Page 45 - Cyber Warnings
P. 45
Consequently, organizations everywhere face a global shortfall of 1.5 million cybersecurity
trained workers by 2019. Hiring qualified, trained cybersecurity professionals is a huge
challenge. That’s why more than one-third of employers ask job candidates for industry
certifications.
Under the DoD 8750 framework, each job role has a set of certifications designed to help show
that a person has the minimal amount of training to perform that role. New certifications are now
also being mapped into the NCWF, where a large percentage of the new security specialty
areas have some security operations aspect. Many real-life jobs may overlap several specialty
areas and may be covered at least in part by the same certifications.
Although developed for the U.S. federal government, the NCWF framework may also be suited
for large enterprises supported by security departments numbering in the hundreds. For smaller
businesses or organizations, this large-scale framework can be overwhelming.
A simplified security team model
To get a handle on staffing the security team and covering all the bases, smaller organizations
should look at a simplified model. A simplified model provides a great starting point to helping
management understand how to meet the entire spectrum of their security needs.
Start by breaking down security job functions into four branches:.
The first branch includes CISOs, CSOs, executives and managers. In some cases, this may be
comprised of just one person. The job of this branch is to:
• Set budgets and organizational priorities and policies.
• Understand regulatory and legal compliance.
• Understand business risks, priorities and tradeoffs.
The second branch is made up of security architects. They:
• Understand and evaluate new and existing security technologies.
• Design security controls to meet requirements and budgets.
• Define and revise security architecture and controls.
• Define security procedures and best practices.
• Frequently also hire and build out the rest of the security team.
• Set security strategy.
45 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
