The National Cybersecurity Workforce Framework provides a blueprint to categorize, organize, and describe cybersecurity work into Specialty Areas, tasks, and knowledge, skills, and abilities (KSAs). The Workforce Framework provides a common language to speak about cyber roles and jobs and helps define personal requirements in cybersecurity.
The Workforce Framework organizes cybersecurity into seven high-level Categories, each comprised of several Specialty Areas.
Within the Framework, there are seven Categories, each comprising of several Specialty Areas. This organizing structure is based on extensive job analyses that groups together work and workers that share common major functions, regardless of job titles or other occupational terms.
Click on each Category Link to see the Specialty Areas.
Specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
- All Source Intelligence
Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
- Exploitation Analysis
Analyzes collected information to identify vulnerabilities and potential for exploitation.
Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.
- Threat Analysis
Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
Specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
Specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence.
Specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security.
Oversight and Development – Specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work.
Specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.
Specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems’ development