In a series of blogs, we’ll be using NIST’s NICE Cyber Security Workforce Framework to define human requirements for jobs in cybersecurity. A range of organizations in the public, private and academic sectors now use this approach.

It’s been too easy in recent times to lay the recruitment struggles of the cybersecurity industry at the door of the so-called skills gap. The real challenge is more complex. Businesses looking to recruit staff, for example, may be averse to paying top dollar for a self-taught ‘hacker’ with no college degree. The same applies to those aspiring to move into entry-level roles who may have taken useful and effective hands-on training but have no way of differentiating themselves when they lack formal experience. And the list of barriers for both businesses and applicants goes on. Put simply, the root of much of this is the speed at which cybersecurity as an industry has developed.

To address some of these issues, the US National Institute of Standards and Technology (NIST) has built the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. It can improve the way organizations identify, recruit, develop and nurture cybersecurity talent by helping them to interpret their workforce and identify skill gaps. In 2019, the Whitehouse encouraged US Federal Government agencies to adopt NICE in an Executive Order.

The framework shows cybersecurity leaders what abilities their team needs, enabling them to identify skill gaps, map career development, and understand the role of each member. For cybersecurity pros, it offers guidance towards achieving career progression or making the jump from one role to another.

In this series we will help you understand the five most common of these work roles. Next up is Cyber Defense Forensics Analyst.

Cyber Defense Forensics Analyst

Category: Investigate
Area: Digital Forensics

What is a Cyber Defense Forensics Analyst?

Cyber Defense Forensics Analysts analyze digital evidence and investigate incidents to derive information in support of system and network vulnerability mitigation.
This role is responsible for finding, collating and analyzing all potential evidence of a cybercrime from both IT hardware and networks. And in today’s digital landscape, this extends beyond computers to include mobile phones, tablets and many more internet-connected devices.

Those in this role must build a picture from evidence they harvest so that charges can be brought against digital bad guys – no matter where in the world they operate. This evidence may be linked to a range of nefarious online activity, including hacking, network intrusions and data theft.

In terms of where Cyber Defense Forensics Analysts work, the opportunities are numerous. An obvious path is to work for a specialist computer forensics firm, but there are also roles available within law enforcement agencies and in-house investigative teams.

Typical work duties

This role is highly technical and requires a vast skill set – something reflected in the salary (dependent on experience). Typical working hours are nine to five, though contractors may be paid an additional fee should they have to work outside of their agreed remit.

The primary duty is leading investigations into known data breaches and security incidents, and recovering data from relevant devices for examination. Those in this role must possess data retrieval expertise and know how to dismantle and rebuild impacted systems. Communication skills are also key, as they must report findings using language appropriate for those with limited technical knowledge.

Beyond learning their organization’s IT security, technology and information systems, Cyber Defence Forensics Analysts could be expected to carry out the following duties:

  • Conducting comprehensive data breach and security incident investigations
  • Dismantling and rebuilding impacted systems and networks for data recovery
  • Writing technical reports and logging relevant evidence
  • Assisting investigators in understanding the implications of their findings regarding the collected evidence
  • Reverse engineering the forensic evidence that you find to uncover the causes of successful attacks and penetrations

What skills do Cyber Defense Forensics Analysts need?

This role demands numerous skills, the most important of which are shown below:

  • Knowledge of the latest forensic computing techniques, tools and software
  • Thorough understanding of operating systems
  • Excellent analytical and problem-solving skills
  • Written and verbal communication skills
  • Ability to distil meaning from large amounts of data

What traits are required to succeed in this role?

Personality is as important as skill – and this is true of all cybersecurity roles. Dr. Ryne Sherman, chief science officer at Hogan Assessments, says, “Traditional recruiting practices often overlook personality and focus on education, experience and a set of hard skills. While these are important, it is crucial to remember that personality characteristics play a huge role. A candidate with the suitable personality can be easily trained into the right role. This is especially true in the cybersecurity world, where companies struggle to find the experienced individuals they need.”

Below are some traits that will help a Cyber Defense Forensics Analyst succeed:

  • A problem-solving mind-set
  • Attention to detail
  • An inquiring mind
  • Patience
  • Methodical approach to work
  • Unfazed by pressure

What qualifications are required?

Some employees will desire a Bachelor’s degree in a related field such as Computer Science or IT, and they may even request a Master’s. However, relevant work experience can help candidates develop the skills necessary to work as a Cyber Defense Forensics Analyst. They may also be able to secure an internship in computer forensics, which are available within various large organizations.

I want to know more

At Immersive Labs we’ve mapped 700 of our labs to over 50 NICE cybersecurity roles in the entry, intermediate and advanced levels. Find out why and learn how the framework can help your organization by downloading our free eBook today.

Download our eBook on the NICE Cyber Security Workforce Framework

Learn how aligning cyber skills to the NICE Cyber Security Workforce Framework can help us reframe the skills gap and find the best talent.


Check Out Immersive Labs in the News.


February 25, 2020




Immersive Labs