Briefing for employers

What is the focus of CyBOK?

CyBOK is a structured guide to body of cyber security knowledge aimed primarily at cyber security education curriculum development. It captures the principles, theories, and concepts that underpin the discipline.

• For example, its cryptography section explains why different algorithms are secure and how they fail.
• This depth of conceptual knowledge is valuable for roles such as researchers, security architects, and advanced practitioners.
• Organisations might adopt CyBOK as internal guidance, particularly those with research teams or regulatory pressures. Others may see it as a useful reference but not directly actionable.

Points for employers to consider:

• Which of your roles genuinely need this depth of conceptual knowledge, and where might a lighter touch be sufficient?

What other knowledge types mains are needed?

Most cybersecurity roles require a mix of knowledge types:

• Procedural knowledge: knowing how to follow steps, use tools, and perform defined tasks.
• Declarative or conceptual knowledge: knowing about systems, frameworks, and principles — the “why” that sits behind procedures.
• Conditional knowledge: knowing when and why to act, making decisions, using judgment in context.
• Illustration: A SOC analyst might decide when to escalate an unusual alert (bounded conditional knowledge). A CISO may decide when to accept a business risk to enable growth (strategic conditional knowledge).

The blend shifts across levels of responsibility. As an illustration:

• Entry-level roles tend to draw more on procedural knowledge (e.g. SOC analysts following runbooks).
• Mid-level roles need more declarative understanding to adapt or improve approaches (e.g. incident handlers).
• Senior roles depend on conditional judgment to balance business and security priorities (e.g. CISOs).

These knowledge types evolve over time.

• Early-career professionals rely more on procedural knowledge to perform defined tasks.
• As experience grows, they apply conceptual knowledge to adapt and improve processes, and eventually use conditional judgement to make context-sensitive decisions.
• This mirrors how individuals move through SFIA levels — not because their learning has changed, but because their responsibility, autonomy, and influence increase as their knowledge is tested in practice.

What is the focus of SFIA, and how can it help?

SFIA is a practical framework for describing what people do at different levels of responsibility. It does not prescribe one “right” route, but it helps organisations frame their own.

Employers use SFIA to apply a skills-based approach to:

• design role descriptions that match their strategic and operational needs
• define multiple entry routes (graduates, apprenticeships, career changers, self-taught practitioners)
• map career progression – vertical and horizontal – between specialisms and levels of responsibility, accountability and impact

Points for employers to consider:

• Where could SFIA help you identify roles that do not need degree-level knowledge but do need procedural skills? Where does your organisation need to grow conditional decision-making capacity at senior levels?
• Employers often say they want graduates who can “hit the ground running.” In practice, this should be mean individuals who can apply their knowledge productively, adapt quickly, and learn in context — not those who already operate with full professional autonomy. 
• SFIA helps clarify these expectations by describing how responsibility and autonomy grow over time. Higher education can provide conceptual knowledge and some procedural readiness; employers provide the experience and mentoring that develop conditional judgement. The result is a shared pathway from learning to professional maturity.

Bringing CyBOK and SFIA together

Neither framework is complete on its own.

• CyBOK maps the knowledge terrain.
• SFIA maps the skills and professional responsibilities terrain.

Used together, they can help you:

• clarify knowledge depth requirements for specialist or senior roles
• identify alternative entry routes for operational roles
• design learning pathways that blend “knowing how” with “knowing why” and eventually “knowing when”

Illustration: Employers might decide that their SOC analyst roles are open to non-graduates through procedural training and certifications, while security architect roles benefit from graduates with deeper CyBOK-based conceptual knowledge. SFIA provides the structure for both. You may also provide upskilling routes for SOC analysts who have demonstrated their aptitude and potential to security architect roles, using alternative routes in place of a degree.

• assess whether degrees are always essential for entry-level roles, or if practical skills and mentoring could provide effective alternatives
• identify where conditional judgement may be a bottleneck within the organisation and plan how to develop it
• explore how mapping CyBOK’s knowledge areas to SFIA roles could clarify career pathways
• look for opportunities to widen the talent pool by recognising skills gained through non-traditional routes

Illustrating the knowledge requirements for cyber security professionals at different SFIA levels

The following examples provide a simplified view of how the balance of knowledge shifts across SFIA levels. They illustrate how expectations evolve in line with the scope and required impact of roles.