The U. S. Office of Personnel Management (OPM), the Chief Information Officers (CIO) Council and the Chief Human Capital Officers Council's Workforce Development Subcommittee identified cybersecurity related occupations as high priorities for Governmentwide competency models.

In November 2009, OPM initiated a Governmentwide study to identify critical competencies for cybersecurity work, working with the CIO Council and the National Initiative for Cybersecurity Education (NICE). Subject matter experts provided key insights, and employees and supervisors across the Government completed surveys to paint a comprehensive picture of cybersecurity work. We are pleased to provide the attached Cybersecurity competency model to support your human resources initiatives.

The competencies identified may be used in such agency efforts as workforce planning, training and development, performance management, recruitment, and selection. When used for selection, the competencies must be used in conjunction with the appropriate qualification standard.

Thank you for your continued support of this important project. If you have any questions regarding the competency model, please contact Andrea Bright, Manager of the Classification and Assessment Policy Group at (202) 606-3600, or e-mail competency@opm.gov.

Attachment

cc: Human Resources Directors

Cybersecurity Competencies by Grade Level

The following tables present the competencies that have been confirmed as appropriate for selection on a Governmentwide basis for cybersecurity work in the four series listed below and at the grades indicated. Agencies are responsible for conducting job analyses for work responsibilities outside the cybersecurity function. Similarly, agencies must determine the applicability of these competencies to positions which do not perform the full range of cybersecurity work. Please refer to OPM's Delegated Examining Operations Handbook for more information on conducting a job analysis.

Occupations and Grades with Confirmed Competencies

Cybersecurity Competencies by Occupation
2210 Information Technology Management Series

Cybersecurity Competencies by Occupation
0855 Electronics Engineering Series

Cybersecurity Competencies by Occupation
0854 Computer Engineering Series

Cybersecurity Competencies by Occupation
0391 Telecommunications Series

Cybersecurity Competency Model
Competency Importance Rankings

The table below presents the rank order of the competencies on current importance and future importance in three years based on supervisor and employee ratings.

Cybersecurity Competency Model
General Competencies

Accountability - Holds self and others accountable for measurable high-quality, timely, and cost-effective results. Determines objectives, sets priorities, and delegates work. Accepts responsibility for mistakes. Complies with established control systems and rules.

Administration and Management - Knowledge of planning, coordination, and execution of business functions, resource allocation, and production.

Agility - Bends, stretches, twists, or reaches out with the body, arms, or legs.

Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

Computer Skills - Uses computers, software applications, databases, and automated systems to accomplish work.

Conflict Management - Manages and resolves conflicts, grievances, confrontations, or disagreements in a constructive manner to minimize negative personal impact.

Contracting/Procurement - Knowledge of various types of contracts, techniques, or requirements (for example, Federal Acquisitions Regulations) for contracting or procurement, and contract negotiation and administration.

Creative Thinking - Uses imagination to develop new insights into situations and applies innovative solutions to problems; designs new methods where established methods and procedures are inapplicable or are unavailable.

Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change.

External Awareness - Identifies and understands economic, political, and social trends that affect the organization.

Financial Management - Prepares, justifies, and/or administers the budget for program areas; plans, administers, and monitors expenditures to ensure cost-effective support of programs and policies; assesses financial condition of an organization.

Flexibility - Is open to change and new information; adapts behavior or work methods in response to new information, changing conditions, or unexpected obstacles; effectively deals with ambiguity.

Human Capital Management - Builds and manages workforce based on organizational goals, budget considerations, and staffing needs. Ensures that employees are appropriately recruited, selected, appraised, and rewarded; takes action to address performance problems. Manages a multi-sector workforce and a variety of work situations.

Influencing/Negotiating - Persuades others to accept recommendations, cooperate, or change their behavior; works with others towards an agreement; negotiates to find mutually acceptable solutions.

Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems.

Integrity/Honesty - Contributes to maintaining the integrity of the organization; displays high standards of ethical conduct and understands the impact of violating these standards on an organization, self, and others; is trustworthy.

Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations; is sensitive to cultural diversity, race, gender, disabilities, and other individual differences.

Leadership - Influences, motivates, and challenges others; adapts leadership styles to a variety of situations.

Learning - Uses efficient learning techniques to acquire and apply new knowledge and skills; uses training, feedback, or other opportunities for self-learning and development.

Managing Human Resources - Plans, distributes, coordinates, and monitors work assignments of others; evaluates work performance and provides feedback to others on their performance; ensures that staff are appropriately selected, utilized, and developed, and that they are treated in a fair and equitable manner.

Mathematical Reasoning - Solves practical problems by choosing appropriately from a variety of mathematical and statistical techniques.

Memory - Recalls information that has been presented previously.

Mental Visualization - Sees things in the mind by mentally organizing and processing symbols, pictures, graphs, objects, or other information (for example, sees a building from a blueprint, or sees the flow of work activities from reading a work plan).

Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

Organizational Awareness - Knows the organization's mission and functions, and how its social, political, and technological systems work and operates effectively within them; this includes the programs, policies, procedures, rules, and regulations of the organization.

Partnering - Develops networks and builds alliances; collaborates across boundaries to build strategic relationships and achieve common goals.

Perceptual Speed - Quickly and accurately sees detail in words, numbers, pictures, and graphs.

Performance Management - Knowledge of performance management concepts, principles, and practices related to planning, monitoring, rating, and rewarding employee performance.

Planning and Evaluating - Organizes work, sets priorities, and determines resource requirements; determines short- or long-term goals and strategies to achieve them; coordinates with other organizations or parts of the organization to accomplish goals; monitors progress and evaluates outcomes.

Political Savvy - Identifies the internal and external politics that impact the work of the organization. Perceives organizational and political reality and acts accordingly.

Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

Reading - Understands and interprets written material, including technical material, rules, regulations, instructions, reports, charts, graphs, or tables; applies what is learned from written material to specific situations.

Reasoning - Identifies rules, principles, or relationships that explain facts, data, or other information; analyzes information and makes correct inferences or draws accurate conclusions.

Resilience - Deals effectively with pressure; remains optimistic and persistent, even under adversity. Recovers quickly from setbacks.

Self-Management - Sets well-defined and realistic personal goals; displays a high level of initiative, effort, and commitment towards completing assignments in a timely manner; works with minimal supervision; is motivated to achieve; demonstrates responsible behavior.

Spatial Orientation - Knows one's location in relation to the environment; determines where other objects are in relation to one's self (for example, when using a map).

Stamina - Exerts oneself physically over long periods of time without tiring (which may include performing repetitive tasks such as data entry or coding).

Strategic Thinking - Formulates effective strategies consistent with the business and competitive strategy of the organization in a global economy; examines policy issues and strategic planning with a long-term perspective; determines objectives and sets priorities; anticipates potential threats or opportunities.

Stress Tolerance - Deals calmly and effectively with high stress situations (for example, tight deadlines, hostile individuals, emergency situations, dangerous situations).

Teaching Others - Helps others learn through formal or informal methods; identifies training needs; provides constructive feedback; coaches others on how to perform tasks; acts as a mentor.

Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals.

Technical Competence - Uses knowledge that is acquired through formal training or extensive on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues.

Visual Identification - Accurately identifies people, animals, or objects based on knowledge of their characteristics.

Writing - Recognizes or uses correct English grammar, punctuation, and spelling; communicates information (for example, facts, ideas, or messages) in a succinct and organized manner; produces written information, which may include technical material that is appropriate for the intended audience.

Cybersecurity Competency Model
Technical Competencies

Accessibility - Knowledge of tools, equipment, and technologies used to help individuals with disabilities use computer equipment and software.

Business Process Reengineering - Knowledge of methods, metrics, tools, and techniques of Business Process Reengineering.

Capacity Management - Knowledge of the principles and methods for monitoring, estimating, or reporting actual performance or the performance capability of information systems or components.

Capital Planning and Investment Assessment - Knowledge of the principles and methods of capital investment analysis or business case analysis, including return on investment analysis.

Communications Security Management - Knowledge of the principles, policies, and procedures involved in ensuring the security of communications services and data, and in maintaining the communications environment on which it resides.

Compliance - Knowledge of procedures for assessing, evaluating, and monitoring programs or projects for compliance with Federal laws, regulations, and guidance.

Computer Forensics - Knowledge of tools and techniques used in data recovery and preservation of electronic evidence.

Computer Languages - Knowledge of computer languages and their applications to enable a system to perform specific functions.

Computer Network Defense - Knowledge of defensive measures to detect, respond, and protect information, information systems, and networks from threats.

Computers and Electronics - Knowledge of electric circuit boards, processors, chips, and computer hardware and software, including applications and programming.

Configuration Management - Knowledge of the principles and methods for planning or managing the implementation, update, or integration of information systems components.

Cost-Benefit Analysis - Knowledge of the principles and methods of cost-benefit analysis, including the time value of money, present value concepts, and quantifying tangible and intangible benefits.

Criminal Investigation - Knowledge of the guidelines, regulations, and procedures associated with criminal investigation, including evidence detection and handling and drawing appropriate factual inferences and conclusions.

Criminal Law - Knowledge of state and Federal criminal laws, including procedures, regulations, guidelines, and precedents related to admissibility of evidence and prosecution.

Data Management - Knowledge of the principles, procedures, and tools of data management, such as modeling techniques, data backup, data recovery, data dictionaries, data warehousing, data mining, data disposal, and data standardization processes.

Database Administration - Knowledge of the principles, methods, and tools for automating, developing, implementing, or administering database systems.

Database Management Systems - Knowledge of the uses of database management systems and software to control the organization, storage, retrieval, security, and integrity of data.

Distributed Systems - Knowledge of the principles, theoretical concepts, and tools underlying distributed computing systems, including their associated components and communication standards.

Economics and Accounting - Knowledge of economic and accounting principles and practices, tax law and practices, the financial markets, banking, and the analysis and reporting of financial data.

Electronic Commerce (e-Commerce) - Knowledge of the principles, methods, and tools for conducting business online, including electronic data interchange.

Embedded Computers - Knowledge of specifications and uses of specialized computer systems used to control devices (for example, automobiles, helicopters), including the appropriate programming languages.

Encryption - Knowledge of procedures, tools, and applications used to keep data, or information secure, including public key infrastructure, point-to-point encryption, and smart cards.

Engineering and Technology - Knowledge of engineering concepts, principles, and practices, and of equipment, tools, mechanical devices, and their uses to produce motion, light, power, technology, and other applications.

Enterprise Architecture - Knowledge of principles, concepts, and methods of enterprise architecture to align information technology (IT) strategy, plans, and systems with the mission, goals, structure, and processes of the organization.

Forensics - Knowledge of procedures of civil, criminal, or administrative hearings, evidence collection, including the delivery and receipt of evidence, classes of evidence, and rules of evidence and legal procedures.

Hardware - Knowledge of specifications, uses, and types of computer or computer-related equipment.

Hardware Engineering - Knowledge of the principles, methods, and tools for designing, developing, and testing computer or computer-related equipment.

Human Factors - Knowledge of the principles, methods, and tools used to identify and apply information about human behavior, abilities, limitations, and other characteristics to the design of tools, machines, systems, tasks, jobs, and environments for effective human use.

Identity Management - Knowledge of methods and controls to validate the identity of individuals to verify access approval and level, and monitor activity to ensure that only authorized access is taking place.

Incident Management - Knowledge of the tactics, technologies, principles, and processes to protect, analyze, prioritize, and handle incidents.

Information Assurance - Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity.

Information Resources Strategy and Planning - Knowledge of the principles, methods, and techniques of IT assessment, planning, management, monitoring, and evaluation, such as IT baseline assessment, interagency functional analysis, contingency planning, and disaster recovery.

Information Systems Security Certification - Knowledge of the principles, methods, and tools for evaluating information systems security features against a set of specified security requirements. Includes developing security certification and accreditation plans and procedures, documenting deficiencies, reporting corrective actions, and recommending changes to improve the security of information systems.

Information Systems/Network Security - Knowledge of methods, tools, and procedures, including development of information security plans, to prevent information systems vulnerabilities, and provide or restore security of information systems and network services.

Information Technology Architecture - Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system's internal operations and interactions with other systems.

Information Technology Performance Assessment - Knowledge of the principles, methods, and tools (for example, surveys, system performance measures) to assess the effectiveness and practicality of IT systems.

Information Technology Research and Development - Knowledge of scientific principles, methods, and tools of basic and applied research used to conduct a systematic inquiry into a subject matter area.

Infrastructure Design - Knowledge of the architecture and topology of software, hardware, and networks, including LANS, WANS, and telecommunications systems, their components and associated protocols and standards, and how they operate and integrate with one another and with associated controlling software.

Internal Controls - Knowledge of the principles, methods, and techniques for establishing internal control activities (for example, authorizations, verifications, reconciliations), monitoring their use, and evaluating their performance (for example, identification of material weaknesses or significant deficiencies).

Knowledge Management - Knowledge of the value of collected information and the methods of sharing that information throughout an organization.

Legal, Government and Jurisprudence - Knowledge of laws, legal codes, court procedures, precedents, legal practices and documents, government regulations, executive orders, agency rules, government organization and functions, and the democratic political process.

Logical Systems Design - Knowledge of the principles and methods for designing business logic components, system processes and outputs, user interfaces, data inputs, and productivity tools (for example, computer-aided software engineering).

Modeling and Simulation - Knowledge of mathematical modeling and simulation tools and techniques to plan and conduct test and evaluation programs, characterize systems support decisions involving requirements, evaluate design alternatives, or support operational preparation.

Multimedia Technologies - Knowledge of the principles, methods, tools, and techniques to develop or apply technology using text, audio, graphics, or other media.

Network Management - Knowledge of the operation, management, and maintenance of network and telecommunication systems and linked systems and peripherals.

Object Technology - Knowledge of the principles, methods, tools, and techniques that use object-oriented languages, analysis, and design methodologies.

Operating Systems - Knowledge of computer network, desktop, and mainframe operating systems and their applications.

Operations Support - Knowledge of procedures to ensure production or delivery of products and services, including tools and mechanisms for distributing new or enhanced software.

Organizational Development - Knowledge of the principles of organizational development and change management theories, and their applications.

Personnel Security and Safety - Knowledge of methods and controls of personnel, public safety, and security operations; investigation and inspection techniques; or rules, regulations, precautions, and prevention techniques for the protection of people, data, or property.

Physical Security - Knowledge of methods and controls to protect an organization from natural or man-made threats to physical locations where information systems equipment is located or work is performed (for example, computer rooms, work locations, and equipment rooms).

Process Control - Knowledge of the principles, methods, and procedures used for the automated control of a process, including the design, development, and maintenance of associated software, hardware, and systems.

Product Evaluation - Knowledge of methods for researching and analyzing external products to determine their potential for meeting organizational standards and business needs.

Project Management - Knowledge of the principles, methods or tools for developing, scheduling, coordinating, and managing projects and resources, including monitoring and inspecting costs, work, and contractor performance.

Public Safety and Security - Knowledge of military, weaponry, and intelligence operations; public safety and security operations; occupational health and safety; investigation and inspection techniques; or rules, regulations, precautions, and prevention techniques for the protection of people, data, and property.

Quality Assurance - Knowledge of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards.

Requirements Analysis - Knowledge of the principles and methods to identify, analyze, specify, design, and manage functional and infrastructure requirements; includes translating functional requirements into technical requirements used for logical design or presenting alternative technologies or approaches.

Risk Management - Knowledge of the principles, methods, and tools used for risk assessment and mitigation, including assessment of failures and their consequences.

Security - Knowledge of the laws, regulations, and guidelines related to securing personnel, facilities, and information, including the requirements for handling, transporting, and protecting classified information and proper reporting of security incidents.

Software Development - Knowledge of the principles, methods, and tools for designing, developing, and testing software in a given environment.

Software Engineering - Knowledge of software engineering design and development methodologies, paradigms, and tools; the software life cycle; software reusability; and software reliability metrics.

Software Testing and Evaluation - Knowledge of the principles, methods, and tools for analyzing and developing software test and evaluation procedures.

Surveillance - Knowledge of surveillance and counter-surveillance techniques, policies, and laws, including overt and covert methods and electronic, optical, and video surveillance methods and tools.

Systems Integration - Knowledge of the principles, methods, and procedures for installing, integrating, and optimizing information systems components.

Systems Life Cycle - Knowledge of systems life cycle management concepts used to plan, develop, implement, operate, and maintain information systems.

Systems Testing and Evaluation - Knowledge of the principles, methods, and tools for analyzing and developing systems test and evaluation procedures and technical characteristics of IT systems, including identifying critical operational issues.

Technical Documentation - Knowledge of procedures for developing technical and operational support documentation.

Technology Awareness - Knowledge of developments and new applications of IT (hardware, software, telecommunications), emerging technologies and their applications to business processes, and applications and implementation of information systems to meet organizational requirements.

Telecommunications - Knowledge of transmissions, broadcasting, switching, control, and operation of telecommunications systems.

Vulnerabilities Assessment - Knowledge of the principles, methods, and tools for assessing vulnerabilities, and developing or recommending appropriate mitigation countermeasures.

Web Technology - Knowledge of the principles and methods of web technologies, tools, and delivery systems, including web security, privacy policy practices, and user interface issues.