Skip to Content

Cybersecurity Competency Model

The Employment and Training Administration (ETA) has worked with the Department of Homeland Security and the more than 20 federal departments and agencies that make up the National Initiative for Cybersecurity Education (NICE) to develop a comprehensive competency model for cybersecurity. Technical and subject matter experts from education, business, and industry also contributed to the model's development.

The DOL Cybersecurity Industry Model defines the latest skill and knowledge requirements needed by individuals whose activities impact the security of their organization's cyberspace. The model incorporates competencies identified in the NICE National Cybersecurity Workforce Framework and complements the Framework by including both the competencies needed by the average worker who uses the Internet or the organization's computer network, as well as cybersecurity professionals. The ETA model will be updated to reflect future changes to the Framework.

NEW NIST has released a new draft NICE Cybersecurity Workforce Framework (NCWF) and is soliciting public comment. Comments are due by January 6, 2017. The NCWF is a reference resource for identifying, recruiting, developing and maintaining cybersecurity talent. The framework provides a common language to categorize and describe cybersecurity work that will help organizations build a strong labor staff to protect systems and data. NCWF was developed by the NIST-led National Initiative for Cybersecurity Education (NICE) with strong leadership from the U.S. Departments of Defense and Homeland Security and is the culmination of many years of collaboration between industry, government and academia. The draft framework can be found here.

National Initiative For Cybersecurity Education Logo

Scroll down to view the industry model selected. OR Click on the left menu bar to select another model.

Download the industry model and worksheets in several formats  Download Image

Cybersecurity Competency Model

Cybersecurity Building Blocks Pyramid

'<strong>Interpersonal Skills</strong> Displaying the skills to work effectively with others from diverse backgrounds.' '<strong>Integrity</strong> Displaying strong moral principles and work ethic.' '<strong>Professionalism</strong> Maintaining a professional presence. ' '<strong>Initiative</strong> Demonstrating a commitment to effective job performance by taking action on one`s own and following through to get the job done.' '<strong>Adaptability and Flexibility</strong> Displaying the capability to adapt to new, different, or changing requirements.' '<strong>Dependability and Reliability</strong> Displaying responsible behaviors at work.' '<strong>Lifelong Learning</strong> Demonstrating a commitment to self-development and improvement of knowledge and skills.' <strong>Reading</strong> Understanding written sentences, paragraphs, and figures in work-related documents (with accommodation if necessary). <strong>Writing</strong> Using standard (business) English to compile information and prepare written documents. <strong>Mathematics</strong> Using principles of mathematics to express ideas and solve problems. <strong>Science and Technology</strong> Using scientific rules and methods to express ideas and solve problems <strong>Communication</strong> Listening, speaking, and signaling so others can understand (with accommodation if necessary). <strong>Critical and Analytic Thinking</strong> Using logical thought processes to analyze information and draw conclusions. <strong>Fundamental IT User Skills</strong> Using a computer, communication devices, and related applications to input, retrieve, and communicate information. <strong>Teamwork</strong> Working cooperatively with others to complete work assignments. <strong>Planning and Organizing</strong> Planning and prioritizing work to manage time effectively and accomplish assigned tasks. <strong>Creative Thinking</strong> Generating innovative and creative solutions. <strong>Problem Solving and Decision-Making</strong> Generating, evaluating, and implementing solutions. <strong>Working with Tools and Technology</strong> Selecting, using, and maintaining tools and technology to facilitate work activity (with accommodation when necessary). <strong>Business Fundamentals</strong> Using information on basic business principles, trends, and economics. <strong>Cybersecurity Technology</strong> The knowledge, skills, and abilities needed to understand the purpose and function of cybersecurity technology, including tools and systems. <strong>Information Assurance</strong> The standards, procedures, and applications used to protect the confidentiality, integrity and availability of information and information systems. <strong>Risk Management</strong> The systems, tools, and concepts used to minimize the risk to an organization`s cyberspace and prevent a cybersecurity incident. <strong>Incident Detection</strong> The knowledge, skills, and abilities needed to identify threats or incidents. <strong>Incident Response and Remediation</strong> The knowledge, skills, and abilities needed to respond to and remediate an incident, as well as restore functionality to the system or infrastructure. <strong>Securely Provision Systems</strong> Specialty Areas responsible for conceptualizing, designing, and building secure information technology (IT) systems, with responsibility for some aspect of the systems` development. <strong>Operate and Maintain IT Security</strong> Specialty Areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security. <strong>Protect and Defend from Threats</strong> Specialty Areas responsible for identifying, analyzing, and mitigating threats to internal information technology (IT) systems or networks. <strong>Investigate Threats</strong> Specialty Areas responsible for investigating cyber events or crimes of information technology (IT) systems, networks, and digital evidence. <strong>Collect Information and Operate Cybersecurity Processes</strong> Specialty Areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence. <strong>Analyze Information</strong> Specialty Areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence. <strong>Oversee and Govern Cybersecurity Work</strong> Specialty Areas responsible for providing leadership, management, direction, or development and advocacy so that the organization may effectively conduct cybersecurity work. Click here to search for O*NET Occupational Competencies Profiles