Cybersecurity is not just about technical systems – it’s about people, their behaviour, and how they connect and engage with those systems.

Cybersecurity is defined as “the protection of digital information and the infrastructure on which it resides.” However, despite the internet and connected computing being around for over two decades, cybersecurity remains an emerging and evolving field of work. As such, the work has not been well defined in occupational terms and cybersecurity work is often conflated with other organizational roles. Accordingly, this National Occupational Standard (NOS) defines primary cybersecurity work as distinct from other occupations in information technology, security, business management, or public administration.

Occupational standards describe the standards of competent and safe behaviour within a specific scope of work. This NOS supports a variety of functions for cybersecurity practitioners, employers, educators and other workforce development stakeholders such as government, professional associations, sector councils, employment centers, etc. In the case of cybersecurity, it serves another purpose. Cybersecurity is a relatively new and emerging field of work where various work roles have been conflated within the domain. Accordingly, the NOS defines primary cybersecurity work as distinct from other occupations in information technology, security, business management, or public administration.

The cybersecurity NOS focuses on core cybersecurity roles within the four activity work areas as defined in the Canadian Cybersecurity Skills Framework.