Welcome to the summer edition of the National Initiative for Cybersecurity Education (NICE) eNewsletter. Our feature article focuses on the establishment of an apprenticeship model for the NICE work role, secure software development, and describes how workers can earn and learn at the same time. Our academic spotlight focuses on the Colloquium for Information System Security Education (CISSE), an entity which has supported educators, researchers, and practitioners in their efforts to improve curricula and foster discussion of emerging trends in information security and cybersecurity. Congratulations to all of the visionaries and leaders of CISSE for 20 years of pioneering and field-defining leadership. Also inside, you will find articles on a talent pipeline, the new federal cybersecurity HR strategy, a calendar of upcoming events, as well as updates on NICE’s affiliated programs and federally funded projects. We also report on the progress of the NICE Working Group. As the Deputy Director of NICE, I am excited to see the increased engagement that we are experiencing with academia and the private sector. With the addition of NICE Program Office staff leads for academic engagement, industry engagement, and government engagement, we are better able to witness the national dialogue on cybersecurity workforce and education. I am particularly grateful to see the participation and engagement of volunteers in our NICE Working Group, our NICE 2016 Conference Program Committee, and in the many forums and consortiums around the country that are focused on improving our nation’s cybersecurity. We hope you enjoy this eNewsletter and always welcome your feedback and suggestions.
Deputy Director, National Initiative for Cybersecurity Education
USING AN APPRENTICESHIP MODEL TO MEET INDUSTRY NEEDS FOR SECURE SOFTWARE DEVELOPMENT
by Julie Howar, Illinois Central College; Nancy Mead, Software Engineering Institute, Carnegie Mellon University; and Girish Seshagiri, Ishpi Information Technologies, Inc.
The NICE Strategic Plan as part of its goal to “Accelerate Learning and Skills Development,” calls upon employers and educational institutions to “experiment with the use of apprenticeships and cooperative education programs to provide an immediate workforce that can earn a salary while they learn the necessary skills.” The employer-led Central Illinois Center of Excellence for Secure Software (CICESS) partnered with Illinois Central College (ICC) to develop a two-year degree program in secure software development, incorporating an apprenticeship model. It represents a unique collaboration involving industry, government, and academia to provide pathways to middle-class jobs in cybersecurity.
The Case For Apprenticeships
In many countries, including the U.S., there is a growing “skills gap” between the kinds of jobs offered and the skills qualifications of job seekers, resulting in adverse consequences to employers and job seekers alike. The German apprenticeship dual model has successfully helped match jobs and skills in several European countries. The dual model is structured such that time spent in a vocational school for theoretical training is complemented by simultaneous practical training and experience at a partnering company. The apprentices receive a salary as they gain work-related skills. There is growing evidence that the U.S. could reap substantial benefits from this model.
The dual model uniquely helps satisfy the goals established by the CICESS stakeholders:.
Direct connection between education and a middle-class job without accumulating debt,
Skilled workforce for secure software,
Common standard curriculum offerings,
A standard competency-based apprenticeship program,
Higher participation in technology professions by women, minorities, and veterans,
Central Illinois as the destination choice for an exciting career,
A skills formation and workforce development model scalable to other occupations and other communities across the nation.
A Local Initiative and Innovative Design
In September 2013, a meeting between industry, government, and academic stakeholders in Peoria, Illinois, sparked a proposal to create middle-class software developer jobs and make the Peoria area a national center of excellence for producing software that is secure from cyber-attacks. It was proposed that they use the German apprenticeship model to create a skilled workforce that is trained, apprenticed, mentored, and certified in secure software production. The proposal recommended adopting software assurance curriculum recommendations from Carnegie Mellon University/Software Engineering Institute (CMU/SEI) at the community college level.
The initiative would provide career pathways to dislocated workers, and partnering with school districts to graduating high school seniors to pursue software development careers in the Peoria area.
In May 2014, the group established a steering committee consisting of representatives from three local employers, ICC, and local workforce development intermediaries. The committee leveraged and aligned with the National Initiative for Cybersecurity Education (NICE) Workforce Framework.
The steering committee designed innovative elements of the CICESS:
Incorporated relevant topics from the CMU/SEI software process models in a standard apprenticeship curriculum,
Validated that apprentices have acquired secure software development competencies by preparing them for acquiring standard industry certification for Associate of Certified Secure Software Lifecycle Professional (CSSLP) from (ISC)2,
Scheduled for alternating blocks of weeks of academic instruction and apprenticeship on-the-job training,
Used the Berger Aptitude Test (B-Apt) for Computer Programming for entry to the apprenticeship program,
Developed Standards for Computer Programmer (Secure Software) occupation for registering with the U.S. Department of Labor (DoL) Office of Apprenticeship.
American Apprenticeship Initiative (AAI) Grant
In December 2014, DoL announced AAI grants to transform apprenticeships by expanding training into new high-skilled, high-growth industries. The CICESS met and in some cases exceeded the eligibility requirements of the grant proposal:
American Apprenticeship programs combine job-related technical instruction with structured on-the-job learning experiences,
21st century apprenticeship approaches are flexible and can be easily customized to meet the needs of the employer and apprentice,
Apprentices are hired and earn a wage upon registration, and they receive progressive wages commensurate with their skill attainment throughout the training program,
Upon successful completion of all phases of on-the-job learning and related instructional components, registered apprentices receive nationally recognized certificates of completion leading to long-term career opportunities.
In May 2015, the CICESS joined the Illinois Advanced Apprenticeship Consortium, becoming eligible to receive AAI grant funds.
Launch of CICESS
In the fall 2015 semester, the ICC launched the first-in-the-nation AAS degree in Secure Software Development with over 20 students in the program. Twelve of those students were eligible to work toward the apprenticeship. Local employers of varying sizes agreed to offer paid apprenticeships in secure software development. The result was seven paid apprentices from five employers. The timeline of activities in Figure 1 shows the major accomplishments at a glance.
In the fall of 2016, there is a plan to scale up CICESS apprenticeships statewide in Illinois. For the longer term, CICESS will work cooperatively with DoL ApprenticeshipUSA to scale the program nationally. It is believed that communities interested in creating pathways to middle class cybersecurity jobs will benefit from the experience of CICESS to significantly reduce the time it takes to implement an apprenticeship dual model for secure software development.
Return on Investment (ROI) Model
The following CICESS value proposition is available to employers:
Augmentation of your current workforce development methods,
Ability to plan for and satisfy future needs for hard-to-fill secure software developers,
Ability to build a secure software talent pipeline that includes women and minorities who are trained, mentored, and certified,
A cost-effective solution to training and retaining new workers in secure software development,
High retention rates when apprentices become full-time employees ,
World-class training while paying apprentice wages,
Apprentices doing an increasing number of hours of productive work.
One of the CICESS employers shows an anticipated return of $1.83 for every $1.00 invested in the CICESS apprentice using an ROI calculator developed by the Manufacturing Institute.
The use of apprenticeships to accelerate workers into the cybersecurity workforce so that students can earn as they learn is an exciting and promising practice that employers and academic organizations should explore. This practice also exemplifies a value from the NICE Strategic Plan that appeals to the community to “Stimulate Innovation – inspire and experiment with new approaches to education, training, and skills development.” The use of apprenticeships for cybersecurity is also an opportunity for community partnerships to address local workforce needs. All across America, companies, industry associations, educational institutions, and others are coming together to make new commitments and to help lead on apprenticeships. There has never been a better time – and a greater need for a skilled cybersecurity workforce – than now to experiment with the use of an apprenticeship model.
20 YEARS OF CISSE: PAST, PRESENT, AND FUTURE
by Vic Maconachy, Vice President for Academic Affairs, Capitol Technology University and CISSE President, and Dan Shoemaker, Professor and Graduate Program Director, University of Detroit Mercy Center for Cyber Security and Intelligence Studies, CISSE Treasurer
Photo 1: Richard Clark speaks at CISSE 2016
The Colloquium for Information System Security Education (CISSE) turns twenty this year (www.cisse.info). Given how ubiquitous computers have become, it is probably hard to recall what things were like when CISSE was formed. The commercial Internet was in its infancy. Most of the variety of harmful exploits, like identity theft, malware, hacking, and denials of service attacks, had yet to evolve into headline worthy items. While in 1996 anything they called “the cloud” was in the sky, “big data” and “mobile security” still lay in the domain of science fiction, and “social networking” was something you did sitting around a party holding a beer.
The National Colloquium for Information Systems Security Education (NCISSE) was created in 1996 to provide a forum for dialogue among leading figures in government, industry, and academia. The first meeting was held at the Maritime Museum in Linthicum, Maryland with founders, Bill Murray recruiting industry representatives, Vic Maconachy organizing government interest, and Corey Schou leading the academia focus. The original mission was to foster excellence in teaching cybersecurity education and promoting the value and worth of educators of cybersecurity. In June 2002, NCISSE expanded its mission to include greater international participation. To reflect this the organization formally changed its name to The Colloquium for Information Systems Security Education or more simply -- The Colloquium.
The most visible aspect of CISSE’s work is the annual gathering held in June of each year. The colloquy provides a venue where ideas can be presented and discussed on how to best articulate and achieve educational goals in cybersecurity. In that respect, the Colloquium allows cybersecurity educators to come together and learn about the mainstream content from the field and brainstorm novel ideas. Attendees are able to participate in hands-on workshops, attend academic and roundtable presentations, and listen to invited speakers from government, industry and academia. Accepted papers are formally published in the Journal of the Colloquium. Networking with like-minded professionals has led to several efforts that have made a national impact. These include the brainstorming sessions that led to the creation of the Collegiate Cyber Defense Competition (CCDC) and the establishment of the CyberCorps; Scholarship for Service program. It has also served as a platform to highlight the need for Centers of Academic Excellence for two year institutions (CAE-2Y) and has recently expanded its scope to advocate for advances in K-12 cybersecurity education and increasing the representation of women in the profession.
One of CISSE’s newest innovations is the creation of regional colloquia based around geographic regions in the country beginning in 2014. The creation of regional Colloquiums allowed for more grass-roots participation, issue-oriented programs, and participant dialogue with other attendees. The first of these regional chapters was the Midwest Chapter (M-CISSE) established in 2014. The Northwest Chapter (NW-CISSE) was established in the fall of 2015.
The significant growth of interest in cybersecurity has been mirrored by the importance of CISSE over the past 20 years. CISSE has served as a steadfast supporter of educators, industry, and government in their efforts to advance cybersecurity education and workforce development. CISSE has blazed the path at the national level for the benefit of all. As CISSE moves beyond its 20th year celebration, it will continue to serve as a forum for discussion and the development of new ideas.
As the Colloquium moves forward, CISSE will be furthering and improving the state of cybersecurity in higher education on a global scale. The growing interest, indeed demand, in international education and curriculum development will expand the Colloquium’s impact while staying grounded in the field in practice. The recent conference in Philadelphia was a celebration of 20 years of thought leadership, and unveiled the Colloquium’s moving forward into areas such as global cybersecurity education partnerships, exploring the need and timing for professionalization of the cybersecurity higher education practitioners, and increased collaboration with existing organizations working in this arena.
Mark your calendars for the next Colloquium in Las Vegas on June 12-14, 2017.
Photo 2: Davina Pruitt-Mentle, NICE Lead for Academic Engagement, speaks with attendees at CISSE 2016.
TALENT PIPLEINE MANAGEMENT
by Carrie Samson, Manager of Programs, U.S. Chamber of Commerce Foundation Center for Education and Workforce
It is no surprise that the American economy is facing a serious challenge. Millions of jobs remain unfilled across the country because employers cannot find the right talent to fill them. With the Baby Boomer generation retiring at record rates, many of these hiring gaps will only worsen. Yet, while the traditional mental image of the skills gap may evoke scenes of sparsely populated manufacturing floors, many are surprised to learn that one of our largest skills gaps lies in a sector that is more Silicon Valley than Rust Belt—Information Technology (IT) and Cybersecurity.
According to Tonia Patt, VP Talent Acquisition and Career Mobility at ICF International, “Recruiting for candidates specific to the IT industry has changed drastically over the course of the last couple of years. There used to be a plentiful population of applicants when you posted a position. Today you’ll post positions and you’re doing well if you get 2 or 3 applicants and in most cases 75% are unqualified.”
Ms. Patt is not alone. IT companies from all over the U.S. are facing similar problems. More than 209,000 cybersecurity jobs currently sit unfilled in the U.S. today. For example, in the state of Virginia, the gaps in workforce have not gone unnoticed. “We have jobs today in Virginia that are going unfilled,” noted Governor Terry McAuliffe. “More importantly, I realize that if we don’t fill this workforce pipeline, these companies may go to other states.”
With demand only rising, ICF International joined with 11 IT companies in Northern Virginia last year to tackle this challenge like never before—together.
The Northern Virginia companies signed up to pilot a new strategy called Talent Pipeline Management (TPM). Developed by the U.S. Chamber of Commerce Foundation, TPM uses the principles of supply chain management to create demand-driven solutions that allow the business community to engage as leaders of flexible relationships with the “suppliers” of talent. TPM promotes the involvement of employers at every step of the workforce pipeline: from preparation and recruitment to professional development and retention.
“We volunteered to join the TPM pilot because we were excited about the possibility of harnessing public-private partnerships in order to tackle this incredible problem,” said Michelle O’Hara, SAIC’s Vice President of Integrated Talent Management and Chief Diversity Officer.
Using a few of TPM’s six key strategies, the Virginia Employer Collaborative companies—led by Elevate Virginia and Governor McAuliffe’s office—were able to dive into their collective data for the first time to identify the common positions in IT and cybersecurity they had trouble filling and determine the skills and competencies those positions require. Additionally, they looked collectively at their current employees to start determining current sources of talent in these high-demand positions to help plan for future recruitment efforts.
Moving forward, Elevate Virginia is looking to build a fully sustainable employer collaborative and explore ways to accurately measure real-time changes to employer demand by occupation and skills requirements. “The TPM process was invaluable to help us better understand the occupations critical to this group of firms’ success, but also to understand more deeply their skills requirements,” said Sara Dunnigan, Executive Director of the Virginia Board of Workforce Development. “It’s provided a process that turned what looked like an impossible task into something we can address using a number of approaches, in partnership with business.”
Virginia’s work is one example of the impacts the TPM initiative has made since its launch in 2014. From manufacturing in Kentucky to teaching in Arizona, TPM has continued expanding across regions and industry areas providing new strategies for an old problem. With the work far from over, the program will launch its TPM Academy this fall to help others learn how to launch talent pipelines in their own communities.
Back in Northern Virginia, the tech sector is more determined than ever to build a workforce that is ready to succeed in the economy of tomorrow. “The most important asset we have is talent,” said Virginia Secretary of Commerce, Maurice Jones. “We will position Virginia as having the best-prepared workforce for the 21st century.”
For more information, visit www.TheTalentSupplyChain.org
STRATEGY TO EXPAND, RECRUIT, DEVELOP AND RETAIN FEDERAL CYBERSECURITY WORKFORCE
by NICE Federal Government Partner Agencies
The U.S. Office of Management and Budget (OMB) and the U.S. Office of Personnel Management (OPM) have released a new Government-wide Cybersecurity Workforce Strategy. The Strategy details Government-wide actions to expand, recruit, develop, and retain a highly-skilled workforce to counter the increasingly sophisticated cybersecurity threats the Government must thwart on a daily basis. Most importantly, the Strategy presents new approaches to address persistent Federal workforce challenges, anticipating that the Government will see the return on its investment through enhancements to Federal cybersecurity and the improved knowledge, skills, and abilities incoming cyber talent bring to the Federal workforce.
In order to develop the Federal cybersecurity workforce pipeline, the Federal Government is committed to strengthening our brand as an employer of choice that offers rewarding, unique, and dynamic careers serving a noble mission. Agencies are recruiting employees of all skill levels to use their talents to serve their country, supporting the Nation’s financial systems, and securing the defense and intelligence systems. Given the evolving needs and workplace flexibility, the Federal Government welcomes cybersecurity professionals at different times in their careers, creating new opportunities for career growth, development, and innovation for such professionals.
To develop the Strategy, OPM and OMB led four teams of representatives from the Government, private sector, and academia to perform a comprehensive review of existing and forward-leaning strategies for cybersecurity professionals. Incorporating the findings and recommendations of the teams, the following principles were considered in developing the Strategy:
Cybersecurity is a shared responsibility among agency leadership, employees, contractors, private industry, and the American people,
The cybersecurity workforce includes employees who join Federal service at different times in their careers and have different levels of expertise,
The cybersecurity workforce includes a mix of technical and non-technical professionals focused on all aspects of institutional mission,
This is a Government-wide human capital strategy, requiring ownership and action from other agencies and entities,
This initiative focuses primarily on the Federal workforce, with the understanding that contractors also play vital roles in Federal cybersecurity,
The initiative will provide complementary resources to non-cyber professionals, such as foundational cybersecurity training and development and career mobility opportunities,
While every agency is responsible for managing cybersecurity risks and will have staff that serves as part of the cybersecurity workforce, the majority of the civilian cybersecurity workforce will serve in positions at agencies with cybersecurity missions.
The Strategy was developed as a four step model that follows the employee lifecycle. The first step in this process is identifying and mapping cybersecurity workforce needs. This work has begun with Federal agencies working closely with the National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology (NIST) to identify cyber talent gaps based on the NICE Workforce Framework. Second, the Federal Government is seeking to expand the talent pipeline through cybersecurity education and training. This work is the result of an environmental scan that revealed a shortage of talent in cybersecurity given its increasing demand. Expanding cybersecurity education will require the Government to stimulate interest in the cyber-related fields through initiatives such as Computer Science for All, which aims to provide all P-12 students access to a rigorous computer science education. Third, the Federal Government is stepping up efforts to recruit and hire additional cybersecurity talent, recognizing that there is a competitive marketplace for in-demand skills. OMB, OPM, DHS, NIST, and other Federal agencies will employ a wide variety of strategies, such as establishing a DHS Cybersecurity Surge Corps (learn more and apply online at: https://www.usajobs.gov/ResourceCenter/SpotlightDetails/?contentID=1452); implementing a broad recruitment strategy to tap into new sources of talent; and launching a Cybersecurity HR Cadre, an expert group of HR professionals from across the Government, who will execute a model cybersecurity end-to-end hiring process. Finally, the Federal Government is increasing its focus on retaining and developing cybersecurity talent, recognizing that the top talent will be excited to continually learn and grow in their careers. The Federal Government will begin promoting an enterprise-wide approach to retention and development to include a certification and credentialing program, a new cybersecurity employee orientation, and a cybersecurity professional network.
The Federal Government is committed to leading this critical effort to realize Government-wide improvements in its Cybersecurity workforce. And, as OPM and OMB move to the implementation of the Cybersecurity Workforce Strategy, they will continue to seek feedback from Federal partners and external stakeholders.
Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs.
Cybersecurity Education and Awareness Portal
The Department of Homeland Security’s Cybersecurity Education and Awareness portal has released the DHS CMSI PushButtonPD Tool, a no-cost, self-contained, single, stand-alone tool that managers, supervisors, and HR Specialists can use to rapidly draft a federal employee Position Description (PD). The portal also continues to support U.S. Veterans transitioning to cybersecurity careers by offering resources including free training, cyber-related degree programs, and information on scholarships.
Learn more at www.niccs.us-cert.gov
Cybersecurity Human Resources Strategy
Tiger teams focused on the employee life cycle, recruitment and hiring, retention, and learning, and talent development. These topics were analyzed in order to develop proposed solutions for the Human Capital Strategies Plan as described in the Cybersecurity Strategy and Implementation Plan (CSIP). The tiger teams’ recommended strategies to help the Federal Government build the cybersecurity workforce pipeline, recruit, hire, develop, and retain top talent will be released soon.
Advanced Technological Education
Advanced Cyberforensics Education (ACE) Consortium (Daytona Beach, FL)
Daytona State College, the lead institution in the ACE Consortium, was designated a National Center of Digital Forensics Academic Excellence (CDFAE) by the U.S. Department of Defense Cyber Crime Center in April 2015, and also received the National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) designation at the National Cyber Summit in Huntsville, AL, on June 8, 2016.
The ACE Consortium sponsored a train-the-trainer workshop for community college faculty members June 13-16 at Daytona State College. Participants learned about fundamental cyberforensics procedures, network forensics, malware forensics, responding to a live incident, file systems, and gathering and analyzing volatile evidence.
On July 11-14, 60 area high school students will participate in the fourth annual cyber camp co-sponsored by the ACE Consortium and the Florida Cyber Alliance. Students will learn about cybersecurity topics from local industry experts and participate in hands-on individual and team-oriented exercises, which will culminate with a team-based cybersecurity competition.
Center for Systems Security and Information Assurance (CSSIA) (Palos Hills, IL)
Cyber Security Education Consortium (CSEC) (Tulsa, OK)
CSEC encompasses 43 two-year academic institutions in eight states (Oklahoma, Arkansas, Colorado, Kansas, Louisiana, Missouri, Tennessee, and Texas) and has 111 faculty members teaching cybersecurity courses or developing cybersecurity degrees or certificate programs.
The institutions in CSEC have 502 declared security degree majors and 340 students pursuing security-related certifications. During the past year, 169 students graduated with associate degrees, 56 students graduated with bachelor’s degrees, and 243 completed certificate programs. In addition, 341 CNSS certificates were issued to CSEC students, and 721 incumbent workers were served via symposia or multi-day courses.
National CyberWatch Center (NCC) (Largo, MD)
The National Cyber League (NCL) is piloting its first “spring training” as preparation for the 2016 fall season (now in its fifth year) begins. Over 1,000 students and faculty from 300 colleges and universities will use the NCL’s cybersecurity-related challenges in their classes and clubs as they continue to develop and validate cybersecurity knowledge and skills.
On July 22-24, over 350 community college educators will gather in Pittsburgh, PA, for the third annual Community College Cyber Summit (3CS). The theme for 2016 is “Expanding the Boundaries of Cybersecurity Programs at Community Colleges.”
NCC published five e-books in December 2015 (Networking Fundamentals, Ethical Hacking and Systems Defense, Information Security Fundamentals, Introduction to Scripting, and Linux Fundamentals) and continues to work with faculty throughout the country to integrate the e-books into courses. In addition, the center launched a complete cloud-based lab solution with the following benefits: free to instructors, no hardware or software costs for schools (cloud-based), industry-validated content, tech support, competency-based lab exercises with associated Virtual Machines, full Learning Management System (LMS) integration, no browser plug-ins, HTML5 user interface, and mapped to professional certifications. See http://www.nationalcyberwatch.org/programs-resources/curriculum.
The National Cybersecurity Student Association, which was recently launched by NCC, aims to enhance the educational and professional development of cybersecurity students through activities, networking, and collaboration. This group supports the cybersecurity education programs of academic institutions, inspires career awareness, and encourages creative efforts to increase the number of graduates in the field.
National Centers of Academic Excellence in Cybersecurity
The National Centers of Academic Excellence in Cyber Operations (CAE-Cyber Operations) is pleased to announce the 2016 recipients of the CAE-Cyber Operations Designation: The United States Air Force Academy and the University of Texas at El Paso. These two schools are to be commended for their excellent programs dedicated to preparing the next generation of cyber operators for the nation. Both schools were presented their certificates at the CAE awards ceremony on June 8, 2016 at the National Cyber Summit in Huntsville, Alabama.
Learn more at www.nsa.gov/academia/ncae-cd
Cybercorps®: Scholarship for Service
The following six new schools have been awarded the scholarship track of the SFS program: University of Kansas, University of Massachusetts Amherst, Tennessee Technological University, Polytechnic University of Puerto Rico, University of Texas, El Paso, and the New Jersey Institute of Technology.
Learn more at www.sfs.opm.gov
The National Security Agency’s GenCyber program, co-sponsored by the National Science Foundation, provides summer cybersecurity camp experiences for students and teachers at the K-12 level. The goals of the program are to help all students understand correct and safe online behavior, increase interest in cybersecurity careers and diversity in the cybersecurity workforce of the nation, and improve teaching methods for delivering cybersecurity content in K-12 computer science curricula. This year’s camps for students, teachers, or combined student and teacher have already started and will continue through September 2016 in various locations and dates throughout the nation.
Learn more at www.gen-cyber.com
National Cybersecurity Workforce Framework
The National Cybersecurity Workforce Framework is the foundation for increasing the size and capability of the U.S. cybersecurity workforce. The Department of Homeland Security partnered with organizations across the U.S. from private industry, federal and state government, and colleges and universities to develop a comprehensive list of cybersecurity tasks and the knowledge, skills, and abilities required to do those tasks.
Learn more at www.niccs.us-cert.gov/training/tc/framework
The U.S. government provides funding to third parties to develop products that will help advance cybersecurity education, training, and workforce development needs. The following are a few of those projects.
NICE Challenge Project
In the past 6 months, the NICE Challenge Project released 15+ new challenges and introduced two new forms of challenge. These new challenges are called Hybrid Challenges and Threat Sandboxes. Hybrid Challenges are designed to better serve tasks within the NICE Workforce Framework that benefit from having a virtual environment as a reference, but does not require actual modification (i.e. analyze and define data requirements and specifications). Threat Sandboxes utilize the project’s environments as safe play zones with live vulnerabilities/malware implanted in them so players can better understand select high profile threats. During this time, the project also released the beta version of their WebPortal. Through the WebPortal, curators (professors and administrators) can register players (students and workers) on the system and provide them with finished environments and challenges.
Learn more at www.nice-challenge.com
Cybersecurity Jobs Heat Map
The Cybersecurity Heat Map team continues to make progress on multiple fronts. On the data front, the team has finalized the data template and will begin collecting live data from cybersecurity certifying bodies. This data stream is one of the “workforce supply” facets of the map. On the branding, promotion, and utilization fronts, the team is working through a number of tasks to ensure the fall rollout has maximum impact.
Learn more at www.nist.gov/nice/map
National Integrated Cyber Education Research Center
The Cyber Innovation Center (CIC), through its National Integrated Cyber Education Research Center, has developed a robust library of K-12 curricula that builds strong STEM fundamentals, incorporates cyber and computer science concepts, and highlights cybersecurity. Today, teachers across 48 states are accessing this content to transform classrooms into 21st-century learning environments. The CIC continues to partner with colleges and universities as well as multiple state departments of education on statewide strategies for curricula adoption, implementation, and professional development for teachers.
Learn more at www.NICERC.org
Consortium Enabling Cybersecurity Opportunities and Research
The Consortium for Enabling Cybersecurity Opportunities and Research (CECOR) is off to a grand start. In just 18 months, CECOR has made a visible impact within several communities that serve underrepresented groups in STEM disciplines, especially computer science and cybersecurity. CECOR partners have increased faculty and student capacity through the installation of new infrastructure and the development of new cybersecurity courses for students and faculty, hosted K-12 students in summer camps and collaborated on research opportunities that include faculty and students. Additionally, the national laboratories have hosted 70 students while extending three offers of employment to consortium school students after the first year. CECOR is very well positioned to reach its overarching goal to produce well-qualified cybersecurity professionals in significant numbers to address the pressing cybersecurity workforce shortage.
The NICE Working Group (NICEWG) meets on a regular basis to develop concepts, design strategies and pursue actions that advance cybersecurity education, training, and workforce development. The following subgroups have been established and have begun to align their group activities to the NICE Strategic Plan: K-12, Collegiate, Competitions, Training and Certifications, and Career Development and Workforce Planning. Small project teams with identified deliverables are coming together within each subgroup to further provide structure and actions that will be reported at the NICE Annual Conference and Expo on November 1-2, 2016.
Learn more or sign up to participate in the NICE Working Group at the Working Group’s website.
Community College Cyber Summit - July 22-24, 2016
Register Now for the Community College Cyber Summit (3CS) 2016. There is limited space remaining! 3CS will take place this year on July 22-24, 2016 in Pittsburgh, Pennsylvania.
Who Should Attend?
3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. This year, the Summit will feature tracks for faculty and colleges new to the cybersecurity field, for faculty experienced in cybersecurity, for colleges with established cybersecurity education programs, and for infusing cybersecurity throughout the nation’s critical infrastructure and across the college curriculum.
3CS will take place in conjunction with the High Impact Technology Exchange Conference (HI-TEC). The cybersecurity-related Advanced Technological Education (ATE) centers will offer HI-TEC sessions intended to bring more of the ATE institutions into the cyber education arena. This year's HI-TEC conference begins right after 3CS concludes and runs through Thursday, July 28, 2016.
Learn more at the 3CS website.
Information Assurance Symposium - August 16-18, 2016
Register Now for the Information Assurance Symposium (IAS). Registration will close on July 22, 2016, or when event capacity is reached. IAS will take place this year August 16-18, 2016 in Washington, D.C.
The IAS brings together leaders and practitioners to share vital information and provide direction and best practices to meet today’s challenges in Information Assurance and the cyber environment. This year, the IAS will feature 5 tracks:
Learn more at the IAS website.
National K-12 Cybersecurity Education Conference - October 6-7, 2016
Save the Date for the National K-12 Cybersecurity Education Conference to be held October 6-7, 2016 in Arlington, VA.
The National K-12 Cybersecurity Education Conference brings together attendees to address the challenges and opportunities of cybersecurity education in elementary and secondary schools. The conference includes workshops, keynote speakers, panel discussions, and exhibits designed to promote cybersecurity, career awareness and support academic preparedness of K-12 students.
Who Should Attend?
Learn more at the K-12 Conference website.
NICE Annual Conference & Expo 2016 - November 1-2, 2016
NICE 2016 is a great opportunity to spend two days with thought leaders from academia, government, industry, and non-profits to address the cybersecurity education, training, and workforce needs of the nation. NICE 2016 includes an exhibition hall where tools, techniques, and opportunities can be explored.
Who Should Attend?
Learn more at NICE 2016’s website.