A Cyber Counterintelligence Competence Framework: Developing the Job Roles


  • Thenjiwe Sithole University of Johannesburg
  • Jaco Du Toit
  • Sebastian von Solms




cyber counterintelligence, cyber counterintelligence job roles, counterintelligence functions, cybersecurity job roles


In recent years, there have been intensifying cyber risks and volumes of cyber incidents prompting a significant shift in the cyber threat landscape. Both nation-state and non-state actors are increasingly resolute and innovative in their techniques and operations globally. These intensifying cyber risks and incidents suggest that cyber capability is inversely proportional to cyber risks, threats and attacks. Therefore, this confirms an emergent and critical need to adopt and invest in intelligence strategies, predominantly cyber counterintelligence (CCI), which is a multi-disciplinary and proactive measure to mitigate risks and counter cyber threats and cyber-attacks. Concurrent with the adoption of CCI is an appreciation that requisite job roles must be defined and developed. Notwithstanding the traction that CCI is gaining, we found no work on a clear categorisation for the CCI job roles in the academic or industry literature surveyed. Furthermore, from a cybersecurity perspective, it is unclear which job roles constitute the CCI field.

This paper stems from and expands on the authors’ prior research on developing a CCI Competence Framework. The proposed CCI Competence Framework consists of four critical elements deemed essential for CCI workforce development. In order of progression, the Framework’s elements are: CCI Dimensions (passive-defensive, active-defensive, passive-offensive, active-offensive), CCI Functional Areas (detection, deterrence, deception, neutralisation), CCI Job Roles (associated with each respective Functional Area), and Tasks and Competences (allocated to each job role). Pivoting on prior research on CCI Dimensions and CCI Functional Areas, this paper advances a proposition on associated Job Roles in a manner that is both intelligible and categorised.

To this end, the paper advances a five-step process that evaluates and examines Counterintelligence and Cybersecurity Job Roles and functions to derive a combination of new or existing Job Roles required for the CCI workforce/professionals. Although there are several cybersecurity frameworks for workforce development, establishing the CCI Job Roles is specifically based on the expression of the Job Roles defined in the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.