Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NICE 2017 Fall eNewsletter

| Featured Article | NICE Framework in Focus | Academic Spotlight | Industry Spotlight | Government Spotlight | Affiliated Programs Updates | Funded Projects Updates | NICE Working Group Updates | Key Dates

Subscribe to the NICE eNewsletter


Alina Aragon_NICE
Welcome! My name is Alina Aragon and I’ve been working with the NICE Program Office as an Undergraduate Intern. My projects this summer have helped me gain new and valuable insight on cybersecurity education and career opportunities. My interest in pursuing cybersecurity as a career occurred in June 2015 when I first attended a GenCyber camp. This experience led to attending and speaking at the 2015 NICE Conference and participating in another GenCyber camp in 2016, as a volunteer.

My involvement in these activities motivated me to pursue a degree in Information Systems and Technology with a concentration in Cybersecurity at California State University, San Bernardino. Shortly after starting the degree program, I was hired at the Cybersecurity Center on campus where my responsibilities included serving as technical support on the NICE Webinar Series. This summer I’ve continued my support of the NICE Webinar series as well as contributed to various projects including researching education and workforce data and providing support on the response to the "Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." I hope to see you all on next month's webinar: "Cybersecurity Careers for Autistic People!"  

Alina Aragon
Undergraduate Intern, NICE

Featured Article:

4 THINGS YOU SHOULD KNOW ABOUT COLLABORATING TO GROW THE CYBERSECURITY PIPELINE
By Patty Buddelmeyer, Southwestern Ohio Council for Higher Education; John Costanzo, Old Dominion University; Sanjay Goel, University at Albany, State University of New York; David Hernandez, Chicanos Por La Causa; Debbie Sagen, Pikes Peak Community College; Danielle Santos, NICE
 

In September of 2016, NIST awarded grants totaling nearly $1 million for five pilot projects that are taking a community approach to addressing the nation’s shortage of skilled cybersecurity employees. For the past year, these five Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) cybersecurity education and workforce development have been carrying out multiple efforts. These efforts include building interest in, and pathways to, becoming a cybersecurity professional and encouraging more employer engagement in local communities in order to influence education and training providers to develop job-driven training that provides the skills that businesses need. 

1. Who can join a regional alliance?

RAMPS project groups have been reaching out to and coordinating with multiple types of stakeholders including, but not limited to:

  • Schools (public, for profit, and private), including:
  • K-12 school districts,
  • College and University staff and faculty
  • Businesses/Employers (small and medium to fortune 500)
  • Community organizations
  • Non-profit organizations
  • Regional workforce centers
  • Local and Regional Chambers of Commerce and Economic Development Offices

There is a strong consensus that placing limitations on who can join a regional alliance is a poor approach. A better approach is to be open to contributions from any party interested in furthering cybersecurity or workforce development.

2. What has been your greatest accomplishment in the first year?

Collectively, the five RAMPS projects have partnered with over 170 organizations.

Bringing these entities together to work towards a common goal of establishing a regional consortium to promote and develop cybersecurity education and workforce readiness has been our greatest accomplishment.

- Cincinnati-Dayton Cyber Corridor (Cin-Day Cyber)

Establishing these partnerships have led to reaching major milestones including hosting summer camps, curriculum and course development, articulation agreements, and the establishment of local internships and apprenticeships.

For example, the Arizona Statewide Cyber Workforce Consortium in the greater Phoenix area has hosted summer boot camps and cybersecurity awareness activities for students in primary and secondary education. The University of Albany has streamlined its cybersecurity programs into an integrated set of courses aligned to the NICE Framework. Old Dominion University has signed articulation agreements with two local community colleges, allowing the transfer of Associate degree work toward Bachelor degrees, thereby saving a student approximately 50 credit hours or 1.5 years of schooling. Securing internships and apprenticeships for students has also been a major accomplishment of the RAMPS program. The Cyber Prep Program in Colorado Springs, Colorado worked with seven local employers to organize a six-week paid internship for high school students, many of whom have been invited to stay on-board or return after graduation.

Old D and Tidewater_NICE

Old Dominion University and Tidewater Community College Articulation Agreement Signing Ceremony, (Feb 8, 2017). Seated at the table - ODU President John R. Broderick (Left) and TCC President Edna V. Baehre-Kolovani (Right). Back row left to right - Delegate Daun Hester, Delegate Ron Villanueva, Secretary of Education Dr. Dietra Trent, Governor of Virginia Terry McAuliffe, and Secretary of Technology Karen Jackson.

3. What has been your greatest challenge?

Coordinating multiple, diverse stakeholders is no easy feat. While the benefits far outweigh the inevitable hurdles that will be encountered, there are a few things that can be learned from the hard work the RAMPS projects have endured.

First, gaining participation from groups can be difficult. The Partnership to Advance Cybersecurity Education and Training (PACET) had to get creative with outreach. They utilized development offices and government organizations to help them connect with new organizations that they did not have prior relationships with. Scheduling can also be a complication with multiple groups. In the case of the Arizona Statewide Cyber Workforce Consortium, extra consideration is taken when convening events and meetings due to the geographical diversity of partners.

Second, competition can curb collaboration. Cin-Day Cyber found it difficult to unify their partners, but understanding the collective gaps and needs of the region was the necessary starting point to develop solutions for a stronger workforce.

Third, it takes time. The Hampton Roads Cybersecurity Education, Workforce, and Economic Development Alliance (HRCyber) shared that while they have been very successful in building up their education programs and awareness efforts within the RAMPS Grant Award period, it has been difficult to show a direct positive effect on the cybersecurity workforce within the 18-month award period. It will take time for students to complete educational pathways and join the cybersecurity workforce. The Cyber Prep Program shared a similar sentiment on the “speed of time”, in that they’re seeing business needs and opportunities change so quickly that it is difficult to find employers willing to take the time needed to collaborate.

“… we are not giving up as we know that employers are the key to our success!”

- Cyber Prep Program

BIll Tomeo_NICE

Bill Tomeo, the Summer Internship Coordinator with the Cyber Prep Program, works with one of the many summer 2017 interns in a computer lab.

4. What advice would you give to others looking to start a ramps-like program in their community?

If you are considering taking a multistakeholder partnership approach to your cybersecurity education, training, or workforce development program, you may benefit from the following advice from the RAMPS Projects:

  • Learn about your local community and what efforts already exist. 
  • Consider partnering with existing consortiums such as your state’s Space Grant Consortium or others that may have an established network of STEM-related stakeholders.  
  • Be demand-driven and build an alliance that is responsive to local and regional workforce needs.
  • Create clear and achievable goals and define activities to achieve them.
  • Encourage stakeholders to take responsibility for specific actions or efforts or have them commit to planned events or activities participating in specific activities early.
  • Develop, maintain, and nurture strong channels of communication.

Read the full interview responses and learn more about each of the RAMPS Programs, including links to each of their project websites, here


NICE Framework in Focus

NICE Framework Category: Oversee and Govern

Description: Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.



NICE Framework Specialty Area: Cybersecurity Management
Description: Oversees the cybersecurity program of an information system or network, including managing information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources.



Name: Tina Thorstenson

Tina Thorstenson_NICE

Title: Chief Information Security Officer

Organization: Arizona State University, Tempe, Arizona

Academic Degree(s):  B.S., Management Science, Virginia Tech

Certification:  None


Q:  Explain your role and responsibilities?

A:  My role as the chief information security officer is one that involves overall governance, policy, and compliance. We are a relatively small unit within the Arizona State University system. We are responsible for helping architect new solutions that meet our security requirements and making sure that we have awareness campaigns that are helpful to our faculty, staff, and students. We are continuing the evolutionary process of making sure that we are achieving our goal of meeting the university’s appetite for risk, meaning that we want to implement solutions that enhance our services in place today to meet ASU’s security requirements. My team of nearly 25 staff members are one hundred percent focused on information security, meaning that they are part of the information security office. The roles of those individuals include staff who focus on identity and access for the university, meaning the governance process around how we move people in and out of the roles that employees need to do their jobs or students in school. We have teams that work on the governance and awareness programs. I have a team that focuses one hundred percent on compliance and audit functions, meaning being a liaison for the university for all kinds of policy and compliance initiatives, and rolling out whatever the new requirements are. For example, this year we are focused heavily on General Data Protection Regulation. Lastly, we have a team that is focused on operating the security operations center.

Q:  Describe your career path? 



A:  My career path was an interesting one and may be a little bit atypical. I started out as an industrial engineer for a transportation company and quickly found that I liked projects where we were bringing technology solutions to the line of business. I ended up in higher education fairly quickly after moving to Arizona and started out in a variety of different business analyst roles, and I worked my way up taking on more and more leadership challenges to the point where I had worked in a leadership role in virtually every aspect of the information technology organization. Then, I was asked at one point if I would be willing (based on my experience serving in all of those areas) to take on the chief information security officer role as the university began to focus on security as a critical element of all our services. That was quite a number of years ago. Just before I moved into that role, I was responsible for infrastructure and security on the side. That was just before we decided to focus on security and create an office that we would staff to support not only infrastructure but the applications development teams and our endpoint desktop teams that supported university faculty, staff, and students.  

Q:  How could you envision using the NICE Framework to both guide your career and in your role as a hiring manager? 



A:  This answer is simple for me having built a program from the ground up in the last few years. Having a framework like this in place would have been invaluable when I started this office a few years ago. There are a couple of examples I might give you. First, the way I’d use it today is to take the Framework and map my current team to perform essentially a gap assessment. Today, prior to this sort of framework, ASU might have hired an external team to come in and do an assessment for us and try to identify the gaps. Tools like this, in particular this one that is so well thought out and so detailed, would be amazingly valuable in helping us identify gaps in our current program. This is a space that is evolving so quickly and really expanding as the years go by. Second, one thing we don’t have at ASU right now is a deputy chief information security officer and one of the tasks I have on my plate this year is to identify what are the knowledge, skills, and abilities that make up an individual in my role and what might a deputy to that individual look like. As we look at enhancing the overall program I have just found that having the right leadership is so critical. I guess it is a different form of gap assessment that I would be using this Framework for in very short order. 

To listen to the full audio interview with Tina Thorstenson, Arizona State University’s Chief Information Security Officer, click on the audio below.

Audio file

Download a transcript of the interview


Academic Spotlight:

INTERNSHIPS - AN “OLD SCHOOL” APPROACH THAT’S DRIVING TOP CYBERSECURITY TALENT
By Chris Valentino, Director, Joint Cyberspace Operations, Cyber and Intelligence Mission Solutions (CIMS) Division, Northrop Grumman Mission Systems
 

Imagine a world flush with cybersecurity professionals ready to take on the mass of opportunities around the globe. Sounds like Utopia right?

Sadly, the field has grown faster than the workforce, leaving every sector of the economy in dire need. The (ISC) ² 2017 Global Information Security Workforce Study shares that 1.8 million more cybersecurity professionals will be needed to accommodate the predicted global shortfall by 2020. While efforts to jump-start the pipeline have emerged, one “old-school” tactic remains steadfastly impactful when it comes to inspiring, preparing and retaining a highly-qualified force – internships!

Today’s cybersecurity companies see internships as a “must” in answering the need to groom tomorrow’s talent. “It’s more than getting to know a field. Students are refining their skills while contributing what they’re learning in school to our customer mission,” said Desiree Schafer, University Relations and Recruiting Manager at Northrop Grumman. 

As a leading global provider of cyber solutions to the DOD, intelligence community, federal agencies and our allies, Northrop Grumman knows the importance of building the next generation of cybersecurity leaders. We’re at the forefront of numerous initiatives including CyberPatriot, the University of Maryland Advanced Cybersecurity Experience for Students (ACES) Program, University of Maryland Baltimore County (UMBC) Cyber Scholars, and others because we know inspiring students - early-on - is critical.

Across the company, the Northrop Grumman summer internship experience has been grooming talent for decades. The Mission Systems sector, alone, experienced a more than 40 percent increase in interns from 2016 to 2017. On the cybersecurity front, these interns are spanning from high school (as young as 16) through the university-level. The summer program lasts about 10 weeks with many students working throughout the year, on weekends or school holidays. Internships remain the most proven route to help fill future positions with exceptional talent and get students career-ready.

During the summer, students are engaged in experiential learning by acquiring skills in agile software development, Linux, working research and development efforts, and supporting customer programs. Pragya Chaudhari, a UMBC Cyber Scholar who is continuing her senior year this fall, remarked, “in school, we’ve learned a lot about big data tools like Splunk, so I got a unique opportunity to learn how it works here, on the job.” 

Students also assist in developing software tools, and most importantly, learn the business and its processes. “These students are bringing in new perspectives to solve our customer problems that are making a lasting impact,” said Robyn DeWees, Operations Manager for CIMS at Northrop Grumman. 

For Andrea Acosta, a rising senior at Loyola University in Maryland, and a National Security Scholar, it goes beyond the technology. “Internships prepare students for work/life and how the routine goes, how you talk to your manager and get input and feedback. I’ve built a network of contacts at the company who I can rely on for advice and guidance.” Added Acosta, “It also helped refine my ‘thinking skills,’ meaning how to break down a problem; you can’t just tackle it from the get-go, you need a plan going in.”

Obtaining a government security clearance is another key advantage. Internships allow candidates to jump-start the clearance process so when they graduate, they can make an immediate impact. Programs like the National Security Scholars Program fast-tracks clearances. Andrea Acosta applied for a clearance in October and was approved by the following spring.

Building diversity is also a fundamental focus of the intern program. Women and minorities provide the kind of diversity of thought, education, experience, and problem solving skills that are needed to address the evolving threat. At Northrop Grumman, women hold 50 percent of senior executive positions. Added Chaudhari, “the interns had a chance to participate in learning modules, which gave us an opportunity to hear from Northrop Grumman senior leadership about their career paths -- some even started out as interns; it has helped me visualize how I can set my career path in the cybersecurity field.”

Moreover, internships provide employers a means to plan for future jobs and retain employees. “We work to provide a meaningful hands-on experience, sitting side-by-side with cybersecurity professionals solving real challenges from our customers,” added Schafer.

That utopian state can be realized when industry, academia and government partner to engage youth to participate in cybersecurity internships and where real-world experience is mutually beneficial. The recently released NICE Cybersecurity Workforce Framework provides consistent guidelines across all sectors to help make this state a reality. 

The role our interns play will impact national and economic security every day; that’s a higher calling. 

Northrop_NICE

Northrop Grumman summer cyber interns Pragya Chaudhari, a senior at UMBC (left) and Andrea Acosta, (right), a rising senior at Loyola University in Maryland, agree that cyber internships are a critical part of the learning experience.


Industry Spotlight:

CULTIVATING THE FEMALE CYBERSECURITY LEADERS OF TOMORROW

By Wendy T. Wu

 

In cybersecurity investigations, the faster you detect the problem, the easier it is to solve. The gender imbalance in the cybersecurity industry is another matter entirely. The lack of women in the sector is highly visible, and yet the solution is far harder to come by.

At Stroz Friedberg, I am proud to say we are making progress. Our cyber associates program in both the U.S. and the U.K. is attracting more women to the field than the norm. In the past three years that we’ve administered this program, women have represented an average of 32% of the associates. Our most recent incoming class is made up of 41% women. That’s a proportion significantly greater than the industry average of just 11%. 

Awareness of the jobs in this field is a significant barrier to entry. As my colleague Robyn Brooks wrote in a blog post celebrating International Women’s Day, “I often talk to women who weren’t aware that cybersecurity was even a career path. Just as we teach children they can become a doctor or lawyer, it is important to introduce cybersecurity as a career option early on.” One way that Stroz Friedberg is working on this issue is by actively supporting women-led organizations like the Women in CyberSecurity (WiCYS) conference, Women’s Society of CyberJutsu, and programs like Girls Who Code.

In recruiting cyber associates, we look for candidates with a curiosity and passion for the field, analytical and problem-solving abilities, including the ability to think outside of the box, and strong writing and communication skills, along with technical aptitude. The women and men in our cyber associates program are being trained not only to excel in the industry, but to stay in it. We ensure that our recruiting process includes female leaders, as role models and mentors for potential new hires. This is our approach to creating the leaders of tomorrow.

Each cyber associate is immersed in three specializations before having to decide where to commit for a career: digital forensics, incident response, and proactive security services. In this program, our cyber associates are not only watching and learning about theoretical solutions to cybersecurity threats, they’re working on actual client matters, alongside other technical experts. The cyber associates are regularly exposed to internal and external practitioners and the wide scope of career opportunities in cybersecurity. Day-to-day responsibilities include: preserving data from electronic data sources and repositories; helping to develop protocols for client matters; searching, comparing and analyzing data; and testing new processes or tools to support the practice and client needs. When cyber associates decide to join a practice group, they have more awareness than most of us have had when selecting our career paths—and it’s expected that they’ll be assigned a permanent role in our company in their chosen field. 

Awareness and training is a challenge in recruiting women to the leadership ranks, too. Given the relative newness of this industry, many top contributors at Stroz Friedberg started out in other fields. Previous to Stroz Friedberg, I was a cybercrimes prosecutor in the U.S. Attorney’s Office in Los Angeles. My colleague Judith Branham, a Managing Director in Minneapolis, had been an attorney with Faegre & Benson, LLP. Having non-traditional and non-tech experience has only enhanced our careers. Stroz Friedberg shows their forward thinking by recruiting women like us and ensuring we can be just as successful as those from more traditional, technical backgrounds. Cybersecurity firms that want to retain top-quality professionals must also provide better incentives for staying and growing with the organization. Whether male or female, all cybersecurity professionals need to have mentoring, good corporate benefits, policies supportive of work/life balance, and regular training and continued education to keep skill levels and morale high. Leading companies (like Stroz Friedberg) have a duty to bring attention to the varied career paths that advance associates into leadership positions and success in cybersecurity, especially for women. 

To that end, women in the field of cybersecurity should do their part to serve as role models and give back to the community. For example, speak at events to encourage awareness of cybersecurity careers and promote equitable workplace policies and practices; bring other women along to serve as co-presenters or to participate in events; speak openly about the challenges of being a woman in the cybersecurity industry and what can be done to solve it. We know that being a woman in a male-dominated profession is not easy, but it is our hope that ten years from now the graduates from our cyber associates program will be part of the solution.


Government Spotlight:

CAPABILITY INDICATORS ESTABLISHED FOR NICE FRAMEWORK WORK ROLES

By Noel Kyle, Department of Homeland Security, Cybersecurity Education & Awareness Branch

Many efforts are underway to quantify and strengthen the cybersecurity workforce as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework). In March, 2017, the Department of Homeland Security (DHS) Cybersecurity Education and Awareness (CE&A) Branch launched a project to collect input from Federal Government experts on capability indicators (such as education, training, learning, and certifications), for the individual Work Roles in the NICE Framework. As a result of this effort, CE&A developed the “NICE Framework Work Role Capability Indicators” report.

The report identifies capability indicators which provide an understanding of the qualities or accomplishments cybersecurity professionals possess across proficiency levels, and signal a greater likelihood of success in each role. Capability indicators can help organizations build personnel requirements for each Work Role in the NICE Framework, which helps meet organizational cybersecurity workforce development goals.

Building and maintaining a robust workforce is critical to strengthening the long-term cybersecurity defense and capabilities of our Nation. Because capability indicators provide recommendations on qualities to look for in cybersecurity professionals, they can make adoption of the NICE Framework easier. These indicators will help organizations move beyond using the NICE Framework for just inventorying their workforce to using it for recruitment (writing job descriptions), development (creating career paths), and retention efforts.

Specifically, capability indicators aid the following cybersecurity workforce development issues:

  • Workforce Gaps: As organizations evolve, so will the cybersecurity functions needed to support their workloads. Organizations will need to determine the type and number of professionals and proficiency levels they require. If organizations use the NICE Framework, Work Roles will help define the kinds of positions needed, and capability indicators will help gauge skill gaps by providing a benchmark for professional qualifications.
  • Hiring: Talent acquisition can often rely on a hiring manager’s subjective preferences or gut feeling when interviewing candidates. Capability indicators help organizations pick the qualifications to look for in candidates instead. They can use the recommendations in the report as a menu from which to select and customize their own formal qualification requirements.
  • Employee Development: Capability indicators can be used to recommend education and training topics, example certification topics, and continuous development opportunities that organizations can encourage their staff to pursue to strengthen skills and performance.
  • Career Pathways: Capability indicators are organized by proficiency levels in each Work Role, offering a clear set of development recommendations that will help professionals progress in their chosen area.

Dozens of Federal Government experts participated in this effort by providing capability indicator recommendations. Feedback and content from focus groups, phone interviews, table questionnaires, and supplemental data were aggregated, and several common themes across all Work Roles were identified:

  • Higher education is not always necessary to enter the cybersecurity field.
  • Certifications and training are often relied upon for skill development and are considered indicators of ability.
  • On-the-job experience is essential for higher-level proficiency.
  • Risk is the most frequently recommended topic for training and certifications.
  • Continuous learning is required at almost all levels.

The full capability indicators report is expected to be released for public comment this year as a National Institute of Standards and Technology (NIST) Interagency Report (NISTIR).

For more information about this effort, please contact Noel Kyle of the DHS Cybersecurity Education & Awareness Branch at Noel.Kyle@hq.dhs.gov. Also, for more information about other workforce development tools, visit the NICCS portal at www.niccs.us-cert.gov


Affiliated Program Updates:

Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs.

National Initiative for Cybersecurity Careers and Studies (NICCS)

As of September 1, 2017, the NICCS website updated the latest National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework to reflect the latest version released by the National Institute of Science and Technology (NIST) as of August 2017. After several years of refinement, NICE announced the latest release of the NICE Cybersecurity Workforce Framework, known as Special Publication 800-181, on Monday, August 7th. The goal of the new release is to further help organizations continue to help build their cybersecurity workforce.

For more information, please visit: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

Learn more at www.niccs.us-cert.gov

Advanced Technological Education

The Advanced Technological Education (ATE) program provides grants that support the development of innovative approaches for educating highly skilled technicians for the industries that drive the nation’s economy. In tandem with creating products to improve students’ learning, many ATE grantees offer professional development for faculty. The ATE program funds large, comprehensive Centers of Excellence, as well as smaller-scale, more focused projects. Each ATE Center generally involves a collaboration among several educational institutions, along with partners from business, industry, and government, all of which work together to improve education and build the workforce in a particular area of technology. View a one pager on the ATE program here.

Learn more at www.atecenters.org/st/)(link is external) and www.nsf.gov/ate)(link is external)

National Centers of Academic Excellence in Cybersecurity

CAE Community Cyber Security Virtual Career Fair, October 13, 2017

The CAE Community is hosting a Virtual Career Fair, sponsored by CyberWatch West and the National Science Foundation, on October 13, 2017, from 9:00am-2:00pm, PT. The job fair will connect students from CAE designated schools with employers looking to fill internships, part-time positions, and full-time positions. Employers will have early access to all submitted student resumes, enabling them to review quality candidate profiles and student resumes before the Virtual Career Fair. Employers will also have the opportunity to showcase their company with virtual booth branding and presentations. Tech support and training before the event will be available for all employers. Additional information can be found at: https://www.caecommunity.org/news/cae-virtual-career-fair-registration-now-open

Learn more at www.caecommunity.org

GenCyber

GenCyber’s mission is to grow the cybersecurity workforce for the United States. The program is funded by the National Security Agency and the National Science Foundation and sponsors summer camps across the Nation for elementary, middle, and high school students and teachers. The camps focus on engaging learners with sound cybersecurity principles and teaching techniques.

The GenCyber Program has grown from 8 camps in 2014 to 130 camps in 2017. This year the camps were held at 65 institutions across 39 states (and District of Columbia and Puerto Rico) and reached over 3,300 students and 800 teacher participants. Over the last three years, more than 10,000 students and teachers nationwide have attended a GenCyber Camp. The program continues to grow and generate a broader awareness of, and interest in, cybersecurity and in the future will have a positive impact on the number of qualified cybersecurity professionals entering the Nation’s workforce.

Learn more about the camps at www.gen-cyber.com

NICE Cybersecurity Workforce Framework

On August 7, 2017 the NICE Program Office at NIST announced the release of NIST Special Publication 800-181, the NICE Framework. This publication serves as a fundamental reference to support a workforce capable of meeting an organization’s cybersecurity needs. It provides organizations with a common, consistent lexicon that categorizes and describes cybersecurity work by Category, Specialty Area, and Work Role. It is a resource from which organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of workforce development, planning, training, and education.

Check out the publication at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf 

NICE hosted a webinar on, “Efforts to Align Training and Certifications to the NICE Framework” on September 20, 2017. Learn more here.

The NICE Framework will also be discussed in length at the NICE Conference in Dayton, Ohio on November 6, 2017 during a NICE Pre-Conference seminar. The seminar, “Application and Uses of the NICE Framework”, will provide examples of how the NICE Framework is currently being used in industry, academia, and government, and various tools and resources available to help implement the framework. Learn more, and register for the seminar at https://www.fbcinc.com/e/nice/seminars.aspx

Learn more here.


Funded Project Updates:

The U.S. government provides funding to third parties to develop products that will help advance cybersecurity education, training, and workforce development needs. The following are a few of those projects.

NICE Challenge Project 
The NICE Challenge Project has officially reached another major milestone. It now has over 150 officially registered educational institutions in the United States. On the way to reaching this milestone the project has also gained 200+ Curators (Professor Accounts). With the major part of the 2017 conference circuit complete, the project has only one conference left to attend and speak at which is the NICE Conference.

Over the course of the summer the project has completed many of its main development goals. The Webportal will be reaching 1.0 status this October. Following that, we will be releasing our new challenge environment and a handful of new challenges with it. Development and content decisions are driven not only by our strategic vision, but by the extremely valuable feedback we receive from our growing user base, whom we are privileged to work with on this journey forward in creating the next generation in hands-on cybersecurity content.

Learn more at www.nice-challenge.com

CyberSeek

CyberSeek was updated in early August with a complete refresh of the demand and employment data in the tool, which now reflects Q2 2016 through Q1 2017. The updates also include the addition of data from the certifying body Global Information Assurance Certification (GIAC), which improves the comprehensiveness of the certifications reflected in the tool, as well as a new downloadable “about CyberSeek" PDF that can be shared to raise awareness about CyberSeek. The CyberSeek team is now preparing for the next round of updates which are scheduled for release in November, 2017.

Learn more at www.cyberseek.org

National Integrated Cyber Education Research Center

The demand for K-12 Cyber education resources continues to rise as educators are being tasked in building the fundamental knowledge, skills and abilities of today’s students for tomorrow’s growing cyber workforce. The Department of Homeland Security Cybersecurity Education Training and Assistance Program (CETAP), in partnership with the Cyber Innovation Center and its National Integrated Cyber Education Research Center (NICERC) continue to positively influence the K-12 classroom through project driven, cyber-based curricula and professional development programs for teachers in order to begin systematically empowering educators with the resources needed to prepare our students and our future workforce. These resources, available to every K-12 educator at no cost, span across the county with teachers from all 50 states accessing and integrating the curricula into their classrooms. In addition, partnerships with state departments of education are being solidified to seamlessly integrate concepts of cybersecurity into existing math, science and liberal arts state-level standards.

Learn more at www.NICERC.org

Regional Alliances and Multi-stakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development

NICE is funding opportunities to build multistakeholder workforce partnerships of employers, schools and institutions of higher education, and other community organizations. These funding opportunities provide assistance to establish Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development. The featured article of this eNewsletter provides more insight on these programs – check it out here. Learn more about each of the RAMPS programs by visiting their websites listed below:

The Partnership to Advance Cybersecurity Education and Training (PACET)

Learn more at www.albany.edu/facets 

The Hampton Roads Cybersecurity Education, Workforce and Economic Development Alliance (HRCyber)

Learn more at www.securitybehavior.com/hrcyber

Cincinnati-Dayton Cyber Corridor (Cin-Day Cyber)         

Learn more at www.soche.org

Cyber Prep Program                                                          

Learn more at www.ppcc.edu/cyberprep

The Arizona Statewide Cyber Workforce Consortium                                      

Learn more at www.ArizonaCyber.org


NICE Working Group Updates:

The NICE Working Group (NICEWG) continues to work toward identifying and producing deliverables that energize and promote cybersecurity education, training, and workforce development. For example, the Training and Certifications subgroup is working on a mapping of industry certifications to the NICE Framework. The project will aim to establish criteria and standards of measurements for effective mapping of certifications and improve utilization of performance-based assessments which integrates cognitive/skill acquisition models beneficial to build cyber resiliency for the nation. Learn more here

Discussions on projects like these and more take place monthly in each of the following five subgroup areas: K-12, Collegiate, Competitions, Training and Certifications, and Workforce Management.

Learn more about the NICE Working Group or sign up to participate in the NICE Working Group at the Working Group’s website.


Key Dates:

CAE Community Cyber Security Virtual Career Fair, October 13, 2017

The CAE Community is hosting a Virtual Career Fair, sponsored by CyberWatch West and the National Science Foundation, on October 13, 2017, from 9:00 am-2:00 pm, PT. The job fair will connect students from CAE designated schools with employers looking to fill internships, part-time positions, and full-time positions. Employers will have early access to all submitted student resumes, enabling them to review quality candidate profiles and student resumes before the Virtual Career Fair. Employers will also have the opportunity to showcase their company with virtual booth branding and presentations. Tech support and training before the event will be available for all employers. Additional information can be found at: https://www.caecommunity.org/news/cae-virtual-career-fair-registration-now-open

Federal Tech/Cyber Hiring and Recruitment Event, November 6-7, 2017

The first-ever, government-wide, IT and cybersecurity federal hiring event will be held November 6th to 7th at the Silver Spring Civic Building at Veterans Plaza in Silver Spring, Maryland. There are currently more than twenty federal agencies including four intelligence organizations (FBI, CIA, NSA, and NGA) working collaboratively to recruit, interview, and hire for hundreds of IT and cybersecurity positions.

In conjunction with the event, three government-wide job opportunity announcements are now live on USAJOBS:

Please visit https://www.cio.gov/hiringevent/ to learn more, register for the event, apply for positions, and take advantage of free training webinars prior to the event.

NICE Annual Conference & Expo 2017, November 7-8, 2017

Register Today!

The 8th annual NICE Conference and Expo will be held on November 7-8, 2017 at the Dayton Convention Center in Dayton, Ohio. This year’s theme, "Challenging the Status Quo: Building a Robust and Sustainable Cybersecurity Ecosystem," aims to help shape the way in which the nation identifies, educates, trains and builds our 21st-century cutting-edge Cybersecurity Ecosystem. The conference will feature three tracks in the following areas:

  • Education & Training — Developing Cybersecurity Talent
  • Collaboration — Nurturing Cybersecurity Communities in Academia, Industry, and Government
  • Professional Development — Keeping Pace with Technology and Education

The conference will also feature the following three pre-conference seminars on November 6, 2017:

  • Critical Success Factors for a Cybersecurity Apprenticeship Program
  • How to Build Robust Internship Programs Between Employers and Academic Institutions
  • Application and Uses of the NICE Cybersecurity Workforce Framework

Learn more, view the full agenda, and register at www.fbcinc.com/nice/

National Cybersecurity Career Awareness Week, November 13-18, 2017

The National Cybersecurity Career Awareness Week is a celebration to focus local, regional, and national interest to inspire, educate and engage children through adults to pursue careers in cybersecurity. Cybersecurity Career Awareness Week takes place during November’s National Career Development Month, and each day of the week-long celebration provides for learning about the contributions, innovations and opportunities that can be found by exploring cybersecurity as a field of study or career choice.

During the week, learners of all ages, educators, parents, employers and the community will participate in a national recognition of how cybersecurity plays a vital role in the lives of Americans and how building a national cybersecurity workforce enhances America’s national security and promotes economic prosperity.

Learn more at https://www.nist.gov/itl/applied-cybersecurity/nice/national-cybersecurity-career-awareness-week-november-13-18-2017

NICE K-12 Cybersecurity Education Conference, December 4-5, 2017

Register Today!

The NICE K-12 Cybersecurity Education Conference will be held on December 4-5, 2017 in Nashville, Tennessee. The conference will convene thought leaders from education, government, industry, and non-profits to address how K-12 education is uniquely positioned to accelerate learning, increase skills, development, identify methods to best nurture a diverse learning community, and provide approaches to guide career development and workforce planning for today’s youth.

Learn more, view the full agenda, and register at www.k12cybersecurityconference.org

NICE Webinars

On October 18, NICE will host a webinar on “Cybersecurity Careers for Autistic People.” This webinar will inform the participant of research efforts and corporate initiatives to increase the participation of autistic adults in the workforce. Specific attention will be paid to jobs and skills appropriate to the cybersecurity workforce. Learn more and register today here.

On September 20, NICE hosted a webinar on “Efforts to Align Training and Certifications to the NICE Framework.” This webinar provided an overview of the NICE Framework (NIST Special Publication 800-181) and described how training and certification providers are aligning their training content and certifications to the NICE Framework. View a recording and find out more here.

On July 19, NICE hosted a webinar on “Shedding Light on Security Clearances - Process, Requirements, and Considerations”. This webinar provided information to better understand security clearances, the process for obtaining one, and items to consider that may affect eligibility. View a recording and find out more information here.

NICE webinars are free to attend, but registration is required.

Learn more, view webinar recordings, and more here.  

 
Created September 19, 2017, Updated February 6, 2019