This is the third of the six articles in our series from Learning Tree instructor Aaron Kraus on the NICE Cybersecurity framework and common challenges many organizations face when trying to maintain vital cybersecurity skills and resources. To further your journey, read the rest of the blog series and learn more about Aaron Kraus here.
NICE provides a listing of typical roles or titles for staff working in the Operate and Maintain category. Obviously all organizations are different so these are examples and not prescriptive, i.e., not all organizations will have these particular jobs, titles, or roles, and they may be combined with other functions, outsourced, or not performed if they are not required. The sample roles from the NICE documentation, as well as definitions and typical skills that individuals in these roles might need, are listed below:
Operations and maintenance can be challenging due to the inherent focus on operations rather than security – that is to say, the motto is often “keep things up and running” rather than “keep things secure”. Configuration management continues to be an issue once resources have been provisioned, as settings are likely to change over time which can introduce vulnerabilities into a previously secured system.
The majority of security activities occur during the Operations & Maintenance phase of the System Lifecycle (SLC), which overlaps with the Operate & Maintain and Protect & Defend NICE categories. This includes activities like vulnerability and patch management, risk assessment, continuous monitoring, audits and assessments, and de-provisioning at the end of the system’s useful life. Ensuring that security operations are maintained, adequate skills exist in the organization, and changes to the threat landscape are understood and addressed are all challenges organizations must counter. One of the biggest evolving challenges is the increasingly vendor-specific skillsets administrators may possess, e.g., an admin with advanced Google Cloud Platform (GCP) skills may not be able to perform at the same level in an organization using Amazon Web Services (AWS) without learning AWS-specific tools.
Most skills required to operate and maintain systems will be universal, such as Windows system administration which is largely the same from one organization to the next. As mentioned, cloud vendor specific skills may need to be developed, but the major Cloud Service Providers (CSPs) have robust certification programs designed to build the requisite skills. Some learning paths which can be useful for developing these skills include: