NICE 2016 Spring eNewsletter

| Featured Article | Academic Spotlight | Industry Spotlight | Government Spotlight | Affiliated Programs Updates | Funded Projects Updates | NICE Working Group Updates | Key Dates |

Subscribe to the NICE eNewsletter

Rodney Petersen

Director, National Initiative for Cybersecurity Education

Featured Article:

Introducing the NICE Strategic Plan

by Rodney Petersen, Director, National Initiative for Cybersecurity Education

The National Initiative for Cybersecurity Education (NICE) has been operating under a strategic plan that was developed in 2012. As a result of new leadership and increased federal investments, the NICE Program Office is strengthening engagement among stakeholders and updating NICE’s strategic directions.  Additionally, the Cybersecurity Enhancement Act of 2014 (Act) reaffirms the role of NICE, and Title IV of the Act directed the National Institute of Standards and Technology (NIST), as the lead for NICE, to develop and implement a new strategic plan by December 2015 to guide Federal programs and activities in support of the national cybersecurity education program. 

The Act further directs NIST, “in consultation with appropriate Federal agencies, industry, educational institutions, National Laboratories, the Networking and Information Technology Research and Development program, and other organizations, [to] continue to coordinate a national cybersecurity . . . education program . . .”  and to develop:

“(5) supporting formal cybersecurity education programs at all education levels to prepare and improve a skilled cybersecurity and computer science workforce for the private sector and Federal, State, local, and tribal government; and

(6) promoting initiatives to evaluate and forecast future cybersecurity workforce needs of the Federal government and develop strategies for recruitment, training, and retention.”

The NICE Strategic Plan is the result of engagement and deliberation among NICE partners in government, academia, and industry. The plan outlines a vision, mission, values, goals and objectives for NICE. NICE partners will continue to develop appropriate implementation strategies and metrics.

NICE Vision

The NICE vision is for a digital economy that is enabled by a knowledgeable and skilled cybersecurity workforce. The increasing reliance of both the public and private sectors on a resilient cyberspace for the delivery of online services to citizens and consumers demands a holistic effort that includes the need for people with the necessary knowledge, skills, and abilities to perform tasks that lead to increased security of data and computer networks.

NICE Mission

The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. Although the NICE acronym emphasizes education, training provides an increasingly important educational opportunity, whether provided by a commercial entity or employer. Certifications, especially when accompanied by hands-on learning and performance-based assessments, are credentials that can be used to validate knowledge, skills, and abilities. NICE is also focused on developing a skilled cybersecurity workforce, so making sure that educational providers and employers are aligned with the National Cybersecurity Workforce Framework (or NICE Framework) is a priority.

NICE Values

Perhaps the most important aspect of the strategic plan development over the past year was the socialization process that led to the creation of a shared set of values. Collaboration and Communication are at the center of how NICE hopes to create a sense of community that will encourage stakeholders to Share Resources. We serve diverse communities and rely on thought leadership from across economic sectors so it is important that we Model Inclusion in our programs and activities. We also want to be known for our ability to Pursue Action and get things done so it is important that we Challenge Assumptions, Seek Evidence, and Measure Results. The challenges are immense and the status quo is insufficient so we must be prepared to Embrace Change and look for ways that we can Stimulate Innovation. Together, as a community, we can collectively make progress to close the cybersecurity skills gap and enhance our economic and national security.

NICE Goals and Objectives

The strategic plan sets forth a broad set of goals and objectives designed to inform actions and determine priorities for the next few years.  The NICE Interagency Coordinating Council and the NICE Working Group will establish more detailed plans and metrics to ensure successful implementation of the plan.

Recognizing the widening gap between the growing demand for skilled cybersecurity workers and the available supply, the first goal is to Accelerate Learning and Skills Development.  We must inspire a sense of urgency in both the public and private sectors to address the shortage of skilled cybersecurity workers. This goal represents perhaps the greatest challenge and most critical need to identify creative and effective ways to close the skills gap. The objectives under this goal challenges us to experiment with new approaches, such as the use of apprenticeships and cooperative education programs, to move students into the workforce more rapidly. The objectives also invite us to find ways to move displaced workers or underemployed individuals into cybersecurity careers.

The second goal, recognizing the unique contributions of educational providers and the backgrounds of diverse learners, compels us to Nurture a Diverse Learning Community. The aim is to strengthen education and training across the ecosystem to emphasize learning, measure outcomes, and diversify the cybersecurity workforce. There have been significant investments to develop education programs, co-curricular experiences, training and certifications; however, we must work to continuously improve to make sure that those programs are having the intended impact on diversity. The Centers for Academic Excellence in Cybersecurity led by the U.S. Department of Homeland Security, the National Security Agency and the Advanced Technological Education Centers in Cybersecurity funded by the National Science Foundation represent significant momentum to build capacity and increase participation by institutions of higher education. It is widely recognized that to sustain the pipeline needed for a robust cybersecurity workforce that we must introduce students to career opportunities as early as possible and ensure that their academic preparation in secondary schools propel them into higher education. The underrepresentation of women and minorities and the underutilization of veterans in the cybersecurity workforce is a well-documented concern, and we must develop concrete actions that reverse that trend.

Finally, the opportunities afforded by cybersecurity employment will provide an economic development boom to communities, but public sector and private sector employers need guidance to help them navigate this ever-changing career field. That is why our third goal is to Guide Career Development and Workforce Planning. Human resource professionals, hiring managers, and cybersecurity professionals require support to address market demands and enhance recruitment, hiring, development, and retention of cybersecurity talent. The Cybersecurity Jobs Heat Map, a grant provided by NIST to CompTIA and Burning Glass, is part of the overall objective to identify and analyze data sources that support projecting present and future demand and supply of qualified cybersecurity workers. Additionally, the NICE Challenge Project (https://www.nice-challenge.com), a grant provided by NIST to the California State University, San Bernardino, is creating virtual challenges based on the NICE Framework tasks. The Cybersecurity Workforce Development Toolkit (https://niccs.us-cert.gov/home/cybersecurity-workforce-development-toolkit) developed by the U.S. Department of Homeland Security and The HR Professional’s Guide to a Cyber-Secure Workforce (https://www.cisecurity.org/workforce/workplace/HR.pdf) developed by the Council on CyberSecurity are both examples of tools that will assist human resource professionals and hiring managers.

Conclusion

These are exciting times to work in cybersecurity. The work that NICE and its partners will do in the coming months to execute upon this strategic plan will be critically important to our nation.  We invite you to join us for what promises to be an exhilarating and fulfilling ride.

Academic Spotlight:

Creating a 21st Century Learning Environment for 21st Century Jobs

by G.B. Cazes, Vice President, Cyber Innovation Center

The nation and its citizens face an active and growing cyber threat along with a critical shortage of cybersecurity professionals. In a report released by ISACA, they state that there will be a shortage of 2 million cybersecurity professionals by 2019⁽¹⁾.

Building a strong science, technology, engineering, and mathematics (STEM) foundation early while incorporating cyber awareness is critical to ensuring students become interested in related degrees and career fields.
Today’s workforce requires students to possess fundamental STEM and cyber skills in order to be globally competitive. The National Integrated Cyber Education Research Center (NICERC), an academic division of the Cyber Innovation Center funded by the U.S. Department of Homeland Security, was created to design, develop, and advance both cyber and STEM academic outreach and workforce development programs across the nation. NICERC’s other objectives are to nationally disseminate innovative practices in cyber education, to promote a culture of educational innovation, and to serve as a catalyst for future research in cyber education.
NICERC programs have become a national model for cyber education - a model that focuses on teacher professional development, curricular design, and collaboration in K-12 education. Through a diverse, multi-disciplinary team of university faculty, subject matter experts, and master teachers, NICERC has developed vertically integrated, cross-curricular, project-driven curricula for middle and high school classrooms that are available to any K-12 teacher in America. Courses include the following: STEM: Explore, Discovery, Apply (STEM EDA); Cyber Literacy; Cyber Literacy II; Cyber Science; Physics; Advanced Math for Engineering and Science; and Computer Science. Each course, consisting of 180+ hours of curricula, helps make-up a robust cyber pathway rooted in strong STEM fundamentals.
In addition to free access to its curricula, NICERC provides many professional development opportunities for teacher. NICERC hosts regional workshops to empower middle school teachers and administrators to integrate the curricula into the classroom. Also, NICERC’s professional development team travels across the country to host multi-day trainings for schools, school districts, and state departments of education.
NICERC also hosts an annual conference for high school teachers, the Education Discovery Forum. This week-long forum leads teachers through a deep-dive into the high school curricula. Attendees are introduced to best-practices as well as teaching strategies, resources, and technology for the classroom. This year, the Education Discovery Forum will be held in the Dallas, Texas area the week of July 18. Scholarships are available.
The next generation learner requires a different methodology of teaching. In addition to being motivated by a different set of goals, this generation of students prospers in a different learning environment than previous generations. Educators must have the means to transform their classrooms into 21st century learning environments that engage students in new ways through project-based curricula.
Teachers are key to creating a systemic and sustainable change in K-12 cyber education. Imagine a classroom full of students who are on the edge of their seats, filled with enthusiasm and questions, and excited about learning how science, technology, engineering, math, and liberal arts all integrate. It's a unique learning environment that many teachers strive to create in their classrooms. Allow NICERC be a part of the solution and to work with your district/school in developing implementation plans, professional development plans, and much more. Log on to www.NICERC.org for curricula access and more information.

Industry Spotlight:

Moving Wounded Warriors from the Physical Battlefield to the Cyber Battlefield

by Jim Wiggins, Executive Director at the FITSI Foundation

(The photo above shows W2CCA students studying for next cybersecurity certification exam)

Today’s cyber-attacks continue to become more technically astute and effective. These attacks are targeting the intellectual property and economic foundations of organizations in every industry, vertical and country. The theft of such information is a common occurrence as critical information systems are infiltrated through Internet connections and vital economic capital, critical technologies, and other forms of national wealth are being plundered.
Real life events demonstrate that those organizations employing highly technical cybersecurity professionals in areas such as incident response, network defense, and penetration testing or forensics analysis are in the best position to identify, quarantine and remediate today’s cyber threats. The differentiator is not just a device or appliance. There is a critical need for people who are able to use judgment and analysis at a deep technical level that can make a difference.
In 2012, we started a nonprofit organization called the FITSI Foundation (a 501c3 public charity) to help fill this void by retraining wounded warriors as cybersecurity specialists, at no cost to them. The name of the program is the Wounded Warrior Cyber Combat Academy (W2CCA).  We saw this population as an ideal group of individuals that possessed the necessary prerequisites:  honor, integrity, love of country, desire to continue to make any difference and ability to be retrained. Leveraging industry certifications, we stitched together a body of knowledge that could take an individual with no background in IT or cyber and, over the course of a year, teach them how to protect and defend information systems. We put them through the following certifications:  A+, Network+, Linux+, Security+, CASP and CEH. Additionally, many of the warriors would take cyber internships at the National Cybersecurity Center of Excellence (NCCoE), National Aeronautics and Space Administration (NASA), or the Pentagon while they were recovering at Walter Reed Medical Center in Bethesda, Maryland.
The results have been pretty impressive. We started with 35 wounded warriors in two cyber teams (Cyber Team 1 and Cyber Team 2) and we have close to 100 warriors on the waitlist who want to be involved in Cyber Team 3. For those that remained engaged and completed the training and internship, we’ve seen a 90%+ job placement. While we lost around 40% of the original 35 warriors (for a number of personal reasons), 20 have gone through the program and all but one have taken IT or cyber jobs in government or private sector. These are good paying jobs that allow the warriors to earn a respectable living, taking care of their families after having sustaining life-altering injuries on the battlefield.
Education has the ability to change a life. The FITSI Foundation believes that education is the best means to help move our nation’s heroes from the physical battlefield to the cyber battlefield. If you’d like more information on W2CCA or want to learn how you can support the program, please visit the W2CCA’s program website at http://www.w2cca.org.  Also, please feel free to contact Jim Wiggins directly at 703-828-1196 x701 or jim.wiggins [at] fitsi.org (jim[dot]wiggins[at]fitsi[dot]org).

(The photo above shows W2CCA students networking with General Keith B. Alexander (Ret), former Director of Cyber Command and the National Security Agency)

Government Spotlight:

Table 1. CNAP Summary

PRE-CNAP focus Federal Cybersecurity Workforce

Prior to the release of CNAP, executive departments and agencies were focusing on tasking found in the Cybersecurity Strategy and Implementation Plan⁽⁷⁾ (CSIP) released by OMB on October 30, 2015 CSIP is designed to strengthen Federal civilian cybersecurity through the following five objectives:

1. Prioritized Identification and Protection of high value information and assets;
2. Timely Detection of and Rapid Response to cyber incidents;
3. Rapid Recovery from incidents when they occur and Accelerated Adoption of lessons learned from the Sprint assessment;
4. Recruitment and Retention of the most highly qualified Cybersecurity Workforce talent the Federal Government can bring to bear; and
5. Efficient and Effective Acquisition and Deployment of Existing and Emerging Technology.

Objective 4 connects directly with the strategic goals and objectives of NICE.
CSIP tasked OPM to develop a Cybersecurity Human Resources Strategy by April 2016. OPM established four teams (Workforce Data Analysis, Hiring and Recruitment, Learning and Talent Development, and Retention) to work on drafting the Cybersecurity Human Resources Strategy. This strategy is being built while OPM also works to map the entire cyber workforce landscape across all agencies and identify cyber talent gaps. It will provide recommendations for closing those gaps. NICE and the members of the NICE ICC have participated in the strategy building process drawing attention to the activities already occurring to meet the strategic goals and objectives of NICE. We emphasize opportunities to connect with the NICE Working Group, which includes members who have knowledge of the private sector, academic and training programs that support the Federal cybersecurity workforce today, and those we wish to recruit into Federal service in the future.
CSIP identified the value of the DHS Automated Cybersecurity Position Description Tool that uses the common lexicon established in the National Cybersecurity Workforce Framework⁽⁸⁾ to enhance cybersecurity workforce recruitment by decreasing the applicant time-to-hire and by ensuring cybersecurity job announcements contain clear, technical content. NICE hopes to see the private sector recognize the value of the position description tool for cybersecurity job postings on commercial employment websites.
CSIP asked OPM and OMB to consult with NICE to develop recommendations for Federal workforce training and professional development for functional areas that include legal counsel, budget, procurement, privacy, and civil rights and liberties.
Subsequent to the release of CSIP, the President signed into law on December 18, 2015:
H.R. 2029 – the “Consolidated Appropriations Act, 2016,” which provides fiscal year 2016 full-year appropriations through September 30, 2016 for all agencies.
The Consolidated Appropriations Act, 2016⁽⁹⁾ includes Division N – Cybersecurity Act of 2015.  Title III of Division N tasks OPM working with the head of each Federal agency to conduct cyber workforce measurement initiative and to identify cyber-related roles of critical need.

¹https://www.whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan

Affiliated Programs Updates:

Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs.

Cybersecurity Education and Awareness Portal

The Department of Homeland Security’s Cybersecurity Education and Awareness portal promotes cybersecurity knowledge and innovation by increasing professional expertise and public awareness. Employers, educators, professionals, and students can use the portal to access a course catalog, workforce development toolkit, sample curriculum, and more.
Learn more at www.niccs.us-cert.gov.

Cybersecurity Human Resources Strategy and Special Cyber Workforce Project

The Office of Personnel Management is leading the development of a Cybersecurity Human Resources Strategy that addresses Recruitment and Hiring, Learning and Talent Development, and Retention for the Federal cybersecurity workforce. OPM also leads the Special Cyber Workforce Project that oversees the process by which agencies code their workforce to identify the positions that perform significant cybersecurity work and a dataset that can be analyzed to identify future workforce needs and gaps.

Advanced Technological Education

The National Science Foundation’s Advanced Technological Education (ATE) program supports the education of technicians for the high-tech fields—including information technology and cybersecurity—that drive the U.S. economy. ATE accomplishes this by providing grants to develop and evaluate innovative activities that improve technician education, particularly in community colleges and secondary schools.
Learn more at www.atecenters.org/security-technologies and www.nsf.gov/ate.

National Centers of Academic Excellence in Cybersecurity

The National Security Agency’s National Centers of Academic Excellence in Cybersecurity (CAE-C) programs aim to reduce vulnerability in our national information infrastructure by promoting higher education and research and producing a growing pipeline of professionals with cybersecurity expertise in various disciplines. The National Centers of Academic Excellence in Cyber Defense (CAE-CD) are led by the National Security Agency and the Department of Homeland Security.
Learn more at www.nsa.gov/academia/ncae-cd.

Cybercorps®: Scholarship for Service

The National Science Foundation’s CyberCorps®: Scholarship for Service (SFS) program, co-sponsored by the Department of Homeland Security, is a program that provides scholarships that may fully fund the typical costs incurred by full-time students while attending a participating institution, including tuition, stipends, and related fees. In return, students receiving SFS awards must agree to serve in a government agency upon graduation for a period equivalent to the length of their scholarship.
Learn more at www.sfs.opm.gov.

GenCyber

The National Security Agency’s GenCyber program, co-sponsored by the National Science Foundation, provides summer cybersecurity camp experiences for students and teachers at the K-12 level. The goals of the program are to help all students understand correct and safe online behavior, increase diversity and interest in cybersecurity and careers in the cybersecurity workforce of the nation, and improve teaching methods for delivering cybersecurity content in K-12 computer science curricula.
Learn more at www.gen-cyber.com.

National Cybersecurity Workforce Framework

The National Cybersecurity Workforce Framework is the foundation for increasing the size and capability of the US cybersecurity workforce. The Department of Homeland Security partnered with organizations across the US from private industry, federal and state government, and colleges and universities to develop a comprehensive list of cybersecurity tasks and the knowledge, skills, and abilities required to do those tasks.
Learn more at www.niccs.us-cert.gov/training/tc/framework.

Funded Projects Updates:

The US government provides funding to third parties to develop products that will help advance cybersecurity education, training, and workforce development needs. The following are a few of those projects.

NICE Challenge Project

The NICE Challenge Project, led by California State University, San Bernardino, is designed to create a flexible set of challenge environments and supporting infrastructure with a low barrier of use in which one would be able to perform the tasks outlined in the National Cybersecurity Workforce Framework. It can be used as a platform for instruction as well as to evaluate those who endeavor to be part of the cybersecurity workforce.
Learn more at www.nice-challenge.com.

Cybersecurity Jobs Heat Map

The Cybersecurity Jobs Heat Map, being developed by CompTIA in partnership with Burning Glass Technologies, will provide a data visualization of the need for and supply of cybersecurity workers to guide employers, job seekers, policy makers, education and training providers, and guidance counselors. The Map will also provide information on the supply of workers with relevant credentials. This project will also show career pathways in cybersecurity that chart opportunities for advancement in the field.
Learn more here.

National Integrated Cyber Education Research Center

The National Integrated Cyber Education Research Center (NICERC), as the academic outreach and workforce development arm of the Cyber Innovation Center, provides hands-on professional development, curricula, programs, and competitions to engage students in STEM disciplines. NICERC has developed programs to enable K-12 teachers to motivate creativity and innovation in students through problem-solving, critical thinking, and communication.
Learn more at www.NICERC.org.

Consortium Enabling Cybersecurity Opportunities and Research

The Consortium Enabling Cybersecurity Opportunities and Research (CECOR) is a collaborative project to develop a K-20 pipeline for the cybersecurity workforce. Consortium partners include 13 historically black colleges and universities, one public school district, and two national laboratories. CECOR is creating a sustainable workforce development program to produce well-qualified cybersecurity professionals in significant numbers to address the pressing cybersecurity workforce shortage, in particular for the National Nuclear Security Administration and its laboratories.

NICE Working Group Updates:

The NICE Working Group (NICEWG) has been established to provide a mechanism in which public and private sector participants can develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development. Over the past few months, the NICEWG has had a kick off meeting as a NIST Public Working Group. Subgroups have also started meeting to identify project teams and develop ideas on how each group will align to the NICE Strategic Plan.
Learn more at the NICE Working Group’s website.

Key Dates:

NICE Conference 2016 Call for Proposals Due May 31, 2016

The Call for Proposals is now available for NICE 2016, the 7th Annual National Initiative for Cybersecurity Education Conference & Expo, taking place in Kansas City, Missouri, November 1-2, 2016. This year’s theme, “Innovations to Shape the Future Cybersecurity Workforce,” aims to showcase effective collaborations, bold experiments and innovations, and other potentially game-changing methods in support of the NICE strategic goals to Accelerate Learning and Skills Development, Nurture a Diverse Learning Community, and Guide Career Development and Workforce Planning.
The NICE 2016 Program Committee seeks your participation as a presenter or panelist for one of the 45- minute sessions in this powerful three-track conference. NICE 2016 offers unparalleled opportunities to demonstrate how your programs, ideas, technologies and processes support the continuing development of tomorrow’s cybersecurity leaders. Today’s efforts will drive business and job growth, provide opportunity, as well as provide enhanced security for our nation. Share your knowledge and experience by submitting a proposal.
Proposals will be accepted through May 31, 2016, and should be submitted by selecting “Submit Abstract” on the Call for Proposals page of NICE 2016.

National Cyber Summit June 8-9, 2016

The National Cyber Summit will be held June 8-9, 2016 at the Von Braun Center in Huntsville, Alabama. This conference has become the preeminent event in the Southeast for cyber training, education, and workforce development for the ever-evolving threat. Attendees benefit from a diverse offering of educational training sessions, technical and management presentations, and keynotes from world-class speakers. This is a great opportunity to network with your peers, showcase your solutions, and learn new skills.
Learn more at the National Cyber Summit’s website.

1. K-12 School, College, and University Educators
2. Training and Certification Providers focused on validating knowledge, skills, and abilities of the cybersecurity workforce
3. Business and Nonprofit Leaders in Cybersecurity and Workforce Development
4. Career Development Professionals
5. Cybersecurity Co-Curricular Planners
6. Employers who need to prepare, educate, recruit, train, develop, and retain a highly-qualified cybersecurity workforce   
7. Students

Learn more at NICE 2016’s website.