Cybersecurity professionals are among the most sought-after workers in the United States, but there is a massive shortage of trained applicants. We spoke with NIST National Initiative for Cybersecurity Education (NICE) Director Rodney Petersen about the rewards of choosing a career in cybersecurity and how to close the skills gap.
I have been involved in higher education for 30 years. Most recently, my work in higher education has supported chief information officers and chief information security officers to increase privacy and security of data, information systems and networks. That provided a practical perspective about what owners and operators need with respect to a knowledgeable and skilled workforce. In my role as the director of the National Initiative for Cybersecurity Education (NICE), I have pivoted to support the educational ecosystem that is producing the next generation of cybersecurity practitioners.
According to ISC2 Global Information Security study projects 1.8 million open jobs in cybersecurity worldwide by 2022. However, the greatest challenge is defining cybersecurity jobs and making sure we are effectively communicating the variety of jobs or work roles that exist in cybersecurity. That is where the NICE Cybersecurity Workforce Framework comes into play. The NICE Framework provides a taxonomy by which to describe cybersecurity work and breaks down the career field into seven broad categories, 33 specialty areas, and 52 work roles. The NICE Framework also describes the knowledge, skills and abilities that are needed to perform certain tasks that are associated with work roles. The most common knowledge areas that cut across all cybersecurity jobs include knowledge of: risk management processes; cyber threats and vulnerabilities; laws, regulations, policies, and ethics; cybersecurity and privacy principles; computer networking concepts and protocols; and specific operational impacts of cybersecurity lapses.
It depends (and I’m not just saying that because of my training as a lawyer!). It depends on which of the variety of jobs that you hold. In fact, one of the cybersecurity work roles in the NICE Framework is legal advisor. Your day may consist of writing or reviewing legal agreements, developing organizational policies, or responding to a security breach of personal information. Or, you might be a software developer (and if you are developing new applications we hope that you will build them “secure by design”). Or, you might be a security architect who is designing and deploying technical and policy architecture that secures the enterprise and your day is spent researching, designing and integrating solutions. The possibilities are varied and the room for creativity is endless.
First, PREPARE. Use resources such as CyberSeek.org—the interactive jobs heat map and career pathway portal—to explore cybersecurity career opportunities. Second, NETWORK. Identify people who can describe cybersecurity work and open doors or serve as a mentor to guide you. Third, ACQUIRE SKILLS. Pursue hands-on learning opportunities through education and training that provide the necessary knowledge, skills and abilities identified in the NICE Framework, ideally validated through an academic degree, certificate of study or certification. Finally, GAIN EXPERIENCE. Nothing impresses employers more than real-world experience acquired through participating in cybersecurity competitions, volunteer activities, internships or part-time or full-time employment in a related field.
What is the pay? Just kidding! Even though cybersecurity jobs pay very well and provide a financially rewarding career, the real reward is that cybersecurity jobs provide really exciting and rewarding work. There are new challenges every day. There is an intrinsic reward in solving a problem or developing a solution. There is satisfaction in being part of protecting and advancing an organization’s mission. Cybersecurity is cool, fun and intellectually stimulating.
Thank you for this information.
Mr. Petersen. Thank you for your Dynamic enthusiasm educating young and old Cyber Security Professionals. I am a passionate about the Publications from NIST. I had the Honor and Privilege to work for DIA and DoD as a Professional in the Cyber Security and IA arena. I am retire now but planning to go to work next year in this field so I will be reading a few Cyber courses listed in your Catalog. I am proud of all the people that writes such an incredible Publications which I used before and made my Professional life much better under the direction of Mr. Ross. Thank you again
Thank you for this awesome information!
Such a valuable information in this blog its really help me in the future.