Cybersecurity Awareness, Education, and Workforce Development

Title IV of the Cybersecurity Enhancement Act of 2014 established the “National cybersecurity awareness and education program,” to be led by NIST. NIST carries out this program through a variety of efforts, including:

NICE, which aims to energize and promote a robust network and integrated ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to shape a skilled cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity.

The Federal Information Security Educators (FISSEA), founded in 1987, is an organization run by and for federal government information security professionals to assist Federal Agencies in strengthening their employee cybersecurity awareness and training programs. FISSEA conducts events throughout the year to facilitate the exchange of information and improvement of information systems security awareness, training, and education programs within the Federal Government. It also seeks to provide for the professional development of community members.

Publications and Resources

The NICE Workforce Framework for Cybersecurity (NICE Framework) is a fundamental reference for describing and sharing information about cybersecurity work. It establishes a much-needed taxonomy and common lexicon that describes cybersecurity work and workers irrespective of where or for whom the work is performed. The NICE Framework is used in public and private sectors and across industries for career discovery, education and training, and in hiring and workforce development.

NIST Special Publication 800-50 - "Building an Information Technology Security Awareness and Training Program," provides guidance for Federal Agencies and organizations to develop and manage a life cycle approach to building a Cybersecurity and Privacy Learning Program. The approach is intended to address the needs of both large and small organizations alike as well as those building an entirely new program. The guidance includes suggested metrics and evaluation methods to regularly improve and update the program as needs evolve.

The Small Business Cybersecurity Corner provides resources that help small business identify, assess, manage, and reduce their cybersecurity risks. The resource repository offers videos, planning guides, case studies, topical guidance (e.g., ransomware, phishing, and teleworking), and important information that small businesses can put into action. All resources are free and draw from information produced by Federal Agencies, including NIST and several primary contributors, as well non-profit organizations and for-profit companies.