This is the third of the six articles in our series from Learning Tree instructor Aaron Kraus on the NICE Cybersecurity framework and common challenges many organizations face when trying to maintain vital cybersecurity skills and resources.
Typical Roles/Skills for this Category
NICE provides a listing of typical roles or titles for staff working in the Operate and Maintain category. Obviously all organizations are different so these are examples and not prescriptive, i.e., not all organizations will have these particular jobs, titles, or roles, and they may be combined with other functions, outsourced, or not performed if they are not required. The sample roles from the NICE documentation, as well as definitions and typical skills that individuals in these roles might need, are listed below:
- Database Administrator, System Administrator:
- Any type of admin role requires a user with advanced skills and knowledge of the particular system, and is often preceded with the vendor or platform the user's skills are concentrated in, such as Oracle DBA, Windows sysadmin, Linux administrator, etc. In larger organizations these may be a team of multiple administrators for a given platform, while in many smaller shops a single IT person is charged with administering multiple system types.
- Knowledge Manager, Data Analyst, Systems Security Analyst:
- Analysts are typically charged with evaluating some data and making it useful or valuable, such as reviewing business intelligence information and identifying critical trends or opportunities. Knowledge managers exhibit multidisciplinary skills in identifying, extracting, sharing, and using knowledge, and are often found in larger organizations where processes or systems are so complex that no single individual has a complete picture.
- Technical Support Specialist, Network Operations Specialist:
- Tech and network support is the true backbone of most organizations, due to our reliance on computer systems and the ability to send and share data. Support specialists often need hands-on experience installing, troubleshooting, and maintaining equipment including workstations, IT services, and network equipment, though the recent shift to cloud computing has meant many of these tasks are now performed virtually.
Operations and maintenance can be challenging due to the inherent focus on operations rather than security - that is to say, the motto is often "keep things up and running" rather than "keep things secure". Configuration management continues to be an issue once resources have been provisioned, as settings are likely to change over time which can introduce vulnerabilities into a previously secured system.
The majority of security activities occur during the Operations & Maintenance phase of the System Lifecycle (SLC), which overlaps with the Operate & Maintain and Protect & Defend NICE categories. This includes activities like vulnerability and patch management, risk assessment, continuous monitoring, audits and assessments, and de-provisioning at the end of the system's useful life. Ensuring that security operations are maintained, adequate skills exist in the organization, and changes to the threat landscape are understood and addressed are all challenges organizations must counter. One of the biggest evolving challenges is the increasingly vendor-specific skillsets administrators may possess, e.g., an admin with advanced Google Cloud Platform (GCP) skills may not be able to perform at the same level in an organization using Amazon Web Services (AWS) without learning AWS-specific tools.
Skills Development Opportunities
Most skills required to operate and maintain systems will be universal, such as Windows system administration which is largely the same from one organization to the next. As mentioned, cloud vendor specific skills may need to be developed, but the major Cloud Service Providers (CSPs) have robust certification programs designed to build the requisite skills. Some learning paths which can be useful for developing these skills include: