OG-WRL-003
Cybersecurity Workforce Management OPM Code: 751

Provides leadership, management, direction, and advocacy so the organization may effectively manage cybersecurity-related risks to the enterprise and conduct cybersecurity work.

Responsible for developing cybersecurity workforce plans, assessments, strategies, and guidance, including cybersecurity-related staff training, education, and hiring processes. Makes adjustments in response to or in anticipation of changes to cybersecurity-related policy, technology, and staffing needs and requirements. Authors mandated workforce planning strategies to maintain compliance with legislation, regulation, and policy.

Code Description Work Roles
T0116 Identify organizational policy stakeholders 1
T0226 Serve on agency and interagency policy boards 2
T0437 Correlate training and learning to business or mission requirements 2
T1020 Determine the operational and safety impacts of cybersecurity lapses 37
T1022 Review enterprise information technology (IT) goals and objectives 9
T1025 Implement organizational training and education policies and procedures 3
T1028 Research new vulnerabilities in emerging technologies 2
T1036 Integrate leadership priorities 6
T1038 Integrate organization objectives in intelligence collection 6
T1056 Acquire resources to support cybersecurity program goals and objectives 4
T1059 Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements 5
T1060 Advise senior management on organizational cybersecurity efforts 5
T1088 Communicate the value of cybersecurity to organizational stakeholders 4
T1107 Evaluate functional requirements 4
T1113 Develop the enterprise continuity of operations strategy 3
T1114 Establish the enterprise continuity of operations program 3
T1158 Develop cybersecurity implementation policies and guidelines 2
T1184 Establish stakeholder communication channels 2
T1185 Maintain stakeholder communication channels 3
T1227 Manage cybersecurity budget, staffing, and contracting 8
T1306 Conduct technology program and project audits 7
T1335 Promote cybersecurity awareness to management 6
T1336 Verify the inclusion of sound cybersecurity principles in the organization's vision and goals 6
T1357 Determine if cybersecurity requirements have been successfully implemented 4
T1358 Determine the effectiveness of organizational cybersecurity policies and procedures 4
T1394 Develop independent cybersecurity audit processes for application software, networks, and systems 7
T1395 Implement independent cybersecurity audit processes for application software, networks, and systems 7
T1396 Oversee independent cybersecurity audits 7
T1397 Determine if research and design processes and procedures are in compliance with cybersecurity requirements 7
T1398 Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities 7
T1436 Acquire adequate funding for cybersecurity training 2
T1446 Conduct learning needs assessments 3
T1447 Identify training requirements 3
T1449 Determine if qualification standards meet organizational functional requirements and comply with industry standards 1
T1450 Allocate and distribute human capital assets 2
T1459 Develop standardized cybersecurity position descriptions using the NICE Framework 1
T1460 Develop recruiting, hiring, and retention processes 1
T1461 Determine cybersecurity position requirements 1
T1462 Develop cybersecurity training policies and procedures 3
T1464 Determine if cybersecurity workforce management policies and procedures comply with legal and organizational requirements 2
T1466 Establish cybersecurity workforce readiness metrics 1
T1467 Establish waiver processes for cybersecurity career field entry and training qualification requirements 1
T1468 Establish organizational cybersecurity career pathways 1
T1469 Develop cybersecurity workforce reporting requirements 1
T1470 Establish cybersecurity workforce management programs 1
T1471 Assess cybersecurity workforce management programs 1
T1476 Promote awareness of cybersecurity policy and strategy among management 6
T1478 Determine cybersecurity career field qualification requirements 1
T1479 Determine organizational policies related to or influencing the cyber workforce 1
T1482 Conduct cybersecurity workforce assessments 2
T1483 Integrate cybersecurity workforce personnel into information systems life cycle development processes 1
T1492 Integrate laws and regulations into policy 3
T1518 Develop organizational cybersecurity strategy 3
T1543 Develop cybersecurity policies and procedures 3
T1552 Identify cyber workforce planning and management issues 3
T1553 Address cyber workforce planning and management issues 3
T1605 Advise management, staff, and users on cybersecurity policy 2
T1623 Develop supply chain cybersecurity risk management policy 1
Code Description Work Roles
K0640 Knowledge of the organizational cybersecurity workforce 2
K0644 Knowledge of cybersecurity operation policies and procedures 5
K0648 Knowledge of career paths 1
K0649 Knowledge of organizational career progressions 1
K0652 Knowledge of workforce trends 1
K0674 Knowledge of computer networking protocols 40
K0675 Knowledge of risk management processes 41
K0676 Knowledge of cybersecurity laws and regulations 41
K0677 Knowledge of cybersecurity policies and procedures 41
K0678 Knowledge of privacy laws and regulations 41
K0679 Knowledge of privacy policies and procedures 41
K0680 Knowledge of cybersecurity principles and practices 40
K0681 Knowledge of privacy principles and practices 40
K0682 Knowledge of cybersecurity threats 40
K0683 Knowledge of cybersecurity vulnerabilities 40
K0684 Knowledge of cybersecurity threat characteristics 40
K0691 Knowledge of cyber defense tools and techniques 7
K0692 Knowledge of vulnerability assessment tools and techniques 7
K0743 Knowledge of new and emerging technologies 15
K0751 Knowledge of system threats 40
K0752 Knowledge of system vulnerabilities 40
K0754 Knowledge of resource management principles and practices 7
K0773 Knowledge of telecommunications principles and practices 14
K0803 Knowledge of supply chain risk management principles and practices 17
K0818 Knowledge of new and emerging cybersecurity risks 6
K0820 Knowledge of supply chain risks 18
K0825 Knowledge of threat vector characteristics 6
K0828 Knowledge of supply chain risk management standards and best practices 16
K0831 Knowledge of network attack vectors 8
K0838 Knowledge of supply chain risk management policies and procedures 13
K0881 Knowledge of learning assessment tools and techniques 7
K0887 Knowledge of training policies and procedures 3
K0892 Knowledge of cyber defense laws and regulations 13
K0893 Knowledge of training systems and software 3
K0902 Knowledge of the NIST Workforce Framework for Cybersecurity (NICE Framework) 1
K0908 Knowledge of human resources policies and procedures 1
K0943 Knowledge of industry indicators 2
K0962 Knowledge of targeting laws and regulations 11
K0963 Knowledge of exploitation laws and regulations 11
K0969 Knowledge of cyber-attack tools and techniques 7
K0983 Knowledge of computer networking principles and practices 39
K0990 Knowledge of cyber operations principles and practices 8
K1014 Knowledge of network security principles and practices 40
K1023 Knowledge of network exploitation tools and techniques 3
K1098 Knowledge of personnel systems and software 2
K1137 Knowledge of cybersecurity requirements 11
K1140 Knowledge of cybersecurity workforce policies and procedures 1
K1171 Knowledge of mission assurance practices and principles 3
K1180 Knowledge of organizational cybersecurity goals and objectives 11
K1183 Knowledge of organizational cybersecurity policies and procedures 6
K1184 Knowledge of organizational cybersecurity workforce requirements 1
K1186 Knowledge of organizational human resource (HR) policies and procedures 2
K1206 Knowledge of research and design processes and procedures 7
K1209 Knowledge of risk mitigation principles and practices 4
Code Description Work Roles
S0393 Skill in developing assessments 3
S0394 Skill in developing security assessments 3
S0396 Skill in forecasting requirements 2
S0397 Skill in assessing requirements 2
S0398 Skill in analyzing organizational objectives 2
S0406 Skill in developing policy plans 5
S0410 Skill in creating career path definitions 1
S0411 Skill in developing career paths 1
S0422 Skill in evaluating workforce trends 1
S0497 Skill in developing client organization profiles 4
S0515 Skill in identifying partner capabilities 5
S0519 Skill in detecting exploitation activities 2
S0633 Skill in developing position qualification requirements 2
S0647 Skill in managing a workforce 2
S0686 Skill in performing risk assessments 12
S0821 Skill in collaborating with internal and external stakeholders 9
S0850 Skill in performing cost/benefit analysis 4
S0858 Skill in performing economic analysis 4
S0878 Skill in performing risk analysis 9
S0892 Skill in performing trend analysis 3