Defining NICE work roles: Cyber Crime Investigator
In a series of blogs, we’ll be using NIST’s NICE Cyber Security Workforce Framework to define human requirements for jobs in cybersecurity. A range of organizations in the public, private and academic sectors now use this approach.
It’s been too easy in recent times to lay the recruitment struggles of the cybersecurity industry at the door of the so-called skills gap. The real challenge is more complex. Businesses looking to recruit staff, for example, may be averse to paying top dollar for a self-taught ‘hacker’ with no college degree. The same applies to those aspiring to move into entry-level roles who may have taken useful and effective hands-on training but have no way of differentiating themselves when they lack formal experience. And the list of barriers for both businesses and applicants goes on. Put simply, the root of much of this is the speed at which cybersecurity as an industry has developed.
To address some of these issues, the US National Institute of Standards and Technology (NIST) has built the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. It can improve the way organizations identify, recruit, develop and nurture cybersecurity talent by helping them to interpret their workforce and identify skill gaps. In 2019, the Whitehouse encouraged US Federal Government agencies to adopt NICE in an Executive Order.
The framework shows cybersecurity leaders what abilities their team needs, enabling them to identify skill gaps, map career development, and understand the role of each member. For cybersecurity pros, it offers guidance towards achieving career progression or making the jump from one role to another.
In this series we will help you understand the five most common of these work roles. Next up is Cyber Crime Investigator.
Cyber Crime Investigators are cybersecurity sleuths; they identify, collect, examine, and preserve evidence from cybercrimes using controlled analytical and investigative techniques. The crimes they respond to include everything from hacked computer systems to phishing attacks and copyright infringement. It is common for Cyber Crime Investigators to work in tandem with law enforcement agents, and they may even be called upon to testify in court.
Cyber Crime Investigators don’t only work after the fact, though; large organizations often employ them to test their existing security systems. The investigator does this by finding ways to hack the client’s computer networks.
Typical work duties
It is essential that Cyber Crime Investigators can find and navigate the dark web using the TOR network; they must also be able to examine digital media on multiple operating systems.
By recovering and collating electronic evidence that is used in court, they play a key role in prosecuting bad guys. Their evidence must be compiled in clear reports and, where necessary, presented in plain language.
In cases where the crime damages a hard drive or related component, Cyber Crime Investigators may need to reconstruct lost material. Organizations that rely on internet-connected devices to function – that’s everything from hospitals to schools – often employ Cyber Crime Investigators to upskill their employees. It is typical for Cyber Crime Investigators to work for the government, but there are many private sector roles up for grabs too.
In addition, Cyber Crime Investigators may be expected to carry out the following duties:
Maximizing optimal computer system performance levels
Reconstructing damaged computer systems
Training law enforcement on computer-related issues
Assessing software applications for design flaws
Identifying and recommending methods for preservation and presentation of computer evidence
Conducting interviews with victims, witnesses, and/or suspects
Determining whether a security incident is indicative of a violation of law that requires specific legal action
What skills do Cyber Crime Investigators need?
This role demands various skills, the most important of which are shown below:
Preserving evidence integrity
Collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
Using scientific rules and methods to solve problems
Evaluating the trustworthiness of the supplier and/or product
A deep, growing knowledge of operating systems and prevalent software
Web hacking skills
Practical knowledge of phishing tools, techniques and counter-measures
Strong knowledge of virtual payment systems
What traits are required to succeed in this role?
Personality is as important as skill – and this is true of all cybersecurity roles. Dr. Ryne Sherman, chief science officer at Hogan Assessments, says, “Traditional recruiting practices often overlook personality and focus on education, experience and a set of hard skills. While these are important, it is crucial to remember that personality characteristics play a huge role. A candidate with the suitable personality can be easily trained into the right role. This is especially true in the cybersecurity world, where companies struggle to find the experienced individuals they need.”
Below are some personality traits that will help a Cyber Crime Investigator succeed:
What qualifications are required?
Some employers will desire a Bachelor’s degree in a related field such as Digital Forensics, but this is not essential. It’s not unusual for a Cyber Crime Investigator to begin their career in traditional law enforcement or IT before specializing in online crimes.
I want to know more
At Immersive Labs we’ve mapped 700 of our labs to over 50 NICE cybersecurity roles in the entry, intermediate and advanced levels. Find out why and learn how the framework can help your organization by downloading our free eBook today.
Download our eBook on the NICE Cyber Security Workforce Framework
Learn how aligning cyber skills to the NICE Cyber Security Workforce Framework can help us reframe the skills gap and find the best talent.