The Official (ISC)2 Guide to the CISSP CBK third and fourth editions note a Security Administrator as: “A security administrator manages the user access request process and ensures that privileges are provided to those individuals who have been authorized for access by application/system/data owners. This individual has elevated privileges and creates and deletes accounts and access permissions. The security administrator also terminates access privileges when individuals leave their jobs or transfer between company divisions. The security administrator maintains records of access request approvals and produces reports of access rights for the auditor during testing in an access controls audit to demonstrate compliance with the policies.”

CompTIA somewhat contrasts this, referring to a security administrator as the “point person for a cybersecurity team” and being “broadly responsible for installing, administering, and troubleshooting an organization’s security solutions.” In this direction, CompTIA notes that security administrators care for and feed security solutions, manage patches, and configure firewalls. Likewise, CompTIA notes “developing and updating business continuity and disaster recovery protocols.”

The reality is that cybersecurity administrators are generally positioned in entry-level roles. With automation between systems, many of the functions noted above will be unnecessary with access approval, even in small companies, handled by a service desk as part of IT Service Management (ITSM) and operations. Most might fill systems, networks, applications, databases, or even cloud-related roles, but not necessarily with full admin rights. More than likely, many functions are handled by analysts and engineers or through automation. Much of this depends on the organization and how cybersecurity leadership positions their organizational charts and target operating model.

Main Purpose

The main purpose of this focus area is to develop a consistent, standardized perspective for skills relevant to cybersecurity administrators across government, corporate, commercial, and product role areas. Document core competencies and tasks common across types of cybersecurity administrators. Ensure competency areas and tasks are aligned with the NIST NICE Framework and Skills for the Information Age (SFIA). Expand on the NIST NICE Framework, where it falls short in overall competencies and relevance. Integrate the SFIA to provide a well-rounded view.

Capability

One part of conducting a capability assessment is developing the skills and capabilities of cybersecurity administrators. The contained competencies and tasks provide a consistent and standardized view of capability. The competencies provide input to cybersecurity capability assessments. A gap analysis is then generated to determine capability. The gap analysis and capability assessment inform cybersecurity strategy and the cybersecurity program’s target operating model for the training needed to mitigate gaps in capability.

Competency

Competency areas are broken down into areas of commonality that cybersecurity administrators would need to have as a standardized competency view. The common core competencies provide standardized competency areas consistent across types of cybersecurity administrator roles and functions.

This is not a rigid and inflexible view. It is meant to be foundational, extensible, and modifiable to unique requirements—a starting point.

Tasks

Task areas are broken down into areas of commonality that cybersecurity administrators would be fulfilling as part of day-to-day work efforts. The core task areas provide standardized areas consistent with cybersecurity administrator roles and functions. Task areas may differ based on the cybersecurity administrator’s role and function.

This is not a rigid and inflexible view. It is meant to be foundational, extensible, and modifiable to unique requirements—a starting point.

Cybersecurity administrator types are divided into government, corporate, commercial, and product to differentiate core differences between each type. Generally, most people work within corporate or government environments, not-for-profits, and non-profits. Companies can be publicly or privately held, small to carrier-class enterprises operating globally. Most companies produce wide-ranging products or services or both, considering the sixteen critical infrastructure industry sectors and various non-regulated organizations. The variation of roles and functions is not necessarily very delineated for these entry-level roles. In other words, they tend to be approximately the same across government, corporate, commercial, and product.

One of the critical elements of standardization around competencies and tasks is developing consistent job descriptions and titles. Currently, the variation and variety of job descriptions and titles in the cybersecurity administrator space are immense and inconsistent or not standardized. In addition, there are many odd variations, a lack of understanding of the roles and functions, a misunderstanding of necessary or needed skill sets, or a general misunderstanding of the differences between administrators, analysts, and engineers. Subsequently, this leads to confusion about what the role should be doing or encompass from a skill set perspective.

The skills, competencies, and tasks are presented in a manner that hiring managers can pull from to develop a consistent set of job descriptions. The premise presented here will help reduce job descriptions and title variations while producing more targeted and appropriate roles and functions within a cybersecurity program. As a result, companies across industry sectors can standardize their job descriptions, position titles, and position levels. Likewise, hiring managers can develop a skillset and competency view across their teams to define empirically where they have actual skillset shortages or deficiencies.

Government

Government cybersecurity administrators work in government environments, fulfilling various entry-level roles and functions. Cybersecurity administrators will have a domain specialization (network, system, database, Azure, AWS). However, all cybersecurity administrators have core competencies, even if they specialize in a particular domain.

Niche competencies are noteworthy in identity and access management, application security, database security, and the Internet of Things (IoT), coinciding with industrial control systems (ICS), Industrial Internet of Things (IIoT), and operations technologies (OT).

The main difference here is security clearance requirements.

Roles and functions will follow the NIST NICE Framework.

Prime and subcontractors would fall more into this category.

Corporate

Corporate cybersecurity administrators work in corporate environments, fulfilling various entry-level roles and functions. Cybersecurity administrators will have a domain specialization (network, system, database, Azure, AWS). However, all cybersecurity administrators have core competencies, even if they specialize in a particular domain.

Niche competencies are noteworthy in identity and access management, application security, database security, and the Internet of Things (IoT), coinciding with industrial control systems (ICS), Industrial Internet of Things (IIoT), and operations technologies (OT).

Commercial

Commercial cybersecurity administrators fulfill various entry-level roles and functions. They will have a domain specialization (network, system, database, Azure, AWS). However, all cybersecurity administrators have core competencies, even if they specialize in a particular domain. These roles will likely be a part of staff augmentation within a client company.

Niche competencies are noteworthy in identity and access management, application security, database security, and the Internet of Things (IoT), coinciding with industrial control systems (ICS), Industrial Internet of Things (IIoT), and operations technologies (OT).

Security clearance requirements may exist if working directly with government agencies, a prime, or a subcontractor.

Product

Cybersecurity administrators working for companies that produce a product within their private cloud data centers or public cloud environments will likely be similar to their corporate brethren. They will have a domain specialization (network, system, database, Azure, AWS). However, all cybersecurity administrators have core competencies, even if they specialize in a particular domain.

Not all companies separate their corporate and product environments; not all products in this conversation are strictly cybersecurity.

Niche competencies are noteworthy in identity and access management, application security, database security, and the Internet of Things (IoT), coinciding with industrial control systems (ICS), Industrial Internet of Things (IIoT), and operations technologies (OT).

Security clearance requirements may exist if working directly with government agencies, a prime, or a subcontractor.

Cybersecurity Administrator Skills Matrix

The cybersecurity administrator skills matrix combines the Skills for the Information Age (SFIA) and the NIST NICE Framework. The spreadsheet helps align skills for roles and functions.

Currently, the skills matrix is under construction.

Image

Administrator Related Certifications

Cybersecurity administrator certifications are those at the entry level. These can be widely varying across multiple associations and vendors. They can also encompass a wide range of technologies, knowledge, and practical skills. Most are foundational in nature. CompTIA currently offers the broadest range of certifications, covering a wide variety of foundational topics. Likewise, there are numerous foundational certifications from AWS, Check Point, Cisco, Google, Microsoft, Oracle, Palo Alto, Juniper, Red Hat, SANS Institute, and other organizations.

Getting certifications is a personal choice. It is generally up to the individual to decide whether they want to put the time, effort, and money into achieving them. Some hiring managers want to see them, while others do not. Additionally, please note that the mileage may vary depending on the quality of learning outcomes associated with certifications.

As a working cybersecurity professional, every attempt is made to separate professional and personal endeavors in a manner consistent with reducing conflicts of interest and maintaining ethics. Statements contained within this site are the explicit and implicit goals, objectives, endorsements, and educated opinion of the author of this site and not those of current or former employers.

Image
© 2025 James J. Fisher, All Rights Reserved. Contact Me


This site only uses session cookies for maintaining the state of each page. Users are not tracked, and information is not stored, processed, or analyzed for any other purpose. However, third parties linked to this site may use tracking cookies and techniques outside of the realm of control for this site.