There are 6 cybersecurity knowledge areas every infosec pro must master, NIST says
Cyber ops planner. As a professional title that sounds like either a shadowy special agent or some new age name for a nefarious hacker.
Instead, it is one of the job roles that the National Institute of Standards and Technology outlined in its just-finalized draft Cybersecurity Education (NICE) Cybersecurity Workforce Framework.
Infosec pros already know what a CISO is, of course, but some of the other intriguing titles NIST described include target developer and target network analyst, exploitation analyst, threat/warning analyst, cyber intel planner and cyber defense forensics analyst, just to name a few.
In addition to job titles, NIST explained the specialty skills that hospitals are going to need on the cybersecurity team, the 1,007 tasks it deemed part of a cybersecurity staff’s responsibility — from acquiring resources to reviewing findings from the continuous monitoring program — as well as knowledge descriptions.
NIST said that all cybersecurity professionals should master these six knowledge realms: computer networking concepts and protocols; risk management processes; laws, regulations, policies and ethics; privacy and security principles; threats and vulnerabilities; and specific impacts any security lapses can cause.
And that’s just to get started. NIST added another 624 knowledge descriptions. While the aforementioned half-dozen apply to everyone working in cybersecurity, the rest depends on specialties.
NIST published the guidance to help hospitals define what job roles cybersecurity teams require and, ultimately, to find top talent — but it is also useful for employees looking to understand what skills can advance their career as well.
So what is a cyber ops planner, anyway?
“Develops detailed plans for the conduct or support of the applicable range of cyber operations through collaboration with other planners, operators and/or analysts,” NIST wrote. “Participates in targeting selection, validation, synchronization, and enables integration during the execution of cyber actions.”
NIST unveiled the framework in the fall of 2016 and took another step closer to formalizing NICE by finalizing the draft document this week, but hospitals and infosec pros don’t need to wait for that process to happen and, instead, can start putting the information therein to work immediately.