Guide to Careers in Cybersecurity, Information Assurance, and Digital Forensics
Cybersecurity is a broad, complex, evolving field with a pressing mandate: assure the safety and security of crucial digital infrastructures and defend networked computer and mobile systems against incursions from criminal hackers, agents of espionage, and other bad actors. Achieving these goals requires a wide range of trained professionals who possess a diverse array technical and non-technical skills and proficiencies, as well as the coordinated deployment of public and private sector resources.
The importance of implementing effective cybersecurity policies while cultivating a capable cyber workforce has become and remains a perennial concern at the highest levels of government, in the military, and among business and thought leaders not just in the tech sector but throughout the economy. Thus, in 2008, the United States Department of Commerce’s National Institute of Standards and Technology (NIST) launched the National Initiative for Cybersecurity Education (NICE).
NICE brought experts from the public and private sectors together with academics and policymakers in order to rethink the U.S. approach to cybersecurity. This led to the NICE Workforce Framework for Cybersecurity, a document designed to help businesses, government agencies, and educators promote improvements in cybersecurity training and staffing. The NICE Framework, which was most recently updated in 2020, establishes a system for classifying distinct work roles within cybersecurity. It identifies 33 specialty areas where there is a need for cybersecurity talent, and highlights 52 jobs within those specialty areas, each of which is associated with specific knowledge, skills, and abilities (KSAs).
In addition to giving curriculum designers, policymakers, and employers guidelines for training and structuring the cybersecurity labor force, the NICE Framework can serve as a roadmap for individuals who may be interested in pursuing a career in cybersecurity. The sections below draw on the NICE Framework and other related sources, offering an overview of the current state of cybersecurity from an employment perspective and providing a user-friendly guide for navigating specializations within cybersecurity, identifying KSAs commonly needed for particular jobs, and preparing for a successful career in the field.
The Cyber Shortage: Demand Exceeds Supply in the Labor Market
One of the biggest challenges facing employers in cybersecurity has been finding qualified professionals to fill the growing number of critical positions in the field. The proliferation of cybersecurity bachelor’s and master’s programs has, in tandem with industry training and professional certification programs, helped to narrow the gap between supply and demand in the cyber labor market in the past several years. However, there is wide acknowledgment that a significant shortage still persists.
The (ISC)², a non-profit cybersecurity training and certification organization founded in 1989 as the International Information System Security Certification Consortium, issues an annual Cybersecurity Workforce Study that provides an overview of state of the field. The most recent Workforce Study, published in 2020, notes that there are likely over three million additional workers needed to meet public and private sector demand worldwide. Over 800,000 of those jobs, the report estimates, are in the U.S. A more recent report published by the Belfer Center for Science and International Affairs at Harvard University’s Kennedy School in 2021, puts the number of unfilled cybersecurity jobs in the States at roughly half a million, concluding that the “U.S. lacks the qualified personnel” to meet current cyber workforce demands.
In part, these labor force shortfalls can be attributed to the outdated notion that cybersecurity is a narrow pursuit, siloed within the highly technical fields of computer science and information technology (IT). The NICE Framework, with its broad scope, represents a break from this conception and reflects a more realistic approach to building a robust, multifaceted cyber workforce that draws on the talents and abilities of computer science and IT experts, human resource and project managers, risk analysts, forensic investigators, educators, and professionals working in banking, finance, healthcare, law, and many other fields
“The pool of cybersecurity jobs encompasses a broad range of work, which often overlaps with other fields,” notes Laura Bate, the Senior Director of the federal government’s Cyberspace Solarium Commission and a former policy analyst with New America’s Cybersecurity Initiative, in a 2018 report for New America’s Cybersecurity Initiative. The report, titled “Cybersecurity Workforce Development: A Primer,” emphasizes that “cybersecurity jobs are increasingly crossing into other domains like finance, healthcare, and law.”
Bate goes on in her report to recommend that “academic decision-makers and the policymakers who define incentives in higher education should consider cybersecurity not as a single, monolithic discipline within higher education, but rather a field that cuts across – and looks very different in – many disciplines.”
Education and Training in Cybersecurity
In 2020, the Aspen Cybersecurity Group, an initiative funded by the non-profit, non-partisan thinktank the Aspen Institute, issued a comprehensive report on the state of cybersecurity in the U.S. titled “A National Cybersecurity Agenda for Resilient Digital Infrastructure.” “Education and Workforce Development” was the first of five action items singled out for prioritization in the report, which noted that, “The cybersecurity community’s tendency to treat cybersecurity as a problem to be solved has not been effective. Instead, we need to convey cybersecurity as an inextricable element of the digital infrastructure on which all society’s priorities depend.”
The Aspen Group is not alone in prioritizing education and training. In a 2018 policy article published in the September issue of The Cyber Defense Review, U.S. Army Lieutenant Colonel Karen J. Dill notes that the “top priority” of the Department of Defense’s cyber strategy should be to “develop a Cyber Mission Force and a supporting cyber workforce through training, recruiting and retention, and private sector support.” The article, “Cybersecurity for the Nation: Workforce Development,” goes on to endorse the establishment of a Civil Cyber Force (CCF). “Education,” Lieutenant Colonel Dill stresses, “is perhaps the most challenging and critical element of establishing a CCF.”
Navigating the National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity
The NICE Framework is an extensive document with various target audiences including, as its authors point out, “public sector agencies, private and not-for-profit organizations, education and training providers, curriculum developers, credential providers, human resource professionals, hiring managers, line managers, workforce planners, recruiters, and all learners.” Navigating the various section of the Framework report can be difficult, due in part to its expansive scope. Nevertheless, the document is a useful tool for matching one’s skills and interests with specific careers in cybersecurity and it provides insight into the proficiencies employers may be looking for in order to fill particular positions.
The Aspen Cybersecurity Group alluded to this alignment between employers and job seekers in a recent report announcing new commitments to cyber workforce development by companies such as Bank of America, Intel, Raytheon, and Target. The February, 2020 report, “16 More Industry Leaders Commit to Principles to Grow the Nation’s Cybersecurity Workforce,” emphasized that employers should aim to “[m]ake career paths understandable and accessible to current employees and job seekers, referencing models like the National Initiative for Cybersecurity Education (NICE) Workforce Framework where applicable.”
The pages below are designed to provide clarity regarding some of the more prominent areas for employment within cybersecurity that are identified in the NICE Framework. Using the Framework as a guide, many of the most common cybersecurity jobs are grouped into 15 sections representing areas of employment within the field. Each of these pages contains details on the KSAs generally required for work in that area, the types of academic degree and industry certification programs helpful in cultivating those KSAs, and other information that can be useful to current and future students, career changers, and others interested in pursuing a career in cybersecurity.
Note: For additional details on the NICE Workforce Framework for Cybersecurity, refer to our FAQ: What is the NICE Framework?
Cybersecurity Careers:
Cyber Defense Analysis
This guide covers the field of cyber defense analysis, which is a central cybersecurity function involving the monitoring of cyber systems for suspicious activity, collecting evidence of unwanted intrusions, and designing and implementing robust defensive systems and policies to discourage cyberattacks.
Cyber Defense Vulnerability and Penetration Testing
This guide covers cyber defense vulnerability and penetration testing as fields within cybersecurity, and provides information for individuals interested in becoming Ethical Hackers and/or Penetration Testers.
Cyber Governance and Compliance
This Guide explains the field of cyber governance and compliance, which involves designing, implementing, and assessing cybersecurity policy initiatives and developing enterprise-wide strategic plans to ensure organizational compliance with federal and state data security regulations and industry best practices.
Cyber Incident Response
This guide explains the field of cyber incident response, wherein cybersecurity professionals investigate various modes and vectors of cyberattack, prepare defensive strategies, identify potential breaches, and deploy countermeasures to protect companies, government agencies, military and defense contractors, and other organizations.
Cyber Intelligence and Threat Analysis
This guide centers on cyber intelligence and threat analysis as an area within cybersecurity that encompasses collecting and analyzing intelligence related to cyber threats, developing actionable intelligence from a broad range of data sources, and conducting counterintelligence efforts.
Cyber Investigations and Digital Forensics
This guide covers the fields of cyber investigations and digital forensics, areas within cybersecurity that involve analyzing evidence of hacking, malware development, and other cybercrimes, and collaborating with incident responders and legal professionals to identify cyber criminal activity and perpetrators.
Cyber Operations and Collections Management
This guide provides an overview of cyber operations and collections management, a field within cybersecurity that involves gathering and analyzing data on cyber threats, coordinating enterprise-wide intelligence efforts, and conducting reports on ongoing cyber threat mitigation and protection.
Cyber Personnel / Workforce Planning and Oversight
This guide explains the important role of the cyber personnel/workforce planner, who analyzes cybersecurity staffing needs for an organization and addresses them through employee recruitment, training, career development, and retention at the organizational level.
Cyber Project Management
This guide delves into cyber project management, a field that involves the oversight, coordination, and installation of IT systems, computer networks, and other cyber system components, as well as designing data security protocols.
Cyber Risk Assessment and Management
This guide explores the field of cyber risk assessment and management, a cybersecurity specialization that involves identifying potential cyber system vulnerabilities, calibrating the risk associated with those vulnerabilities, and helping businesses, government agencies, and other types of organizations plan for, defend against, and reduce the potential harm from cyber incursions.
Cyber Systems Planning, Testing, and Procurement
A guide to the field of cyber systems planning, testing, and procurement and to careers in this cybersecurity specialization, which focuses on assessing enterprise information technology (IT) systems, identifying potential weaknesses and vulnerabilities, and engineering security solutions in order to reduce risks posed by cyber threats.
Database Security and Information Management
This guide covers the field of database security and information management, which encompasses oversight of enterprise data systems, database administration, information systems management, data mining and analytics, and the implementation and maintenance of database and data systems security measures.
Network Operations and Security
This guide delves into the field of network operations and security, wherein professionals administer and manage the security of network architecture, including mainframe computers, computer workstations, servers, and other components linked to local and wide area networks.
Software Security
This guide provides an overview of careers in software security, a cybersecurity field in which coding professionals, software engineers, and others with programming and analysis skills develop, test, debug, and patch new and existing software applications and utilities in order to defeat cyberattacks and deter cyber intrusions.
System Security Administration and Management
This guide provides an overview of system security administration and management, which is a field that involves maintaining the safe and secure operations of enterprise IT assets, including user accounts, computer hardware and software, and operating systems, through network access management and monitoring, regular security oversight, and software updates/installations.