OV-SPP-001 Cyber Workforce Developer and Manager

Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.

Develops policies and plans and/or advocates for changes in policy that support organizational cyberspace initiatives or required changes/enhancements.

Develops cyberspace workforce plans, strategies, and guidance to support cyberspace workforce manpower, personnel, training and education requirements and to address changes to cyberspace policy, doctrine, materiel, force structure, and education and training requirements.

Knowledges 23

Code	Description	Work Roles
K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.	52
K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	52
K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.	52
K0004	Knowledge of cybersecurity and privacy principles.	52
K0005	Knowledge of cyber threats and vulnerabilities.	52
K0006	Knowledge of specific operational impacts of cybersecurity lapses.	52
K0072	Knowledge of resource management principles and techniques.	7
K0101	Knowledge of the organization’s enterprise information technology (IT) goals and objectives.	8
K0127	Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).	2
K0146	Knowledge of the organization's core business/mission processes.	10
K0147	Knowledge of emerging security issues, risks, and vulnerabilities.	4
K0168	Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.	11
K0169	Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.	14
K0204	Knowledge of learning assessment techniques (rubrics, evaluation plans, tests, quizzes).	3
K0215	Knowledge of organizational training policies.	2
K0233	Knowledge of the National Cybersecurity Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities.	1
K0234	Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation).	2
K0241	Knowledge of organizational human resource policies, processes, and procedures.	1
K0243	Knowledge of organizational training and education policies, processes, and procedures.	2
K0309	Knowledge of emerging technologies that have potential for exploitation.	2
K0311	Knowledge of industry indicators useful for identifying technology trends.	2
K0313	Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).	3
K0335	Knowledge of current and emerging cyber technologies.	2

Skills 2

Code	Description	Work Roles
S0108	Skill in developing workforce and position qualification standards.	1
S0128	Skill in using manpower and personnel IT systems.	2

Abilities 6

Code	Description	Work Roles
A0023	Ability to design valid and reliable assessments.	3
A0028	Ability to assess and forecast manpower requirements to meet organizational objectives.	2
A0033	Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.	5
A0037	Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.	2
A0042	Ability to develop career path opportunities.	1
A0053	Ability to determine the validity of workforce trend data.	1

Tasks 45

Code	Description	Work Roles
T0341	Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.	2
T0352	Conduct learning needs assessments and identify requirements.	3
T0355	Coordinate with internal and external subject matter experts to ensure existing qualification standards reflect organizational functional requirements and meet industry standards.	1
T0356	Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets.	2
T0362	Develop and implement standardized position descriptions based on established cyber work roles.	1
T0363	Develop and review recruiting, hiring, and retention procedures in accordance with current HR policies.	1
T0364	Develop cyber career field classification structure to include establishing career field entry requirements and other nomenclature such as codes and identifiers.	1
T0365	Develop or assist in the development of training policies and protocols for cyber training.	3
T0368	Ensure that cyber career fields are managed in accordance with organizational HR policies and directives.	1
T0369	Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.	2
T0372	Establish and collect metrics to monitor and validate cyber workforce readiness including analysis of cyber workforce data to assess the status of positions identified, filled, and filled with qualified personnel.	1
T0373	Establish and oversee waiver processes for cyber career field entry and training qualification requirements.	1
T0374	Establish cyber career paths to allow career progression, deliberate development, and growth within and between cyber career fields.	1
T0375	Establish manpower, personnel, and qualification data element standards to support cyber workforce management and reporting requirements.	1
T0376	Establish, resource, implement, and assess cyber workforce management programs in accordance with organizational requirements.	1
T0384	Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.	3
T0387	Review and apply cyber career field qualification standards.	1
T0388	Review and apply organizational policies related to or influencing the cyber workforce.	1
T0390	Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.	2
T0391	Support integration of qualified cyber workforce personnel into information systems life cycle development processes.	1
T0408	Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.	2
T0425	Analyze organizational cyber policy.	3
T0429	Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.	3
T0437	Correlate training and learning to business or mission requirements.	2
T0441	Define and integrate current and future mission environments.	2
T0445	Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.	3
T0472	Draft, staff, and publish cyber policy.	2
T0481	Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training).	3
T0505	Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.	2
T0506	Seek consensus on proposed policy changes from stakeholders.	2
T0529	Provide policy guidance to cyber management, staff, and users.	2
T0533	Review, conduct, or participate in audits of cyber programs and projects.	2
T0536	Serve as an internal consultant and advisor in own area of expertise (e.g., technical, copyright, print media, electronic media).	3
T0537	Support the CIO in the formulation of cyber-related policies.	2
T0552	Review and approve a supply chain security/risk management policy.	1
T0001	Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.	3
T0004	Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.	5
T0025	Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.	4
T0044	Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.	3
T0074	Develop policy, programs, and guidelines for implementation.	2
T0094	Establish and maintain communication channels with stakeholders.	2
T0099	Evaluate cost/benefit, economic, and risk analysis in decision-making process.	4
T0116	Identify organizational policy stakeholders.	1
T0222	Review existing and proposed policies with stakeholders.	2
T0226	Serve on agency and interagency policy boards.	2