Introduction

Welcome to our "Career Exploration" page, where we dive into the exciting world of cybersecurity careers. In today's digital age, cybersecurity is a vital field that keeps our online world safe from threats. The demand for cybersecurity professionals has reached extraordinary levels; in fact, there is a shortage of cybersecurity professionals in the workforce, with an estimated 3.5 million unfilled positions globally in 2023 and this shortage is expected to continue at least for the next few years.

So whether you’re a student thinking about your future career, just starting out in your professional journey, looking to make a career switch, or simply curious about the field, we hope this page helps you gain a better understanding of the wide range of opportunities in this exciting field.

So, let’s get started with our exploration. Our first stop: the NICE Framework.

What is the NICE Framework?

NICE stands for "National Initiative for Cybersecurity Education," which simply means it's a big effort to help people learn about cybersecurity and do a great job at it.

The NICE Framework is a resource by NIST NICE and is helpful because it establishes a standard approach and common language when describing cybersecurity work.

On this page, we highlight several of the more common entry-level work roles (jobs) to consider. This information is not intended to replace the information provided by the NICE Framework but rather present it using examples that can supplement understanding, especially for those who are new to cybersecurity.

Ok, let’s get started!

How does the NICE framework help you understand cybersecurity work?

Imagine you’re part of a superhero team, where each member has their own special skills. The NICE framework is a bit like that. It shows different jobs that people can have in the world of cybersecurity. These jobs are similar to superheroes with specific powers. For example, there are heroes who watch for problems, heroes who investigate problems, heroes who fix things when they go wrong, and heroes who plan how to keep everything safe.

Let's say you want to be a "Problem Investigator Hero." This means you’ll need to learn how to figure out what happens when something goes wrong. The NICE framework describes the different cybersecurity jobs and shows you the things you need to learn and the tasks you will perform in this job.

NICE Framework Overview

The NICE Framework has 7 categories that represent high-level groupings of common cybersecurity functions. Each category has multiple specialty areas (which you can learn more about here) that represent an area of work within cybersecurity. Think of the categories like different teams of superheroes, each with its own special mission. The 7 categories are listed below next to the formal description from the NICE Framework followed by an additional explanation using our superhero analogy:
  • Securely Provision: Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development.

    This is the team that ensures everything is set up safely from the start. They create plans, build strong defenses, and prepare everything to make it harder for cybercriminals to succeed. Just like a castle has strong walls, guards at the gate, and other defenses, this team creates the first layer of protection in an organization.
  • Operate & Maintain: Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security.

    This team is like the caretakers of the digital world. They keep everything running smoothly by fixing problems, updating software, and making sure all the computer systems are secure and working well.
  • Oversee & Govern: Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.

    This is the group of leaders who make big decisions and set the rules when it comes to cybersecurity work. They make sure that everything is organized, safe, and follows the right guidelines. They create policies and make sure everyone is playing by the cybersecurity rules to ensure digital safety.
  • Protect & Defend: Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.

    Just like superheroes who protect a city from villains, this team defends against cyber attacks. They build digital shields and walls to keep cybercriminals out. When there’s a threat, they jump into action to keep their digital environment safe.
    Protect & Defend: Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.

    Just like superheroes who protect a city from villains, this team defends against cyber attacks. They build digital shields and walls to keep cybercriminals out. When there’s a threat, they jump into action to keep their digital environment safe.
    Protect & Defend: Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.

    Just like superheroes who protect a city from villains, this team defends against cyber attacks. They build digital shields and walls to keep cybercriminals out. When there’s a threat, they jump into action to keep their digital environment safe.
    Protect & Defend: Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.

    Just like superheroes who protect a city from villains, this team defends against cyber attacks. They build digital shields and walls to keep cybercriminals out. When there’s a threat, they jump into action to keep their digital environment safe.
  • Investigate: Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence.

    These are the detectives of the digital world. When something seems suspicious or if there’s a cybercrime, they dig deep to find out the who, what, when, where, and why of the crime. Not only do they solve the crime but they also figure out how to prevent it from happening again.
  • Analyze: Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

    This team is all about studying clues and data. They try to identify patterns and other useful information to understand what's going on. It's like putting the pieces of a puzzle together to see the bigger picture and find ways to protect against future cyber threats.
  • Collect & Operate: Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.

    This team gathers important information from all over the digital world, just like how spies might gather information. This information helps paint a picture of what’s happening and helps leaders make better decisions on how to keep things safe in their organization.

Work Roles

Within each category and specialty area are aligned work roles. Currently, there are 52 work roles in the NICE Framework. These roles can be thought of as jobs, each requiring certain tasks, knowledge, and skills. We won’t be covering all the tasks, knowledge, and skills here as this information is covered in great detail on the NIST site. We will, however, introduce several work roles across each of the 7 categories that offer entry-level positions in a way that might be helpful for learners or for those without a cybersecurity background to understand.

Categories

Additional Resources

NICCS (National Initiative for Cybersecurity Careers and Studies):
Offers information and resources related to cybersecurity careers, training, certifications, and education opportunities. There is a section under ‘Education & Training’ for students on how to prepare for a potential career in cybersecurity. The website also has a tool that enables the exploration of work roles within the NICE Framework.

Cyberseek: An interactive heat map that shows cybersecurity jobs across the United States. Jobs are organized by categories of the NICE Framework to which they align. There is also an interactive career pathway tool that shows key jobs, common transition opportunities between them, and detailed information about salaries, required credentials, and skillsets with each role.

CYBER.org: Provides cybersecurity education, resources, and training to students and educators. They also have a career exploration page that go into more depth on common job duties for various work roles.