When the commercial internet was young, IT structure was relatively simple. Today, though, growing complexity is one of IT’s biggest security challenges. The more complex the system, the greater the attack surface. It is much easier now to hide multi-pronged attacks in different layers and parts of the IT infrastructure. Virtual machines, BYOD, “-aaS” environments, hyper-connectivity, automation and professional cybercriminals have created an onslaught of vulnerabilities that yesterday’s cybersecurity cannot address. Organizations need a multi-pronged security approach, and this is best accomplished in the context of teams.

Teamwork: what cybersecurity needs now

Cybersecurity jobs have seen a growth spurt that is reflected in the new federal NICE Cybersecurity Workforce Framework (NCWF) due to its new recommended roles and responsibilities. One of the big takeaways from this latest model is the need for teams. Cybersecurity is much too big a task now for just one lone defender.

These jobs are growing three times faster right now than IT jobs in general, and 12 times faster than the overall job market. In a 10-year period, cybersecurity jobs grew 74 percent. That growth continues to accelerate.

By 2019, just two years from now, organizations will face a global shortfall of 1.5 million cybersecurity trained workers. This crunch has boosted cybersecurity job salaries 9 percent higher than other IT professional positions. Hiring qualified, trained cybersecurity professionals is a huge challenge. That’s why more than one-third of employers ask job candidates for industry certifications.

In the U.S. Department of Defense’s 8750 directive, each job role has a set of certifications designed to help show that a person has the minimal amount of training, knowledge, skills and abilities to perform that role. Security certifications are now also being mapped into NCWF, too.

A significant number of the new categories jobs in cybersecurity reflected in the security specialty areas of the NCWF framework have some operations aspect. In the real world, many jobs may overlap multiple specialty areas, and may be covered at least in part by the same certifications. For example, a Computer / Network Defense job role may include elements of detection, response, forensic investigation, or “clean up” activities, depending on the person’s skills and the size of their team.

While the NCWF framework was developed for the federal government, it may also be suited for large enterprise organizations that can support security departments numbering in the hundreds. For smaller businesses or organizations, this large-scale framework can be overwhelming, especially considering that many of the many of the job roles must be staffed 24/7. This means organizations need multiple people to fill each functional area. 

What security teams can look like now

Smaller organizations should look at a simplified model to get a handle on staffing the security team and covering all the bases. A simplified model provides a great starting point to helping management understand how to meet the entire spectrum of their security needs.

The model begins with breaking down security job functions into four teams or groups.

Group One is comprised of CISOs, CSOs, executives, and managers. Their job is to:

  • Understand regulatory and legal compliance.
  • Understand business risks, priorities and tradeoffs.
  • Set budgets, and organizational priorities and policies.

Group Two is staffed by security architects. They:

  • Set security strategy.
  • Understand and evaluate new and existing security technologies.
  • Design security controls to meet requirements and budgets.
  • Define and revise security architecture and controls.
  • Define security procedures and best practices.
  • Frequently also hire and build out the rest of the security team.

Group Three is made up of security engineers, technicians and administrators. Their goals are to:

  • Deploy new systems using best practices and architect guidelines.
  • Build out and implement the security architecture.
  • Respond to requests from the architect and security operations, making changes to existing security controls as needed.

Group Four is security operations. This is frequently the front lines of information security. The job of this group is to:

  • Ensure security equipment operates effectively/properly.
  • Detect security attacks and events.
  • Analyze security events.
  • Respond to and investigate security attacks or events.
  • Mitigate/clean up after security breaches.

How many team members will an organization need? It will depend on the organization’s specific situation. The common denominator for all organizations, though, is the need for team members to keep their security skills current, and have a training and development program in place for their team members to grow their skills and keep current with the latest threats and security technologies. With the global shortfall of cybersecurity skills, a robust talent development program can incentivize employees to remain on board. A team with the appropriate and up-to-date training and certifications will be an effective team that is equipped to meet present and future security challenges.

Want to learn more about how to get the skill sets needed to meet these challenges? Visit the Cisco Learning Network.


Tom Gilheany

Product Manager