Nicholas Zahansky
June 10, 2022
A question I commonly get asked is what certifications to go for or what kinds of projects someone should undertake. Unfortunately, there is no one golden rule that says if you do x then you are guaranteed a job. However, there are tools that exist that can help you determine what to look for in a project or certification. One such tool is the NATIONAL INITIATIVE FOR CYBERSECURITY CAREERS AND STUDIES (NICCS) Cyber Career Pathway Tool (NICCS, 2022).
This tool is great for helping those interested in cybersecurity figure out a path that lands them in a role they are interested in. It is great for finding projects that support skills needed for a specific role. It helps you get an idea of what skills you should be mastering, helps you identify where you might need to educate yourself, and identify potential filler roles.
Using the Cyber Career Pathway Tool, we can select a specific role that reveals to us some useful details about that specific role. Using the Systems Security Analyst role as an example, it tells us a brief description of the role with some other related functional titles used to describe the same role, such as Cybersecurity Analyst. Figure 1.1 shows an example of this pane.
Figure 1.1: Selected Role Systems Security Analyst (NICCS, 2022)
In the left-hand pane, there are some roles that are related to the Systems Security Analyst role. Clicking the tasks tab in the middle column changes the right-hand column to reveal different tasks that are categorized as core tasks, additional tasks, and tasks not included in the initial analysis to determine if it is core or additional to the work role. This is a good area to begin thinking about whether these tasks are something we are really interested in doing on a day-to-day basis.
Moving down to the third tab, labeled KSAs, brings us to some sub tabs labelled knowledge, skills, and abilities. If we have determined that this is a role we would like to pursue, then this is the area we can use to tailor a path to this specific role. We can map these KSAs back to very specific actions to streamline what we need to be focusing on. For example, K0001, Knowledge of computer networking concepts and protocols, and network security methodologies, is considered a core knowledge area for the Systems Security Analyst role. This might suggest that taking on the CompTIA Network+ exam as a potential route to exemplifying our understanding of these concepts.
Using the skills and abilities tab in the same manner guides us to things we should be learning and practicing. S0147 Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.), suggests that it is probably a good idea to become familiar with these documents. Most of which can be found here https://alphagradacademy.com/Cyber_Playbook.html.
While these are all suggestions that point us more towards bookwork, they can also help guide us to personal projects which, can help enhance our abilities and showcase what we know. For example, using K0339 Knowledge of how to use network analysis tools to identify vulnerabilities, another core knowledge area for a Systems Security Analyst, we can identify a potential project to pursue, that is setting up a testing environment and practicing using tools such as wireshark.
This is just a brief look at what the Cyber Career Pathway tool has to offer and only scratches the surface of the usefulness of a tool like this. I hope that you are able to use this tool in the ways I have mentioned, and perhaps you may discover other ways in which you can utilize this amazing tool.
NICCS. (2022). Cyber Career Pathways Tool. National Initiative for Cybersecurity Careers and Studies. Retrieved June 3, 2022, from https://niccs.cisa.gov/workforce-development/cyber-career-pathways