Guide to Careers in Cyber Personnel / Workforce Planning and Oversight
Having the right personnel in place is a key part of implementing and maintaining cyber defenses and supporting an effective overall cybersecurity strategy. Even the best cybersecurity systems and measures require regular maintenance and attention in response to changing needs and evolving threats. Thus, the deployment of skilled personnel who can manage and attend to cybersecurity issues is an important consideration in the field of cybersecurity. Ensuring that organizations have a full complement of competent, capable cybersecurity personnel and that other staff members are well informed about cybersecurity policies and issues is a role that falls under the general heading of cyber personnel/workforce planning and oversight.
Professionals in this area of specialization work with businesses, government agencies, and other enterprises to develop and maintain plans and policies regarding current and future cybersecurity measures, coordinate the risk mitigation and incident response planning efforts of cybersecurity personnel and other staffers, and implement practices that promote preparedness and reduce the likelihood and impact of cyber incursions. Regular tasks for the cyber personnel/workforce planning professional may include assessing the abilities and qualifications of relevant staff members, adding personnel who possess specialized knowledge and skills, and creating cyber training programs for technical and non-technical personnel. In addition, these professionals typically advise upper-level and senior management on recruitment, retention, and career development strategies that align with organizational goals while also meeting cybersecurity needs.
Employment Opportunities in Cyber Personnel/Workforce Planning and Oversight
Cyber personnel/workforce planning and oversight is by definition a role that exists primarily in large organizations with significant information technology (IT) infrastructure vulnerabilities. Businesses and organizations in fields like banking and finance, healthcare, manufacturing, and technology, as well as federal and state government agencies and private and public utilities, commonly meet these qualifications and have a need for cyber workforce planning. This field includes the management and oversight of technical personnel, security policies, and staffing issues related to cybersecurity. These matters may be handled internally by one or more professionals who have a technical understanding of cybersecurity matters, are familiar with staffing processes, and are comfortable managing workforce issues, such as recruitment, training, and retention of relevant personnel.
Alternatively, businesses, companies, agencies, and other entities that require cyber personnel planning and oversight expertise may outsource this function to independent cybersecurity firms and contractors who specialize in workforce management. IT and human resource management professionals who possess an understanding of cybersecurity principles and have studied cyber workforce issues can thus find employment via staff positions at large enterprises or through cybersecurity consultancy groups that provide personnel management services.
Professionals who work in this field include IT department managers, policy planners, and training program developers with the following job titles:
- Cyber Policy Planner
- Cybersecurity Strategic Advisor
- Cyber Strategic Planning Manager
- Cyber Policy and Workforce Development Consultant
- Cyber Workforce Developer
- Cyber Workforce Development Manager
- Cyber Instructional Curriculum Developer/Instructor
- Human Capital Cyber Workforce Solutions Manager
Knowledge, Skills, and Abilities (KSAs) for Cyber Personnel/Workforce Planning and Oversight
Personnel planning, workforce oversight, and enterprise-wide cybersecurity policy development are mid- to upper-level administrative responsibilities that typically require prior experience managing human resources and handling technical IT and cybersecurity issues. Like many of the roles identified by the National Initiative for Cybersecurity Education (NICE) in its Workforce Framework for Cybersecurity, cyber personnel/workforce planning and oversight brings together knowledge, skills, and abilities (KSAs), and professional proficiencies from a number of distinct areas. These areas include computer science, organizational and IT systems management, interpersonal communication, education and instructional design, and human resource management.
The NICE Framework lists numerous KSAs that relate to the work roles of cyber policy and strategic planning, cyber workforce management, and cyber instructional curriculum development, many of which are overlapping. These KSAs fall into three broad categories: technical expertise with computer systems and cyber technologies; project and personnel management expertise; and familiarity with workforce assessment, planning, and training practices and methods. Drawing on the NICE Framework and actual job listings, the sections below provide an overview of some of the key KSAs that are typically sought after in the field of cyber personnel/workforce planning and oversight.
General Technical Knowledge
- Common operating systems, including Windows, Android, Linus, and iOS
- Common network tools, such as Ping, Traceroute, and Nslookup, and their use
- Computer network protocols and security methodologies
- Cyber threats and vulnerabilities, malware, system and application security threats, and the Open Web Application Security Project Top 10 list
- Microsoft Office (Word, Excel, PowerPoint, Visio)
- Operating system and TCP/IP network configuration command line utilities, such as ipconfig, netstat, dir, and nbtstat
Workforce Planning Knowledge and Skills
- Ability to read and analyze workforce trend data
- Ability to apply workforce assessment metrics and methodologies
- Familiarity with manpower and personnel IT systems
- Instructional design and evaluation models, such as ADDIE, SAM, the Smith and Ragan model, Gagne’s Events of Instruction, and the Kirkpatrick model
- Instructional systems design (ISD) framework for curriculum development
- Learning management systems (LMSs) and their use
- Knowledge of legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices
- Principles of adult learning
- Understanding of risk management and mitigation practices
- Strong interpersonal and mentorship skills
- Background in employee training and/or human resource management
- Excellent verbal and written communication skills
- Ability to conduct research on cybersecurity system and staffing needs and to convey relevant information to organizational leaders
Training and Credentials in Cyber Personnel/Workforce Planning and Oversight
As noted in the section above, advancing into managerial positions in the field of cybersecurity, including positions in Cyber Personnel/Workforce Planning and Oversight, commonly requires prior work experience in cybersecurity information systems management, and/or personnel management, as well as formal education and training. Most positions in this area of cybersecurity management require a minimum of a bachelor’s degree, and it can be helpful to have majored in business administration, computer science, information systems management, or a related field that has potential applications in cyber personnel planning and oversight.
There are also master’s programs in the field that may provide advanced training for individuals who did not major in a field relevant to cybersecurity in their undergraduate degree, as well for individuals who would like to further specialize in cyber personnel planning and management. Finally, outside of the realm of academia, there are professional certifications, training programs, and bootcamps that individuals can complete in order to cultivate and demonstrate key proficiencies in this field.
Bachelor’s, Master’s, and Graduate Certificate Programs in Cyber Personnel/Workforce Planning and Oversight
In addition to bachelor’s programs in business administration, computer science, and information technology, there are also a number of schools that offer bachelor’s programs in cybersecurity. These programs are designed to provide foundational training in the principles of information security and the computer programming and IT systems knowledge that is integral to the practice of cybersecurity. Majoring in cybersecurity while also completing coursework in business management and educational psychology can be an effective way to prepare for a career in cyber personnel/workforce planning and oversight.
For students and mid-career professionals who have already completed a bachelor’s degree, there are graduate programs in cybersecurity that provide general advanced training in key technical areas of the field, as well as master’s programs in cybersecurity management, policy, compliance, leadership, and governance, which combine training in technical aspects of the cybersecurity with coursework that addresses administrative and managerial proficiencies.
Another way to gain training in cybersecurity while developing business and human resource management expertise is through Master of Business Administration (MBA) programs that offer a specialization in cybersecurity. Finally, many schools offer graduate certificate programs in cybersecurity, cybersecurity policy, cybersecurity management, and other specializations within the field. These programs provide graduate training in cybersecurity KSAs without requiring students to commit to completing a full master’s degree curriculum.
Professional Credentials and Certifications in Cyber Personnel/Workforce Planning and Oversight
Another way to cultivate career-oriented cybersecurity skills is through training courses, intensive bootcamps, and professional credentialing programs offered by private for-profit and non-profit industry organizations. There are a number of such groups operating in the cybersecurity sector, including but not limited to the International Council of Electronic Commerce Consultants (EC-Council), the SANS Institute, the International Information System Security Certification Consortium (ISC²), the Computing Technology Industry Association (CompTIA), and ISACA (formerly the Information Systems Audit and Control Association).
Some of the certifications that can be helpful for building KSAs in cyber personnel/workforce planning and oversight are listed below:
- Certified Chief Information Security Officer (CCISO), offered by the EC-Council
- Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC), offered by ISACA
- Certified Information Systems Security Professional (CISSP), offers by ISC²
- Global Information Assurance Certification (GIAC) in Strategic Planning, Policy, and Leadership (GSTRT), GIAC Certified Project Manager (GCPM), and GIAC Security Leadership (GSLC), offered by the SANS Institute’s Global Information Assurance Certification program
- Cybersecurity Analyst (CySA+), offered by CompTIA
- Project Management Professional (PMP), offered by the Project Management Institute (PMI)
Examples of Jobs in Cyber Personnel/Workforce Planning and Oversight
The examples below provide a representative overview of the types of positions for which employers have listed job openings in cyber personnel/workforce planning and oversight. The examples are composites of actual job listings with descriptions and requirements that reflect some of the more common job openings in this area of specialization.
Human Capital Cyber Workforce Solutions Manager
- Primary Responsibilities: Work with clients to find and hire cybersecurity professionals and assemble teams of cybersecurity professionals; and find data-driven solutions to workforce factors affecting clients’ cybersecurity objectives, including how the workforce is organized, how workforce roles are defined, and how to cultivate, engage, and incentivize the workforce.
- Education: Bachelors’ degree required; master’s degree in business, management, technical communication, or a related field preferred.
- Experience: Six or more years in professional consulting inclusive of at least two years working with cyber and data privacy solutions.
- Credentials: Relevant cybersecurity/IT/project management certifications considered in hiring process.
- Technical Proficiencies: Knowledge of the relevant components and functions of IT security organizations, including cloud architecture, application development and delivery, and emerging technologies such as robotic process automation and machine learning; and knowledge of MS Office applications and training development tools.
- Other Attributes: Strong problem-solving skills with the ability to exercise mature judgement; strong research and analytical thinking skills; and strong oral and written communication skills, including presentation skills.
Cyber Strategic Planning and Policy Development Consultant
- Primary Responsibilities: Review client cyber policies for vulnerabilities and areas of risk, and to ensure policies align with relevant regulations, best practices, and industry standards; and assist clients in staffing, training, and workforce planning to mitigate risk and reduce vulnerabilities.
- Education: Bachelor’s degree required.
- Experience: Two or more years of experience briefing clients on technical matters, policy, and functional issues, and two or more years of experience writing/drafting senior-level correspondence to support decision-making.
- Credentials: None specified.
- Technical Proficiencies: Microsoft Office, including Word, Excel, and PowerPoint.
- Other Attributes: Ability to conduct industry research and present research results to clients in writing and verbally; and eligibility for security clearance.
Cybersecurity Strategic Advisor
- Primary Responsibilities: Provide input for content and subject matter expertise regarding critical infrastructure protection and resilience; consult with federal, private sector, and academic entities; partner with communications team to develop cybersecurity content and campaign strategies; identify emerging risks which may impact cyber planning and response; advise public relations and external affairs team on cyber planning and response strategies; and provide subject matter expertise to a multidisciplinary teams that include content strategists, user experience designers, and others.
- Education: Bachelor’s degree required; master’s degree preferred.
- Experience: Ten or more years in cybersecurity or a related field.
- Credentials: None specified.
- Technical Proficiencies: Knowledge of national cybersecurity strategy and policy; familiarity with computer networking concepts and protocols, and network security methodologies; ability to apply risk management strategies; and knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
- Other Attributes: Experience supporting senior-level executives, preferably in technology or science-based industries; and providing cybersecurity content for digital, print, TV, and/or radio, as well as for technology and scientific trade press and journals.
Cyber Workforce Developer
- Primary Responsibilities: Develop cyber workforce plans that address personnel training and education requirements; coordinate with internal and external subject matter experts to ensure existing qualification standards align with functional requirements and meet industry standards; ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices; and establish metrics to monitor cyber workforce readiness and ensure that positions are filled by qualified personnel.
- Education: Bachelor’s degree required.
- Experience: Five or more years of relevant background in adult learning and career development.
- Credentials: PMP and/or CISSP preferred.
- Technical Proficiencies: Comfortable with Microsoft Office and e-learning platforms; and knowledge of basic cybersecurity functional roles and responsibilities, as well as the technologies associated with cybersecurity.
- Other Attributes: Ability to work effectively with a variety of government, military, and contractor personnel at all levels; strong written and verbal communication skills.