The first blog highlighting NIST resources for Cybersecurity Awareness Month is from NIST’s Danielle Santos, a program manager for the National Initiative for Cybersecurity Education, or NICE. As the line between our online and offline lives continues to be indistinguishable, the network of connections we have to each other across the globe creates both opportunities and challenges for individuals and organizations. During Cybersecurity Awareness Month, NIST wants to remind everyone “If You Connect IT, Protect IT.” In this blog post, Ms. Santos explains how everyone can take the right security steps to reduce their cybersecurity risks and opportunities for those interested in a cybersecurity career.
I have an undergraduate degree in Business Administration with a concentration in Cybersecurity as well as a bachelor’s degree in Economics from California State University, San Bernardino. While in school, I participated in the CyberCorps: Scholarship for Service program. This scholarship program pays for college as long as I agree to work after graduation for the U.S. Government, in a position related to cybersecurity, for a period equal to the length of the scholarship. After graduating, I started my career with the Department of Homeland Security in their Cybersecurity Stakeholder Engagement and Outreach Office. While there, I became deeply familiar with cybersecurity education activities, including Cybersecurity Awareness Month and the NICE Framework. When I learned that NIST was building up the NICE Program Office, I couldn’t pass up the opportunity to be a part of the team and came to NIST.
This month I’m celebrating my 5th anniversary as the Program Manager for NICE! In this role, I handle the NICE communications and operations activities, supporting the NICE team to help ensure we are coordinated in our efforts and working towards fulfilling NICE’s strategic goals.
The NICE Framework is a fundamental reference for describing and sharing information about cybersecurity work in the form of Task Statements and Work Roles that perform those tasks. The NICE Framework plays a factor in cybersecurity awareness and Cybersecurity Awareness Month by showing people the many different kinds of roles in cybersecurity, the skills required for those roles, and more. It’s a great resource for those already working in cybersecurity as well as for those who may be interested in exploring cybersecurity.
Several useful resources have been created that leverage the information in the NICE Framework to help learners navigate potential cybersecurity careers. For example, the CISA Cyber Career Pathways Tool helps you identify, build, and navigate cybersecurity career pathways by increasing your understanding of the knowledge, skills, and abilities needed to begin, transition, or advance your career. Cyberseek.org is also a helpful resource, specifically for those exploring cybersecurity careers for the first time. CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market, such as job locations, salaries, commonly requested degree and certification requirements, and more.
For me, “If You Connect IT, Protect IT” means that cybersecurity is everyone's job. In the workplace, initiatives like bring your own device (BYOD) are gaining popularity as a mechanism to allow people to use devices they already have to make work life easier, but it does introduce new security concerns. Cybersecurity is no longer just the responsibility of “cybersecurity workers” or those working in the Chief Information Office, but also the responsibility of employees in other offices, like marketing, who use communication tools and apps on their phone for both work and on their personal time. It’s important that everyone knows the cybersecurity basics and knows how to help keep organizations, as a whole, safe and secure. The NICE Working Group published a useful guidebook titled, Cybersecurity is Everyone’s Job, that is intended for a general audience. The guidebook outlines what each member of an organization can do to protect it from cybersecurity threats, based on the type of work the individual performed.
The NICE Framework can help get everyone, especially employers and educators, talking about cybersecurity work the same way. A common taxonomy for employers, educators, and learners will help ensure that the future cybersecurity talent supply will better align to current and future employer needs. The NICE Community is important because we are focused on energizing and promoting an ecosystem of cybersecurity education, training, and workforce development. We aim to help bridge the gap between the number of cybersecurity jobs and the number of people to fill those jobs by helping others understand what skills are needed in the actual workforce.
My favorite thing(s) about working at NIST are the culture and seeing the impact that NIST has. For me, the culture at NIST describes the relationships I have with my colleagues. We all work in a collaborative environment and have real respect for each other. I also really value the reputation that NIST has. I believe NIST is a respected and trusted organization and the public relies on NIST to produce vetted and technically sound best practices. I’ve personally seen many stakeholders across industries, across the country, and even globally, take interest in what NIST is doing, especially in the area of cybersecurity. It’s really cool to see the wide reach and positive impact that NIST has on so many others out there.
NICE has three major events coming up in October through December. First, this year, the NICE Conference and Expo 2020 is going virtual. Instead of the traditional two days back-to-back, this year’s conference will be held over four weeks, one day each week, four hours per day. Each day starts with a welcome greeting, keynotes, and break-out sessions. Conference dates will be October 27, November 5, 9, and 16. The event is hosted by Florida International University and New America and is supported by NIST through a financial assistance award.
We also invite you to participate in NIST Cybersecurity Career Awareness Week November 9th – 14th. You can participate by helping promote awareness and exploration of cybersecurity careers during the weeklong event. Host an event, distribute career awareness materials, or engage through social media. Be creative! If you are new to cybersecurity, you can also learn more by browsing our online materials.
The last event to close out the year will be the NICE K12 Cybersecurity Education Conference December 7th-8th. This virtual event will feature presentations covering the themes of cybersecurity career awareness, infusing cybersecurity across the education portfolio, highlighting innovative cybersecurity educational approaches, designing cybersecurity academic and career pathways, and promoting cybersecurity awareness. The event is hosted by the Internet Keep Safe Coalition (iKeepSafe) and is supported by NIST through a financial assistance award.
Great info. We always tell clients the same thing about IOT sensors, SCADA systems, or any other "production" network that is usually intertwined with "office" computers/servers/network equipment. Network segmentation is key so that there are more layers of protection between one environment and another. In some cases, the "non-office computer network" is more valuable because an outage risks real serious damage, in the form of water pump valves, energy grids, manufacturing automation, and more. In other cases, a single legacy Windows XP computer connected to ancient piece of machinery such as a CNC lathe is the weakest link in an entire company's corporate network.
The key is getting a "second opinion" or 3rd-party assessment on a regular basis.