Continuing from Step 1 (check it out first if you haven’t already), let us begin with diving deeper into the public sector perspective. If you wish to follow along, we begin our journey at this link.
If you clicked the link, you will find yourself at the home page for the DoD Cyber Workforce Framework (DCWF), that lists the 7 categories as interactive objects to further explore. Towards the top, you will find a link titled “Elements Map”, or you can follow this link instead. You will be shown the same 7 categories previously seen, but this time with more refined detail as to the work roles contained within each. This is where the exciting stuff lies!
At this point I would greatly encourage you to read through each of the listed work roles (recall that we mentioned these in Step 1). Work roles can best be interpreted by the generic or typical functional job titles that you may see in public/private sector job postings. I would like to add that it is not just a one-to-one correlation. Given the company or industry, the same work role can go by different names. This is part of the issue that I have come to discover within cybersecurity – standardization. The frameworks mentioned in Step 1 are an attempt to describe standard terms that any industry/company can use. By creating work roles that are composed of various pre-defined KSATs, the guesswork should be greatly reduced as to the expectations for someone filling the job.
To refresh your memory, work roles are composed of KSATs – knowledge, skills, abilities and tasks. Think of KSATs as the 4 walls that hold up the roof (the work role). You need all 4 to properly hold up the roof, and much like actual homes, the roof may be slightly different, but there are many commonalities with how the walls are constructed to hold it up.
Enough with the analogies and let us continue to discover an area of interest. You may select any of the work roles if you so choose, especially if one caught your attention and you find it intriguing. As I have already been down this path and have discovered a work role that I find interesting, I will use that for this example. Scroll down to the second row titled “Cybersecurity” and find the work role “Security Architect 652”. You will then come to a page with much more detail, and at the top will have the work role (Security Architect) along with the ID, a 3-digit number. The work role ID is important, especially if you are using or plan to use government websites to apply for jobs. With this work role ID, you can use that 3-digit number to facilitate your searches on the government website.
Scrolling down a bit more you will come across the Qualification matrix. For now, we will skip over this section as we don’t want to get bogged down by this tangential detail as we are exploring. Continue scrolling and you will come to the section which describes the KSATs. Here is what we have been searching for!
A note about the Core KSATs. Going back to the analogy with the 4 walls, think of the Core KSATs as the concrete foundation on which the walls sit. These are ones that are essential and appear listed in many work roles. Core KSATs with an asterisk (*) are even more foundational and appear on all work roles.
On the right-hand side is where we are finally able to read through the various KSATs and get detailed descriptions of what we can expect to perform/know for the chosen work role. As one final example, let’s scroll down a bit until we find KSAT 79. This is listed as knowledge that is required for the work role, and I would agree. The description states “Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).”
If you are like me and prefer a more interactive, visual way to view much of the same information, visit this link which will take you to a CISA.gov website. Scrolling down a bit will bring you to the interactive tool in which you can select work roles and see how they relate to other work roles.
At this point, I will let you and your eager mind continue exploring this new found website. As a final parting thought, I would encourage you to read through many of them and hone in on one that you find most interesting. Before I see you in Step 3, I would encourage you to select one you find most interesting, so we can dive a bit deeper still. Don’t worry if the work role ID is a large number. Typically, a larger number indicates a more senior role. We will use this to our advantage in Step 3 as we begin to build a roadmap, tailored for you, to attain that role. As a small spoiler, Step 3 will focus on aggregating the KSATs for the chosen role and methodically going through and identifying gaps that you may have. Creating an excel sheet that allows you to filter the KSAT column is advantageous. Don’t view these gaps as a negative, but instead to be targeted in the selection of training courses and certifications you pursue to ensure what you are learning is applicable to the role you wish to fill.