The global skills and competency framework for the digital world

SFIA skills profiles for cyber security roles / career families

SFIA provides a flexible approach to mapping skills to roles and career families.

Background

The SFIA user community (particularly new adopters) has always had an interest in using a trusted set of SFIA skill profiles ...

  • The primary requirement is to have access to a pre‑defined set of SFIA skills profiles - aligned to common, industry-standard jobs/roles
  • This would then save time and effort in adopting SFIA

Skills profiles

This list lifted from here. We need to decide how many we need to illustrate the SFIA skills profile approach. Also, how many we may categorise elsewhere. Note that this resource provides a summary of "typical duties" of the common job roles which is more than other sources do.

  1. Cyber Security Analyst
  2. Cyber Security Architect
  3. Cyber Security Engineer
  4. Cyber Security Instructor
  5. Cybers Security Manager
  6. Cyber Security Project Manager
  7. Cyber Security Technician
  8. Cyber Security Researcher
  9. DevSecOps Developer
  10. Forensic Computer Analyst
  11. Security Consultant
  12. Incident Responder
  13. Penetration Tester
  14. Risk Adviser
  15. Security and Compliance Auditor

A number of governmental bodies have produced standard profiles which have been mapped to SFIA skills and competency levels (UK Government DDAT, Australian Public Service, EU-ICT profiles)

One of the key design principles of SFIA is that it describes skills and competencies, not jobs. SFIA skills profiles are aligned to job responsibilities - not to a job title. 

As a result, the SFIA Foundation has not created its own standard SFIA skills profiles. This is for two important reasons ...

  1. Job responsibilities need to be aligned to employers' organisation structures and role design. So a SFIA skills profile should be created to match the specific context and organisation design of the employer.
  2. the value which SFIA adopters get by creating their own skills profiles - achieved by a hands-on activity to understand the principles and content of the framework. This helps users achieve and sustain long-lasting benefits from SFIA skills profiles

However - SFIA has an extensive global use and a continuous flow of new users.

  • This has inevitably meant an increase in the demand for good practice guidance.
  • This interest comes from individuals, employers, professional bodies, educational establishments, national and international bodies.
  • They want to use SFIA (the de-facto global standard) to support a wide range of skills management activities.
  • SFIA skills profiles are a key component of many of these uses (see Use Case section below).