This is the third of the six articles in our series from Learning Tree instructor Aaron Kraus on the NICE Cybersecurity framework and common challenges many organizations face while maintaining vital cybersecurity skills and resources.
Typical Roles/Skills for this Category
NICE lists typical roles or titles for staff working in the Operate and Maintain category. All organizations are different, so these are examples and not prescriptive, i.e., not all organizations will have these particular jobs, titles, or roles, and they may be combined with other functions, outsourced, or not performed if they are not required. However, the sample roles from the NICE documentation, as well as definitions and typical skills that individuals in these roles might need, are listed below:
Database Administrator, System Administrator
Any admin role requires a user with advanced skills and knowledge of the particular system and is often preceded by the vendor or platform in which the user's skills are concentrated, such as Oracle DBA, Windows sysadmin, Linux administrator, etc. In larger organizations, there may be a team of multiple administrators for a given platform. At the same time, a single IT person is charged with administering multiple system types in many smaller shops.
Knowledge Manager, Data Analyst, Systems Security Analyst
Analysts are typically charged with evaluating some data and making it sound or valuable, such as reviewing business intelligence information and identifying critical trends or opportunities. Knowledge managers exhibit multidisciplinary skills in identifying, extracting, sharing, and using knowledge. They are often found in larger organizations where processes or systems are so complex that no single individual has a complete picture.
Technical Support Specialist, Network Operations Specialist
Tech and network support are the backbones of most organizations due to our reliance on computer systems and the ability to send and share data. As a result, support specialists often need hands-on experience installing, troubleshooting, and maintaining equipment, including workstations, IT services, and network equipment. However, the recent shift to cloud computing has meant many of these tasks are now performed virtually.
Operations and maintenance can be challenging due to the inherent focus on operations rather than security - that is, the motto is often "keep things up and running" rather than "keep things secure." In addition, configuration management continues to be an issue once resources have been provisioned, as settings are likely to change over time which can introduce vulnerabilities into a previously secured system.
Most security activities occur during the Operations & Maintenance phase of the System Lifecycle (SLC), which overlaps with the Operate & Maintain and Protect & Defend NICE categories. This includes activities like vulnerability and patch management, risk assessment, continuous monitoring, audits and assessments, and de-provisioning at the end of the system's useful life. Ensuring that security operations are maintained, adequate skills exist in the organization, and changes to the threat landscape are understood and addressed are all challenges organizations must counter. One of the biggest evolving challenges is the increasingly vendor-specific skillsets administrators may possess, e.g., an admin with advanced Google Cloud Platform (GCP) skills may not be able to perform at the same level in an organization using Amazon Web Services (AWS) without learning AWS-specific tools.
Skills Development Opportunities
Most skills required to operate and maintain systems will be universal, such as Windows system administration which is essentially the same from one organization to the next. As mentioned, cloud vendor-specific skills may need to be developed, but the major Cloud Service Providers (CSPs) have robust certification programs designed to build the requisite skills. Some learning paths which can be helpful in developing these skills include:
- Administrative skills for major CSPs, including AWS, and also administrating Azure.
This piece was originally posted on Oct 09, 2020, and has been refreshed with updated styling.