: System Administrator

Systems Analysis

  • Designs IT solutions for more secure operations and is the liaison between business and IT
  • Work role: Systems Security Analyst

Oversee and Govern (OV)

The OV classification focuses on the leadership, management and advocacy of cybersecurity work.

Specialty areas and work roles:

Legal Advice and Advocacy 

Training, Education and Awareness

  • Trains staff and evaluates courses and approaches to support education. Those in this category will often develop a curriculum for skills development across the enterprise. 
  • Work roles: Cyber Instructional Curriculum Developer and Cyber Instructor

Cybersecurity Management

  • Directs the cybersecurity program and manages security implications across the enterprise
  • Work roles: Information Systems Security Manager and Communications Security Manager

Strategic Planning and Policy

  • Creates the policies and plans for approaching cybersecurity initiatives 
  • Work roles: Cyber Workforce Developer and Cyber Policy and Strategy Planner

Executive Cyber Leadership

  • Leads workers that perform cyber-related work
  • Work role: Executive Cyber Leader

Program/Project Management and Acquisition

  • Uses knowledge of cybersecurity structure to handle all acquisitions, including hardware, software and information systems. The roles include the responsibilities of project management, investment alignment and auditing. 
  • Work roles: Program Manager, IT Project Manager, IT Investment Manager and IT Program Auditor

Protect and Defend (PR)

This grouping leads threat mitigation through careful analysis.

Specialty areas and work roles: 

Cyber Defense Analysis

  • Leverages defensive measures and intelligence to identify and report on incidents that occur or may occur.
  • Work role: Cyber Defense Analyst

Cyber Defense Infrastructure Support

  • Tests, deploys and maintains infrastructure hardware and software to manage computer network defense services.
  • Work role: Cyber Defense Infrastructure Support Specialist

Incident Response

  • Responds to any crises or urgent events to remove immediate and possible threats while also investigating and analyzing any relevant response actions.
  • Work role: Cyber Defense Incident Responder

Vulnerability Assessment and Management

  • Assesses threats and vulnerabilities and develops countermeasures to mitigate these.
  • Work role: Vulnerability Assessment Analyst

Analyze (AN)

The AN category reviews and evaluates cybersecurity information and determines its benefits for intelligence.

Specialty areas and work roles:

Threat Analysis

  • Tracks activities of cybercriminals to produce findings to launch investigations with law enforcement.
  • Work role: Threat/Warning Analyst

Exploitation Analysis

  • Reviews information relating to the potential exploitation of vulnerabilities.
  • Work role: Exploitation Analyst

All-Source Analysis

  • Evaluates threat information from sources and then puts such findings in context for actionable insights.
  • Work roles: All-Source Analyst and Mission Assessment Specialist


  • Uses knowledge of regions, entities and technologies to improve cybersecurity defenses.
  • Work roles: Target Developer and Target Network Analyst

Language Analysis

  • Utilizes language, cultural elements and technical expertise to support the collection and analysis of cybersecurity activities.
  • Work role: Multi-Disciplined Language Analyst

Collect and Operate (CO)

This segment specializes in denial and deception operations while also collecting data to support intelligence insights.

Specialty areas and work roles:

Collection Operations

  • Manages the collection process in alignment with strategies and priorities.
  • Work roles: All Source-Collection Manager and All Source-Collection Requirements Manager

Cyber Operational Planning

  • Executes targeting and cybersecurity planning, documenting operational plans and orders for cybersecurity operations.
  • Work roles: Cyber Intel Planner, Cyber Ops Planner and Partner Integration Planner

Cyber Operations

  • Performs information-gathering activities on criminals or entities to abate possible real-time threats and protect from espionage or sabotage. 
  • Work role: Cyber Operator

Investigate (IN)

This subgroup investigates cybersecurity events or crimes.

Specialty areas and work roles:

Cyber Investigation

  • Applies various strategies and procedures to ensure processes around investigations, including interviews, interrogation and surveillance. 
  • Work role: Cyber Crime Investigator

Digital Forensics

  • Gathers and analyzes computer-related evidence to support vulnerability efforts, prosecution of criminal activity and other investigations.
  • Work roles: Law Enforcement/Counterintelligence Forensics Analyst and Cyber Defense Forensics Analyst

How managers can use the NICE framework

Finding the right talent to be part of your cybersecurity workforce isn’t easy. With various roles and skill sets, it can become complex. The framework offers solutions to defining, attracting and retaining these employees. 

Employ this framework to:

  • Track your cybersecurity workforce to understand strengths and weaknesses in knowledge, skills and abilities
  • Identify training and qualification needs to develop knowledge, skills and abilities
  • Enhance job descriptions with more relevant content that speaks to specific roles
  • Categorize the most crucial work roles and chart a career path for staff to achieve skills to move up
  • Develop a universal terminology between yourself and your HR staff for more optimal recruiting and retention efforts

Using it for job descriptions

By leveraging the NICE Framework, you can work in concert with HR to develop more specific job descriptions. By looking at the knowledge, skills and abilities necessary to perform those roles, you can do some initial screening in recruiting. 

A good screening strategy is to include a few questions within your position advertisement that relate to the knowledge, skills and abilities you are seeking. Being more strategic and purposeful in your job description can be much smoother and save you time and money by targeting specialized talent.

Using it for personnel development 

Your organization can further use the NICE Framework for employee development plans. Most cybersecurity professionals will want to pursue higher-level positions. Within the seven categories, you have a diverse pool that has different talents and goals. 

Understanding what knowledge, skills and abilities necessary to take that next step, you can create a roadmap for development as well as identify training classes that would be beneficial to the employee. There’s no doubt that a career in cybersecurity is one of constant learning because it’s a volatile and ever-changing discipline. 

In many cases, hands-on training is critical to understanding cybersecurity. To provide this type of environment for your team, labs are typically more valuable than lectures. 

Building a strong cybersecurity workforce

Begin building a better workforce today with targeted skills classes related to the NIST Cybersecurity Framework. Explore options now



  1. NICE Framework, NIST
Beth Osborne
Beth Osborne