In a memo, John Berry, director of the US Office of Personnel Management, said that his organization had been working with the National Security Council Interagency Policy Committee (IPC). The IPC cybersecurity group had arrived at three discrete categories of cybersecurity professional.
The IT infrastructure, operations, maintenance, and information assurance category covers personnel who have significant responsibilities for designing, developing, operating, or maintaining the security of federal IT infrastructures, systems, applications and networks.
The domestic law enforcement and counterintelligence category contains those cybersecurity professionals who analyze cybersecurity events and computing environments to identify threats and attackers. Law enforcers and IT forensics experts would fall into this category.
Finally, specialized cybersecurity operations involves personnel employed by departments and agencies that are engaged in highly specialized, and largely classified, cybersecurity operations focused on collection, exploitation and response.
Berry asked agencies to send his organization documents including position descriptions, vacancy announcements, crediting plans, training plans, performance management plans and any studies or competency models of cybersecurity work. The responses are due in by mid-January, and agencies will then be asked to provide subject matter experts to help assess policy requirements.
"This initiative will identify the critical elements of success for the covered workforce, ensuring classification, selection, development, and performance management programs are based on a valid framework", Berry said.