Submission By: Tom Gilheany
This is not your father’s IT security. The move to digitalization opens up a vast new world of career possibilities for IT professionals. Cybersecurity people need to be able to think like the bad actors who are out to exploit systems for their own nefarious purposes.
Tsung Tzu: “If you do not know your enemies nor yourself, you will be imperiled in every battle.” To plan your career and to design and deploy the best security team possible, it’s important to understand the different roles on a modern security defense team, what you are defending, and how.
Times Have Changed
A brief look in the rearview mirror puts the present into perspective. In 1995, IT structure was relatively simple. Client, network, and server. Each part had its own security component.
A decade later, the U.S. Department of Defense introduced Directive 8570 as a workforce/team organization model for information security. Many large organizations adopted this model, and it is well known throughout the IT industry.
Directive 8570 outlined 14 job roles under four different categories. Each of the jobs specifies a set of certifications. These help verify that a person who is performing one of the jobs outlined also has the minimal amount of training, knowledge, skills, and abilities to perform that job.
Cisco’s CCNA Security and Cisco Cybersecurity Specialist (SCYBER) are two of the DoD 8570 approved certifications that demonstrate such skills and knowledge.
In 2013, the U.S. National Institute of Standards (NIST) began work on the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF), which details 31 specialty areas across seven activity categories.
Many U.S. federal departments are moving to adopt this new model, including the U.S. DoD, which published DoD Directive 8140, starting its move towards this new, more detailed workforce model.
More Job Roles = More Career Options
The U.S. government’s goal is to align all federal cyber jobs with the NCWF. Although the standardizing process has begun, it will be years before all federal agencies are fully aligned and have an implementation plan.
What does all this mean for cybersecurity professionals who want to advance their careers?
The first big takeaway is just how many more types of cybersecurity jobs there are under the newer framework. More than twice as many, in fact, from 14 to 31. Much of that expansion comes from added or new security segments. In other words, as the systems and platforms supporting our digital world have grown in complexity, the range and types of security career options has also grown as well.
Another takeaway: There has been a shift in emphasis towards security operations job roles. (Cisco calls this Cyber Ops.) These operations roles generally handle security incidents in real-time, detecting and responding to security incidents as they occur. Roughly 40 percent of the NIST framework’s specialty areas have an operations component. With today’s pervasive and persistent threats, that’s no surprise.
A third consideration: Cybersecurity operations job hours may be irregular because many of the positions must be filled 24/7. Security operations centers are where “Security never sleeps.” Under the “protect and defend” category, a CND (computer network defense) incident response job is likely to call for working nights and/or weekends. This is in contrast to the more regular “business hours” roles of systems requirement planners in the "securely provision” category.
What appeals most to you? Do you thrive on the adrenaline rush of hunting for and averting security breaches, responding to “fire drills” at a moment’s notice? Or do you prefer a less chaotic work environment, planning defenses, installing controls, and designing security architecture? The new security team framework has so many opportunities that there is something for every work style.
In the second part of this blog post, we'll look at a breakdown of different job roles on a security team and discuss the function of each.
I welcome your feedback in the comments. Click here to learn more about Cisco's CCNA Cyber Ops program.
Tom Gilheany is Cisco’s Product Manager for Security Training and Certifications. He has a diverse background in startups through multinational Fortune 100 companies. Combining over 20 years of product management and technical marketing positions, and more than a dozen years in IT and Operations, he has conducted nearly 50 product launches in emerging technologies, cybersecurity, and telecommunications. Tom is a Certified Information Systems Security Professional (CISSP), holds an MBA, and is an active board member of the Silicon Valley Product Management Association and Product Camp Silicon Valley.