• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

7 classifications of security careers

December 14, 2016 by Secure360 and UMSA

neon digital number seven

Copyright: 123rf/Markus Gann

The security industry is growing at a great pace. In December 2015, Forbes reported that worldwide spending on information security would reach $75 billion for 2015, and the global cybersecurity market was expected to be worth $170 billion by 2020. As the industry expands, so does the demand for security professionals and the number of jobs.

NIST’s Cybersecurity Workforce Framework gives the security industry a way to classify specific specialty areas and work roles and identify a path for career growth.

1. Securely provision

These are the professionals who conceptualize, design and build secure information technology systems. Most of these IT professionals are responsible for some aspect of a security system’s development and typically operate at a high level.

NIST-defined specialty areas and work roles:

  • Risk management (authorizing official, security control assessor)
  • Software development (software developer, secure software assessor)
  • Systems architecture (enterprise architect, security architect)
  • Technology R&D (research and development specialist)
  • Systems requirement planning (requirements planner)
  • Test and evaluation (testing and evaluation specialist)
  • Systems development (information systems security developer, systems developer)

2. Operate and maintain

These professionals run the tools that operate an organization’s network, according to NIST’s framework. They are very hands-on and provide the support, administration and maintenance required to ensure both effective and efficient IT system’s performance and security.

NIST-defined specialty areas and work roles:

  • Data administration (database administrator, data analyst)
  • Knowledge management (knowledge manager)
  • Customer service and technical support (technical support specialist)
  • Network services (network operations specialist)
  • Systems administration (systems administrator)
  • Systems analysis (systems security analyst)

3. Oversee and govern

These professionals are responsible for providing leadership, management, direction and advocacy so the organization may effectively conduct cybersecurity work.
NIST-defined specialty areas and work roles:

  • Legal advice and advocacy (legal advisor)
  • Training, education and awareness (instructional curriculum developer, cyber instructor)
  • Cybersecurity management (information systems security manager, COMSEC manager)
  • Strategic planning and policy (cyber workforce developer and manager, cyber policy and strategy planner)
  • Executive cyber leadership (office of chief information security officer)
  • Acquisition and program/project management (program manager, IT project manager, product support manager, IT investment/portfolio manager, IT program auditor)

4. Collect and operate

These professionals are responsible for specialized denial and deception operations, as well as the collection of cybersecurity information that can be used to develop intelligence.

NIST-defined specialty areas and work roles:

  • Collection operations (all-source collection manager, all-source collection requirements manager)
  • Cyber operational planning (cyber intel planner, cyber ops planner, interagency/international integration planner)

5. Protect and defend

These are some of the organization’s high-level technical people. They identify, analyze and mitigate threats to internal IT systems or networks. People with these skills are in high demand and some of the toughest employees to attract and retain.

NIST-defined specialty areas and work roles:

  • Cyber defense analysis (cyber defense analyst)
  • Cyber defense infrastructure support (cyber defense infrastructure support specialist)
  • Incident response (cyber defense incident responder)
  • Vulnerability assessment and management (vulnerability analyst)

6. Analyze

This specialty area and work roles were developed by the intelligence and defense community, but after the past few years, they now apply to the financial sector, healthcare and manufacturing. Threat intelligence and analysis were topics rarely talked about, however, since the Target security breach, these topics and roles are now essential.

NIST-defined specialty areas and work roles:

  • Threat analysis (warning analyst)
  • Exploitation analysis (exploitation analyst)
  • All-source analysis (all-source analyst, mission assessment specialist)
  • Targets (target developer, target digital network analyst, target analyst reporter) Language analysis (multidisciplined language analyst)

7. Investigate

Many of these specialty areas and work roles are filled by law enforcement professionals, but many organizations find they need people to investigate cybersecurity events or crimes related to IT systems, networks and digital evidence.

NIST-defined specialty areas and work roles:

  • Cyber investigation (cyber crime investigator)
  • Digital forensics (forensics analyst, cyber defense forensics analyst)

Do you agree with these 7 classifications of security careers? This guide may be helpful for students who are trying to determine which direction they would like to go with their IT or security degree. It is also helpful for individuals who are looking to change their current career within the field. For students looking for more resources and direction in choosing their IT path, consider attending our Student360 event in February 2017!

Filed Under: Business Continuity Management, Physical Security, Cybersecurity, Professional Development, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Marketing Envy
    Marketing Envy: [New Blog] 2020 saw in-person conferences evaporate, but with vaccines rolling out, 2021 could be different. H… https://t.co/4YONwZNsDa
    about 2 days ago

  2. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 4 days ago

  3. Secure360 Conference
    Secure360 Conference: Fascinating stuff about the shift from brick & mortar to e-commerce, from Diamond Sponsor @cisco! https://t.co/4GaYGQKZ1a
    about 6 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.