National Initiative for Cybersecurity Education Cybersecurity Workforce Framework

National Initiative for Cybersecurity Education

NICE Cybersecurity Workforce Framework
National Institute of Standards and Technology, August, 2017

The National Initiative for Cybersecurity Education (NICE) National Cybersecurity Workforce Framework (NICE Framework), published by the National Institute of Standards and Technology (NIST) in NIST Special Publication 800-181, is a nationally focused resource that establishes a taxonomy and common lexicon to describe cybersecurity work, and workers, regardless of where, or for whom, the work is performed. The NICE Framework is intended to be applied in the public, private, and academic sectors.

NICE Cybersecurity Workforce Framework Components
NICE Cybersecurity Workforce Framework Components, Categories and Specialty Areas.

Read the Full Framework at National Initiative for Cybersecurity Careers and Studies »

Visit the NICE Cybersecurity Workforce Framework Resource Center »

Learn more about how to use the NICE Framework (PDF) »

About the Authors:

  • William Newhouse, Applied Cybersecurity Division, Information Technology Laboratory.
  • Stephanie Keith, Cyber Workforce Strategy & Policy Division, Office of the Deputy DoD Chief Information Officer.
  • Benjamin Scribner, Cyber Education and Awareness Branch, DHS National Protection and Programs Directorate.
  • Greg Witte, G2, Inc., Annapolis Junction, MD.


SANS Overview of the NIST NICE Framework

The NIST NICE Framework (SP800-181) is a formalized approach to defining the cybersecurity workforce. The purpose of the framework is to enable organizations to effectively identify, hire, track, train, and develop a qualified cybersecurity workforce. The framework also enables those who wish to enter the cybersecurity workforce to better understand their options, while also helping those already in the workforce better define and develop their career path.


The framework achieves this by creating a common lexicon, comprised of the following components:

  • 7 Categories: Broad grouping of cybersecurity functions.
  • 33 Specialty Areas: Specific areas of cybersecurity work.
  • 52 Work Roles: The comprehensive grouping of work, essentially what you or I would refer to as job descriptions.

NIST NICE then defines each work role with a title and description, tasks expected for that work role, and the knowledge, skills, and abilities (KSAs) that the respective work role is expected to have.


By creating this specific lexicon, it ensures that everyone is speaking the same language. For example, if you need to hire someone for your incident response team, you can provide the exact requirements for an incident responder to your human resources team based on the framework. Similarly, people looking to be hired in such a position know exactly what is expected of them.

Adapted from SANS “NIST NICE Work Role Description for Security Awareness and Communications Manager.”

Read the Full Article »

About the Author:

Lance Spitzner is Director, SANS Security Awareness. He has over 20 years of security experience in cyber threat research, security architecture, awareness and training. He helped pioneer the fields of deception and cyber intelligence and founded the Honeynet Project. In addition, Lance has published three security books, consulted in over 25 countries and helped over 350 organizations build programs to manage their human risk. Lance is a frequent presenter, serial tweeter ( @lspitzner ) and works on numerous community security projects. Mr. Spitzner served as an armor officer in the Army’s Rapid Deployment Force and earned his MBA from the University of Illinois.