Oversight and Governance
OG-WRL-003

Cybersecurity Workforce Management

Responsible for developing cybersecurity workforce plans, assessments, strategies, and guidance, including cybersecurity-related staff training, education, and hiring processes. Makes adjustments in response to or in anticipation of changes to cybersecurity-related policy, technology, and staffing needs and requirements.Authors mandated workforce planning strategies to maintain compliance with legislation, regulation, and policy.

  • T0116: Identify organizational policy stakeholders
  • T0226: Serve on agency and interagency policy boards
  • T0437: Correlate training and learning to business or mission requirements
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1022: Review enterprise information technology (IT) goals and objectives
  • T1025: Implement organizational training and education policies and procedures
  • T1028: Research new vulnerabilities in emerging technologies
  • T1036: Integrate leadership priorities
  • T1038: Integrate organization objectives in intelligence collection
  • T1056: Acquire resources to support cybersecurity program goals and objectives
  • T1059: Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
  • T1060: Advise senior management on organizational cybersecurity efforts
  • T1088: Communicate the value of cybersecurity to organizational stakeholders
  • T1107: Evaluate functional requirements
  • T1113: Develop the enterprise continuity of operations strategy
  • T1114: Establish the enterprise continuity of operations program
  • T1158: Develop cybersecurity implementation policies and guidelines
  • T1184: Establish stakeholder communication channels
  • T1185: Maintain stakeholder communication channels
  • T1227: Manage cybersecurity budget, staffing, and contracting
  • T1306: Conduct technology program and project audits
  • T1335: Promote cybersecurity awareness to management
  • T1336: Verify the inclusion of sound cybersecurity principles in the organization's vision and goals
  • T1357: Determine if cybersecurity requirements have been successfully implemented
  • T1358: Determine the effectiveness of organizational cybersecurity policies and procedures
  • T1394: Develop independent cybersecurity audit processes for application software, networks, and systems
  • T1395: Implement independent cybersecurity audit processes for application software, networks, and systems
  • T1396: Oversee independent cybersecurity audits
  • T1397: Determine if research and design processes and procedures are in compliance with cybersecurity requirements
  • T1398: Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities
  • T1436: Acquire adequate funding for cybersecurity training
  • T1446: Conduct learning needs assessments
  • T1447: Identify training requirements
  • T1449: Determine if qualification standards meet organizational functional requirements and comply with industry standards
  • T1450: Allocate and distribute human capital assets
  • T1459: Develop standardized cybersecurity position descriptions using the NICE Framework
  • T1460: Develop recruiting, hiring, and retention processes
  • T1461: Determine cybersecurity position requirements
  • T1462: Develop cybersecurity training policies and procedures
  • T1464: Determine if cybersecurity workforce management policies and procedures comply with legal and organizational requirements
  • T1466: Establish cybersecurity workforce readiness metrics
  • T1467: Establish waiver processes for cybersecurity career field entry and training qualification requirements
  • T1468: Establish organizational cybersecurity career pathways
  • T1469: Develop cybersecurity workforce reporting requirements
  • T1470: Establish cybersecurity workforce management programs
  • T1471: Assess cybersecurity workforce management programs
  • T1476: Promote awareness of cybersecurity policy and strategy among management
  • T1478: Determine cybersecurity career field qualification requirements
  • T1479: Determine organizational policies related to or influencing the cyber workforce
  • T1482: Conduct cybersecurity workforce assessments
  • T1483: Integrate cybersecurity workforce personnel into information systems life cycle development processes
  • T1492: Integrate laws and regulations into policy
  • T1518: Develop organizational cybersecurity strategy
  • T1543: Develop cybersecurity policies and procedures
  • T1552: Identify cyber workforce planning and management issues
  • T1553: Address cyber workforce planning and management issues
  • T1605: Advise management, staff, and users on cybersecurity policy
  • T1623: Develop supply chain cybersecurity risk management policy
  • K0640: Knowledge of the organizational cybersecurity workforce
  • K0644: Knowledge of cybersecurity operation policies and procedures
  • K0648: Knowledge of career paths
  • K0649: Knowledge of organizational career progressions
  • K0652: Knowledge of workforce trends
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0691: Knowledge of cyber defense tools and techniques
  • K0692: Knowledge of vulnerability assessment tools and techniques
  • K0743: Knowledge of new and emerging technologies
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0754: Knowledge of resource management principles and practices
  • K0773: Knowledge of telecommunications principles and practices
  • K0803: Knowledge of supply chain risk management principles and practices
  • K0818: Knowledge of new and emerging cybersecurity risks
  • K0820: Knowledge of supply chain risks
  • K0825: Knowledge of threat vector characteristics
  • K0828: Knowledge of supply chain risk management standards and best practices
  • K0831: Knowledge of network attack vectors
  • K0838: Knowledge of supply chain risk management policies and procedures
  • K0881: Knowledge of learning assessment tools and techniques
  • K0887: Knowledge of training policies and procedures
  • K0892: Knowledge of cyber defense laws and regulations
  • K0893: Knowledge of training systems and software
  • K0902: Knowledge of the NIST Workforce Framework for Cybersecurity (NICE Framework)
  • K0908: Knowledge of human resources policies and procedures
  • K0943: Knowledge of industry indicators
  • K0962: Knowledge of targeting laws and regulations
  • K0963: Knowledge of exploitation laws and regulations
  • K0969: Knowledge of cyber-attack tools and techniques
  • K0983: Knowledge of computer networking principles and practices
  • K0990: Knowledge of cyber operations principles and practices
  • K1014: Knowledge of network security principles and practices
  • K1023: Knowledge of network exploitation tools and techniques
  • K1098: Knowledge of personnel systems and software
  • K1137: Knowledge of cybersecurity requirements
  • K1140: Knowledge of cybersecurity workforce policies and procedures
  • K1171: Knowledge of mission assurance practices and principles
  • K1180: Knowledge of organizational cybersecurity goals and objectives
  • K1183: Knowledge of organizational cybersecurity policies and procedures
  • K1184: Knowledge of organizational cybersecurity workforce requirements
  • K1186: Knowledge of organizational human resource (HR) policies and procedures
  • K1206: Knowledge of research and design processes and procedures
  • K1209: Knowledge of risk mitigation principles and practices
  • S0393: Skill in developing assessments
  • S0394: Skill in developing security assessments
  • S0396: Skill in forecasting requirements
  • S0397: Skill in assessing requirements
  • S0398: Skill in analyzing organizational objectives
  • S0406: Skill in developing policy plans
  • S0410: Skill in creating career path definitions
  • S0411: Skill in developing career paths
  • S0422: Skill in evaluating workforce trends
  • S0497: Skill in developing client organization profiles
  • S0515: Skill in identifying partner capabilities
  • S0519: Skill in detecting exploitation activities
  • S0633: Skill in developing position qualification requirements
  • S0647: Skill in managing a workforce
  • S0686: Skill in performing risk assessments
  • S0821: Skill in collaborating with internal and external stakeholders
  • S0850: Skill in performing cost/benefit analysis
  • S0858: Skill in performing economic analysis
  • S0878: Skill in performing risk analysis
  • S0892: Skill in performing trend analysis