Skip to Content

Cybersecurity Competency Model

The Employment and Training Administration (ETA) worked with the Department of Homeland Security and more than 20 federal departments and agencies that make up the National Initiative for Cybersecurity Education (NICE) to develop a comprehensive competency model for the cybersecurity workforce. Technical and subject matter experts from education, business, and industry also contributed to the model's development.

The Cybersecurity Competency Model defines the latest skill and knowledge requirements needed by individuals whose activities impact the security of their organization's cyberspace. The model incorporates competencies identified in the NICE National Cybersecurity Workforce Framework (NCWF) and complements the Framework by including both the competencies needed by the average worker who uses the Internet or the organization's computer network and those needed by cybersecurity professionals.

The NCWF is a reference resource for identifying, recruiting, developing and maintaining cybersecurity talent. The framework provides a common language to categorize and describe cybersecurity work that will help organizations build a strong labor force to protect systems and data. The NCWF was developed by the NIST-led National Initiative for Cybersecurity Education (NICE) with strong leadership from the U.S. Departments of Defense and Homeland Security and is the culmination of many years of collaboration between industry, government and academia.

National Initiative For Cybersecurity Education Logo

In 2019, the Cybersecurity Competency Model was revised to bring it into alignment with the Categories, Specialty Areas, and Work Roles in the new NCWF released in 2017. The revisions also incorporated foundational workplace health and safety skills from the National Institute for Occupational Safety and Health's (NIOSH) Safe • Skilled • Ready Workforce Program designed to help protect America's workforce and create safe, healthy, and productive workplaces. For more information, download the Summary of Changes.

Scroll down to view the industry model selected. OR Click on the left menu bar to select another model.

Download the industry model and worksheets in several formats  Download Image

Cybersecurity Competency Model


Cybersecurity Building Blocks Pyramid

'<strong>1.1 Interpersonal Skills</strong> Displaying the skills to work effectively with others from diverse backgrounds.' '<strong>1.2 Integrity</strong> Displaying strong moral principles and work ethic.' '<strong>1.3 Professionalism</strong> Maintaining a professional presence. ' '<strong>1.4 Initiative</strong> Demonstrating a commitment to effective job performance by taking action on one`s own and following through to get the job done.' '<strong>1.5 Adaptability and Flexibility</strong> Displaying the capability to adapt to new, different, or changing requirements.' '<strong>1.6 Dependability and Reliability</strong> Displaying responsible behaviors at work.' '<strong>1.7 Lifelong Learning</strong> Demonstrating a commitment to self-development and improvement of knowledge and skills.' <strong>2.1 Reading</strong> Understanding written sentences, paragraphs, and figures in work-related documents (with accommodation if necessary). <strong>2.2 Writing</strong> Using standard (business) English to compile information and prepare written documents. <strong>2.3 Mathematics</strong> Using principles of mathematics to express ideas and solve problems. <strong>2.4 Science and Technology</strong> Using scientific rules and methods to express ideas and solve problems <strong>2.5 Communication</strong> Listening, speaking, and signaling so others can understand (with accommodation if necessary). <strong>2.6 Critical and Analytic Thinking</strong> Using logical thought processes to analyze information and draw conclusions. <strong>2.7 Fundamental IT User Skills</strong> Using a computer, communication devices, and related applications to input, retrieve, and communicate information. <strong>3.1 Teamwork</strong> Working cooperatively with others to complete work assignments. <strong>3.2 Planning and Organizing</strong> Planning and prioritizing work to manage time effectively and accomplish assigned tasks. <strong>3.3 Creative Thinking</strong> Generating innovative and creative solutions. <strong>3.4 Problem Solving and Decision-Making</strong> Generating, evaluating, and implementing solutions. <strong>3.5 Working with Tools and Technology</strong> Selecting, using, and maintaining tools and technology to facilitate work activity (with accommodation when necessary). <strong>3.6 Business Fundamentals</strong> Using information on basic business principles, trends, and economics. <strong>3.7 Health and Safety</strong> Supporting a safe and healthy workplace. <strong>4.1 Cybersecurity Technology</strong> The knowledge, skills, and abilities needed to understand the purpose and function of cybersecurity technology, including tools and systems. <strong>4.2 Information Assurance</strong> The standards, procedures, and applications used to protect the confidentiality, integrity and availability of information and information systems. <strong>4.3 Risk Management</strong> The systems, tools, and concepts used to minimize the risk to an organization`s cyberspace and prevent a cybersecurity incident. <strong>4.4 Incident Detection</strong> The knowledge, skills, and abilities needed to identify threats or incidents. <strong>4.5 Incident Response and Remediation</strong> The knowledge, skills, and abilities needed to respond to and remediate an incident, as well as restore functionality to the system or infrastructure. <strong>5.1 Securely Provision</strong> Specialty Areas responsible for conceptualizing, designing, and building secure information technology (IT) systems, with responsibility for aspects of system and network development. <strong>5.2 Operate and Maintain</strong> Specialty Areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security. <strong>5.3 Oversee and Govern</strong> Specialty Areas responsible for providing leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work. <strong>5.4 Protect and Defend</strong> Specialty Areas responsible for identifying, analyzing, and mitigating threats to internal information technology (IT) systems and networks. <strong>5.5 Analyze</strong> Specialty Areas responsible for performing highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence. <strong>5.6 Collect and Operate</strong> Specialty Areas responsible for providing specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence. <strong>5.7 Investigate</strong> Specialty Areas responsible for investigating cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence. Click here to search for O*NET Occupational Competencies Profiles