The ASD Cyber Skills Framework roles:
- Cyber Security Advice and Assessment
- Cyber Threat Analyst
- Incident Responder
- Intrusion Analyst
- Malware Analyst
- Operations Coordinator
- Penetration Tester
- Vulnerability Assessor
- Vulnerability Researcher
In 2018, ASD undertook a review of its cyber roles, capabilities, skills and proficiency levels, and the way in which these related to current industry and government frameworks and standards. As a result of this review, the ASD Cyber Skills Framework was developed, drawing from three core industry and government frameworks:
- Chartered Institute of Information Security (CIISec) Skills Framework
- Skills Framework for the Information Age (SFIA), and
- Australian Public Service Commission Integrated Leadership System (ILS).
The ASD Cyber Skills Framework has been used as a guiding document for:
- Defence People Group to develop nine new occupational profiles (APS4-EL1) for implementation in Defence and ASD.
- Digital Transformation Agency and the Australian Public Service Commission in the development of cyber roles within the APS Digital Profession Stream and related Digital Career Pathways.
Australia’s Cyber Security Strategy 2020 has highlighted the need for “greater collaboration to build Australia’s cyber skills pipeline”. The ASD Cyber Skills Framework will assist ASD in its efforts to “grow a skilled workforce” and can assist practitioners and recruiters alike in understanding the skills that are necessary to perform the roles and duties of ASD's and wider cyber missions.
The ASD Cyber Skills Framework has been developed to define ASD’s core cyber roles and should be read alongside other industry standards. For example, the National Institute of Standards and Technology’s National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework in the USA has been recommended to the academic sector in Australia to address cyber skills development, especially at the entry level. The nine cyber security roles defined in the ASD Cyber Skills Framework map to the NICE Cybersecurity Workforce Framework so as to allow for a progression from learning to employment.