The explosion of laws related to cybersecurity and data privacy has led to a surge in cybersecurity jobs. Recent data shows the U.S. has almost 500,000 open positions in cybersecurity. But how do you find these jobs? More importantly, how do you obtain the necessary skills to enter and advance in specific roles?
One key tool for understanding jobs in the industry is a framework developed by the National Initiative for Cybersecurity Education (NICE), a division of the U.S. Department of Commerce. The NICE framework, also called the workforce framework for cybersecurity, catalogs the categories and specialty areas of cybersecurity jobs, including specific job roles and their corresponding skill sets.
Understanding the NICE framework helps you chart your career path. It also aids your job search; speaking knowledgeably about the framework shows your knowledge of and engagement with the industry. Understanding the framework gives you common terminology for talking with potential employers about the value you can bring to an organization.
A Framework for Cybersecurity Jobs and Skill Sets
The NICE framework breaks down the jobs available in the cybersecurity industry and the skills required to perform those jobs. The framework is complex, but the payoff for taking time to study its structure is significant. (See us explain it in a webinar.) By understanding how the pieces of the NICE framework come together, you establish a map of your potential career path.
The framework helps you assess your skills and the areas in which you want to build or further develop your capabilities and expertise. Additionally, if you’re managing an organization, the NICE framework provides a robust multidisciplinary approach for considering the skill sets your organization needs to function well.
We discussed how to navigate the NICE framework in a webinar with Professor Brian Ray, director of CSU College of Law’s Center for Cybersecurity Protection and founder of the MLS program, and with Spence Witten, a cybersecurity consultant and faculty member and how the training we provide in Cleveland State University College of Law’s Master of Legal Studies (MLS) in Cybersecurity and Data Privacy program prepares you for these careers. Professors Ray and Witten reviewed examples of job categories and specific roles within those categories, including the following:
Examples of Job Categories and Specific Roles
- Legal advice and advocacy is a speciality area within the framework. Jobs in this category provide leadership so an organization can effectively conduct cybersecurity work. Within this speciality, cyber legal advisor or privacy compliance manager are two typical roles. Importantly, roles within the legal advice and advocacy category are not exclusively performed by lawyers.
At the top of an organization, for example, a chief privacy officer may or may not be a lawyer. The people below a chief privacy officer within an organization typically perform compliance work across a range of regulations. Driven by an explosion of new laws involving data privacy, this job category is an area of high growth. - Training, education, and awareness is another speciality area within the framework. As with other categories, jobs within this area require the blend of technical, legal, and business knowledge that the CSU College of Law MLS program provides.
For example, a cyber instructional curriculum developer develops courses about cybersecurity. This role requires competency with the relevant laws, including the technical aspects of laws. It also requires the ability to map the specific requirements of laws to the controls an organization implements to meet compliance requirements. As with other jobs, the framework provides an extremely comprehensive collection of the capabilities required to perform in this role. - The risk management specialty area is another that is widely applicable to most organizations, and where the CSU College of Law MLS program provides solid preparation. Typical jobs within this category include authorizing official, which refers to the person who is ultimately accountable for the security of an organization’s IT infrastructure. Security control assessor is another typical role; this person conducts independent comprehensive assessments of an organization’s IT system.
Developing the Required Technical, Legal, and Business Expertise
The requirements of the roles in the NICE framework reflect the knowledge and skills you gain in the CSU College of Law MLS program. You do not need to be a lawyer to fill the roles we discuss in the webinar or many of the rewarding roles in the field, but you need the legal knowledge to understand the regulatory environment in which you work, regardless of industry–even in a small family business or small startup. You must understand the key regulatory requirements that impact your organization’s systems and the day-to-day operations of the people who use it. Finally, beyond the legal skills, you need technical competency to understand your IT operation.
Even if you enter the MLS program with no technical experience, the MLS program equips you with the technical skills you need and the ability to continue to grow your technical expertise in a constantly changing environment. (To learn more about our curriculum, see Curriculum Page.)
For more information about other job categories and roles, and for details about the program, see our webinar.
CSU College of Law’s Master of Legal Studies in Cybersecurity and Data Privacy
CSU College of Law’s innovative online Master of Legal Studies (MLS) in Cybersecurity and Data Privacy takes an integrative approach to education, preparing professionals to understand the technical and business dimensions of cybersecurity and privacy as well as current laws and regulations.
The part-time and fully online program is led by faculty from the Center for Cybersecurity and Privacy Protection at Cleveland State University College of Law and other leading practitioners in the field, with a focus on relevant, real-world experience. The MLS degree is designed for professionals who need to understand the significant legal and business risks posed by cybersecurity and data privacy. The program prepares graduates with the knowledge and necessary skills to enter these fast-growing fields and to advance to senior positions within organizations.