U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology Laboratory / Applied Cybersecurity Division

NICE

NICE 2017 Summer eNewsletter

Share

| Featured Article | Academic Spotlight | Industry Spotlight | Government Spotlight | Affiliated Programs Updates | Funded Projects Updates | NICE Working Group Updates | Key Dates |

Subscribe to the NICE eNewsletter

NICE_Danielle Santos
Welcome to the 2017 summer edition of the quarterly National Initiative for Cybersecurity Education (NICE) eNewsletter. Our featured article for this edition highlights the President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, the workforce provisions of the order, and how NICE is working as a community to address those provisions and produce a report to the President. Next, the article on two-year, bachelor of applied science degree programs in IT and cybersecurity describes how community and technical colleges are helping to provide an additional pathway into a cybersecurity career. The Industry Spotlight article dives into cybersecurity concerns for small and medium-sized businesses and the importance of protecting not only infrastructure, but also the human element. Last, the article from the state of Illinois highlights the workforce elements of a two-year, state-wide cybersecurity strategy for Illinois. Illinois is taking a “Best-in-Class Cybersecurity Capabilities” approach with six actions to develop and sustain their cybersecurity workforce. Throughout the rest of the eNewsletter, you’ll find updates from our affiliated programs, such as the National Centers of Academic Excellence in Cybersecurity, registration announcements for upcoming events, and more. I hope you enjoy reading this edition and wish you a cool summer. 
 
Danielle Santos
Program Manager, NICE

Featured Article:

 
EXECUTIVE ORDER SEEKS TO GROW AND SUSTAIN THE NATION'S CYBERSECURITY WORKFORCE
by Rodney Petersen, Director, National Initiative for Cybersecurity Education
 

On May 11, 2017, the President issued an executive order on strengthening cybersecurity. In part, the order states that it is the policy of the United States “to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace.” According to the White House National Security Council, cybersecurity education, training, and workforce development were included in the executive order because growing and sustaining the cybersecurity workforce is a national security concern. We saw further evidence of that point of view when cybersecurity positions were exempted from the federal government hiring freeze in early 2017 because they were deemed to be positions that impacted national security.

The executive order directs the Secretary of Commerce and Secretary of Homeland Security to:

 1) “assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education”; and,

 2) “provide a report to the President with findings and recommendations regarding how to support the growth and sustainment of the Nation's cybersecurity workforce in both the public and private sectors.”  

The report is due to the President on September 8, 2017.

The Commerce Department’s National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) are co-leading the assessment and the report to the President. Several other federal departments and agencies are collaborating on this project, including but not limited to the Departments of Defense, Education, Labor, and the Office of Personnel Management. NIST and DHS are reaching out to the public to help inform this study and to generate findings and recommendations. Organizations and individuals may provide their comments in response to a Request for Information (RFI) and by participating in one or more workshops that will be held in communities throughout the United States.

The assessment is expected to support the ongoing work of NICE as it continues to deliver upon its strategic plan delivered to Congress in 2016. The process that is being pursued supports the values outlined in the strategic plan:

  • Seek Evidence and Measure Results: The executive order is seeking to quantify and qualify the “sufficiency of efforts”, which is an indication of the importance of the design and delivery of programs that are effective and outcomes-oriented.
  • Challenge Assumptions, Drive Change, and Stimulate Innovation: The executive order not only directs an assessment of existing programs; the report to the President calls for findings and recommendations that support the growth and sustainment of the cybersecurity workforce of the future.
  • Foster Communication, Facilitate Collaboration, Share Resources, and Model Inclusion: The executive order covers the workforce of both the public and private sectors and charges several federal government departments and agencies to work together on the report in consultation with academia and the private sector.

The findings will build upon programs and plans, which is consistent with the NICE Strategic Plan and the Cybersecurity Enhancement Act of 2014. Some areas being closely examined under the executive order’s work include:

  • K-12 Cybersecurity Education
  • Postsecondary Cybersecurity Education
  • Cybersecurity-related Education Curricula
  • Training and Certifications
  • Apprenticeship Programs

On June 15th, the President also issued an Executive Order on Expanding Apprenticeships in America. In part, the order states that “it is the policy of the United States to provide more affordable pathways to secure high paying jobs by promoting apprenticeships and effective workforce development programs.”  Additionally, it directs “the Secretaries of Commerce and Labor [to] promote apprenticeships to business leaders across critical industry sectors, including manufacturing, infrastructure, cybersecurity, and health care.” (emphasis added)

Together, these two executive orders validate the importance of the work begun by the National Initiative for Cybersecurity Education. They also challenge us, as a community, to do more to address the nation's security needs by growing and sustaining a knowledgeable and skilled cybersecurity workforce. We look forward to your partnership in this effort.

For more information, visit nist.gov/nice/cybersecurityworkforce

Academic Spotlight:

 
TWO-YEAR COLLEGES LAUNCHING BAS DEGREES IN IT AND CYBERSECURITY
by Corrinne Sande, Whatcom Community College, Director for Computer Sciences and Information Systems & Director of CyberWatch West
 

The unmet need for a well-trained IT networking and cybersecurity workforce is demonstrated by increasingly serious security breaches across the United States and around the world. Currently, the nation’s cybersecurity workforce is undertrained. Not enough students are entering the education pipeline pursuing degrees or certificates in this field to meet present-day and predicted demand.

Despite numerous initiatives, students seeking affordable, accessible four-year degree programs in IT networking and cybersecurity have limited options. One way in which this issue is being addressed in Washington State is through community and technical colleges.

In 2005, the Washington State Legislature passed HB 1794, allowing designated community and technical colleges to pilot applied baccalaureate programs. In 2012, the Washington State Board for Community and Technical Colleges was authorized to approve all applied bachelor degree programs in the state (see https://www.sbctc.edu/colleges-staff/programs-services/applied-baccalaureates/).

Applied bachelor degrees are designed to meet the needs of students:

  • Who do not have a clear pathway into a university,
  • Who are place-bound,
  • Who want to learn advanced skills often required for management positions or significantly complex organizational systems, and/or,
  • Who are in a field that is not taught at the university;

thereby expanding access and capacity. These new baccalaureates are developed based on existing two-year professional-technical degrees that include applied credits.

Several colleges in Washington State now offer Bachelor of Applied Science (BAS) degrees in cybersecurity or related fields. These include: Bellevue College (Information Systems & Technology), Columbia Basin (Cyber Security), Green River (Information Technology), Highline (Cybersecurity & Forensics), Seattle Central (Information Technology), Spokane Falls (Cyber Security), and Whatcom Community College (Information Technology: Networking).

Other BAS degrees have started to appear throughout the country, including Northern Virginia and Lord Fairfax Community Colleges in Virginia, and Pensacola and Palm Beach State Colleges in Florida. BAS degrees provide students who have earned a two-year professional-technical degree a pathway into a four-year degree, without repeating or being required to earn additional credits —a common problem with traditional transfers from applied programs into four-year public institutions.

Such practical degrees produce highly skilled workers capable of assuming responsibilities their first day on the job. The design of Whatcom Community College’s BAS degree in IT Networking is based on three focus areas from the National Security Agency’s National Centers of Academic Excellence in Cyber Defense (CAE-CD) knowledge units: secure cloud computing, industrial control systems—SCADA security, and secure mobile technology. The degree also incorporates the National Initiative for Cybersecurity Education (NICE) Workforce Framework in its design, along with the Department of Labor’s Cybersecurity Competency Model.

Whatcom’s BAS degree will be offered on-campus beginning fall 2017. A fully online version is being developed for fall 2018. For more information, visit whatcom.edu/cis.

Whatcom Community College is a National Cyber Defense Resource Center as designated by the NSA, and the host institution of two National Science Foundation-funded grants to assist community colleges and universities with cybersecurity education program development and improvement. For details go to www.CyberWatchWest.org or www.C5Colleges.org

Industry Spotlight:

 
SMALL BUSINESS CYBERSECURITY: SHIFT FROM FOCUS ON TECHNOLOGY TO FOCUS ON PEOPLE
by Heinan Landa, Optimal Networks
 

Finally.

My company, Optimal Networks, has provided outsourced technology support to Washington DC-area small businesses (SMBs) for over 25 years. Finally, our clients are initiating conversations about security, not the other way around. Small to mid-sized businesses have long operated under the assumption that because of their size, they are of little interest to cybercriminals. Slowly but surely, SMBs are accepting the unfortunate reality that (1) they are very much at risk, and, (2) basic technology defenses are not enough to keep them protected.

To what good fortune do we owe this awakening? From my vantage point, there are a few factors at play:

  • Media attention. Breaches make headlines. We hear about what was compromised, who or what was to blame, and how much it cost the company. We know, for example, that Target’s massive breach was possible thanks to their much smaller HVAC subcontractor who did not have proper controls in place.1 We see time and time again that massive, costly attacks aren’t the result of ultra-sophisticated tech-wrangling, but of something far more mundane and pervasive: human error. With enough repetition, the concept of “risk” begins to widen.
  • Pressure from the government. Our SEC-compliant clients are seeing their requirements tighten year after year.2 Our HIPAA-compliant clients are seeing this too, and we’re experiencing it firsthand as a Business Associate.3 Periodic risk assessments, incident response plans, and regular, company-wide awareness training – none of which are standard IT functions – are mandatory, and the consequences for noncompliance are expensive at best, dire at worst. This, not surprisingly, is a fairly powerful motivator.
  • Industry push for user-facing security tools. In response to this increased attention, more and more security vendors are approaching companies like mine to resell their tools to the SMB community. While some of these tools are more standard back-end solutions (e.g., advanced network monitoring), we’ve noticed an interesting new trend: many of these security tools affect end-users directly. Multi-factor authentication, phishing tests, and ransomware simulators, for example, force our employees to take extra steps in the name of security. In other words, neither the SMB nor the user can ignore the role that individuals play in keeping our businesses protected. 

Whether the push to get serious about security is due to external causes or merely a natural response to the increased threat landscape, SMBs are understanding that it can happen to them, and that their definition of “vulnerability” must identify employees as a critical part of the security puzzle. As a result, businesses are adopting a more comprehensive approach to security that includes staff training as a cornerstone.

Historically, most small businesses have been content with basic technology defenses like an updated firewall, centralized anti-virus and anti-spam, and ongoing maintenance such as regular patching for servers and workstations. These make for a solid foundation, but that foundation alone is insufficient as far as protection goes.4 These protections don’t account for human error (i.e., downloading a malicious attachment) nor do they help contain and remediate a breach or infection if one were to occur.

And cyber criminals know this well.

Symantec’s most recent Internet Security Threat Reportshows a startling uptick in malicious emails because, “it is a proven attack channel. It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.”

Overall, 1 out of every 131 emails sent in 2016 contained malware, up from 1 in 220 during 2015. For small to mid-sized businesses (250-500 employees), the rate was at its most aggressive: 1 in 95.

In other words, our employees are our weakest link (and potentially our strongest defense) when it comes to network security. If small businesses intend to protect themselves in this ever-evolving landscape, they should:

1. Hold regular, consistent security awareness training.

Even if company-wide awareness training is not mandated by compliance regulations, security awareness training should be central to every cybersecurity initiative. A team cannot protect themselves against what they don’t understand.

This training should touch on types of threats, how they present themselves, what’s at stake, what controls are in place to mitigate risk, where those controls fall short, and how staff can help bridge the gap.6 If in-person company-wide training isn’t feasible, film or otherwise distribute the training and verify that each employee (executives included) has reviewed the content. The less savvy the team and the more sensitive the data, the more frequently these sessions need to be held.

If the business can’t or doesn’t want to run this training internally, they can:

  • Outsource to an IT company. An IT team will likely deliver a presentation tailored to the organization’s unique needs in terms of staff skill level, the IT landscape, and the company’s level of risk. Keep in mind that most IT companies are not known for their presentation skills, so be sure to vet that as part of the process.
  • Outsource to a training company. If the company is comfortable with a slightly more generic presentation, perhaps supplemented with a tailored handout, training companies (local or online) have modules for staff to work through.

2. Incorporate security into their company culture.

This part cannot be outsourced.

It is, of course, important to have written policies that address passwords, mobile device use, business continuity, data privacy, employee separation, and so forth. IT teams can help businesses design and enforce these policies to an extent.

The problem with only having policies in a handbook is that staff will read them and either forget or ignore them soon thereafter.7

What we recommend, is that SMBs adopt a security-oriented culture to reinforce those policies, and to give them life beyond the policy document. This means adopting a mindset of slight paranoia, where every member of the organization (executives included) questions that odd email they received, hesitates before sending a document with sensitive information, speaks up when a coworker writes their password on a sticky note, and refuses to leave their desk without first locking their machine. 

More than anything, if we are to protect our businesses from cyber threats, we can’t keep operating under the delusion that security is purely a technical matter; we must invest in our people, too.

Because one click is really all it takes. 

1 http://money.cnn.com/2014/02/06/technology/security/target-breach-hvac/ 

2https://www.financial-planning.com/news/sec-warns-more-cyber-enforcement-actions-coming

3https://www.law360.com/articles/885856/a-look-back-at-a-year-of-record-setting-hipaa-enforcement

4 https://www.gartner.com/doc/2665515/designing-adaptive-security-architecture-protection

5https://www.symantec.com/security-center/threat-report

6https://www.symantec.com/connect/blogs/training-your-employees-information-security-awareness

7 http://www.pcworld.com/article/153013/work_security_rules.html

 

Government Spotlight:

 
DEVELOPING A BEST-IN-CLASS CYBERSECURITY WORKFORCE – THE ILLINOIS STRATEGY
by Kirk Lonbom, Chief Information Security Officer, State of Illinois

 

As the recent proliferation of the Wannacry ransomware demonstrates, cyber threats continue to grow both in volume and complexity, placing critical government services and the privacy of our citizens at ever-increasing risk. The demand for a trained and effective cybersecurity workforce continues to grow. The Center for Cyber Safety and Education’s Global Information Security Workforce Study projects that as many as 1.8 million cybersecurity positions will be unfilled over the next five years. The growing cyber-threat, coupled with this daunting talent-gap, creates a proverbial “perfect storm” that must be proactively addressed.

A key goal of the State of Illinois Cybersecurity Strategy is to develop “Best-In-Class Cybersecurity Capabilities.” An important outcome of this goal is to ensure that Illinois' cybersecurity workforce is well-trained, continually developed and aligned with national standards.

The Foundation - The NICE Cybersecurity Workforce Framework

Illinois has aggressively adopted the NICE Cybersecurity Workforce Framework for the development of cybersecurity responsibilities and formal position descriptions. The NICE Framework ensures a consistent best-practices approach as Illinois continues to develop its cybersecurity organization and capabilities.

This direction will align Illinois with the cybersecurity community across government and the private sectors. In time, as organizations adopt the NICE Framework, a common understanding of the expected knowledge, skills and abilities of positions will ensure identification of qualified individuals, and facilitate personnel development programs.

The Objective – Develop and Sustain a Capable and Competent Cybersecurity Workforce

This objective is pivotal to all organizations and critical to government entities. The utilization of managed services or other outsourcing strategies for cybersecurity can help address some functions, but the need for a trained and sustainable internal cybersecurity workforce is not likely to diminish.

The State of Illinois has established six action plans:

  1. Build a robust cybersecurity organization – Illinois is undergoing a digital transformation. Like many states, Illinois has established a central information technology organization, the Department of Innovation & Technology (DoIT), to serve the needs of agencies with a more efficient, enterprise approach while ensuring the specific needs of agencies are met. The DoIT Division of Information Security includes all facets of information security, which establishes the capabilities needed by the state, and as importantly, creates a wide-range of cybersecurity career opportunities.
  2. Provide the cybersecurity workforce with career growth and advancement opportunities The Illinois cybersecurity organization provides for career advancement of current employees while establishing entry-level positions to provide an “on-ramp” for recent college graduates and veterans who are exiting military service. The organizational design establishes a well-defined career matrix providing multiple pathways for cybersecurity staff. This design will promote retention of personnel, while protecting the state as some employees leave state service and move to the private sector.
  3. Recruit and hire highly skilled talent – Illinois’ digital transformation includes significant focus on innovative technologies. The security needs are diverse, providing experienced cybersecurity professionals with exposure to the latest security challenges. DoIT aggressively utilizes social media, university partnerships and internal branding to communicate opportunities, appeal to those who wish to serve their state, and attract internal personnel seeking their next challenge.
  4. Provide effective training and assist employees in obtaining applicable information security certifications - The Global Information Security Workforce Study found that millennials are not motivated by salary alone. The study determined that millennials seek career development, training programs and employer paid professional certifications. The Illinois strategy addresses these key findings. Training dollars are often limited, but progress can be made by using services such as the Department of Homeland Security’s Federal Virtual Training Environment (FedVTE) and providing employees with the opportunity to train during work hours.
  5. Provide for the development and recruitment of the next generation cybersecurity workforce – Illinois is taking advantage of partnerships with state colleges and universities to provide internships to upcoming cybersecurity professionals. Interns are partnered with skilled employees in areas such as risk assessment and cyber-resiliency. This provides a true “hands on” learning experience, while assisting the state with the security aspects of its digital transformation.
  6. Promote continual learning through partnerships – The development of a best-in-class cybersecurity workforce extends well beyond entry-level personnel. Illinois has developed strong relationships with Illinois private sector partners through Governor Rauner’s Technology Advisory Board. Mentorships are utilized at the executive level and operational best practices are shared. Cross-training of cyber-defenders from the Illinois National Guard and state personnel is ongoing and consistent.

The development of a skilled and consistent cybersecurity workforce is a challenge being faced across the globe. Illinois is optimistic that the state’s cybersecurity strategy will provide significant benefits and enhance the state’s ability to reduce the risks posed by cybersecurity threats for years to come. 

Affiliated Programs Updates:

 

Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs.

National Initiative for Cybersecurity Careers and Studies (NICCS)

NICCS and Cybersecurity Training:  The Federal Virtual Training Environment (FedVTE) provides government-wide, online, and on-demand access to cybersecurity training to help the workforce maintain expertise and foster operational readiness. With beginner to advanced courses, the system is available free to federal, state, local, tribal, territorial government employees and to U.S. veterans.

To sign up for an account, visit https://fedvte.usalearning.gov/

Learn more at www.niccs.us-cert.gov

Advanced Technological Education

ADVANCED CYBERFORENSICS EDUCATION (ACE) CONSORTIUM (http://www.cyberace.org)

The Advanced Cyberforensics Education (ACE) Consortium, in collaboration with the Florida Cyber Alliance, held its 5th Annual Cyber Camp June 12-15, 2017, at Daytona State College. During the four-day camp, 40 9th-12th grade students engaged with experts in discussions of cybersecurity and cyberforensics and participated in hands-on exercises and competitions.

Middle Georgia State University hosted an IT summer camp June 13-14, 2017, for 40 high school students. Topics included cybersecurity, robotics, game design, and mobile applications development. 

Trident Technical College supported the 5th annual Palmetto Cyber Defense Competition and the 2nd annual Palmetto Digital Cyber Forensics Competition in April 2017. The events were cosponsored by the Armed Forces Communications and Electronics Association (AFCEA) and SPAWAR SSC Atlantic. In July 2017, Trident will sponsor the 4th annual "Girls Day Out," a weekend of cyber- and STEM-related activities for underserved middle school students.

South Piedmont Community College hosted a Cyber Summer Camp for 22 9th-12th grade students on June 12-13, 2017. On July 1, the college will also support the 2017 InfraGard Summer Camp for 30 high school students at Microsoft's Charlotte campus, along with private and public sector organizations such as Microsoft, the FBI, Abagnale & Associates, FireEye, Cisco, PhishMe, Dell Secure Works, Lockfale, Wells Fargo, and Bank of America.

CATALYZING COMPUTING AND CYBERSECURITY IN COMMUNITY COLLEGES (C5) (http://www.c5colleges.org)

The C5 Mentoring Program assisted 14 community colleges from 14 states, as well as four universities from four states, in submitting successful applications for National Center of Academic Excellence in Cyber Defense designations from the National Security Agency and Department of Homeland Security. The new designations were conferred during a ceremony in Huntsville, AL, on June 7, 2017. The new CAE2Y designations for the community colleges brings the total number of CAE2Y institutions to 46.

Three C5 instructional modules -- Applied Cryptography, Secure Scripting, and Responsible Software Development -- have been completed, pilot-tested, and revised, and will be broadly disseminated in three workshops at the Community College Cyber Summit (3CS) on June 28-30, 2017. Four more modules -- Cybersecurity Principles, Cybersecurity Treats and Countermeasures, Security Risky Data, and Cybersecurity and Society -- have also been developed and will be presented during workshops at 3CS. All C5 instructional modules are aligned with the NSA CAE2Y Knowledge Units (KUs), the College Board Advanced Placement Computer Science Principles (AP CSP) curriculum framework, and the ACM Computer Science Curricular Guidelines (CS2013).

CENTER FOR SYSTEMS SECURITY AND INFORMATION ASSURANCE (CSSIA) (http://cssia.org/)

In April 2017, the National Security Agency and Department of Homeland Security designated Moraine Valley Community College, home of CSSIA, as the "Hub" CAE Regional Resource Center (CRRC) for the North Central Region. In this role, the center will promote new applications for CAE designation, assist institutions and their faculty in the application and re-application process, and build a community of CAE institutions in the North Central Region.

In summer 2017, CSSIA's National Faculty Development Institute will offer the following workshops aimed at building the technical credentials and classroom skills of community college faculty: CISSP (Certified Information Systems Security Professional) Bootcamp for Community College Faculty; CISA (Certified Information Security Auditor) Bootcamp for Community College Faculty; Powershell Scripting for Cybersecurity Professionals; Python Scripting for Cybersecurity Professionals; Introduction to Cybersecurity Professions; and Industrial Control Systems Security and SCADA (Supervisory Control and Data Acquisition). For the schedule, see http://www.cssia.org/cssia-training.cfm.

CSSIA has published over 300 lab exercises that can be downloaded and used in any classroom. These labs are also available in the CSSIA Virtual Teaching and Learning Environment. For access to this environment, contact John Sands at sands [at] morainevalley.edu (sands[at]morainevalley[dot]edu).

In July 2017, CSSIA will host a US Cyber Challenge summer camp.

CYBERWATCH WEST (http://www.cyberwatchwest.org)

In April 2017, the National Security Agency and Department of Homeland Security designated Whatcom Community College, home of CyberWatch West, as one of four CAE National Resource Centers (CNRCs). In this role, the center will focus on mentoring and will lead the CAE-CD Application Assistance Program, guiding university and college administrators and faculty through the rigorous application process for the CAE-CD designation.

CyberWatch West will assist Highline College in Des Moines, WA, in hosting the first International Collegiate Cyber Defense Invitational (ICCDI) competition on June 20-22, 2017. This competition is modeled after the U.S. National Collegiate Cyber Defense Competition. To date, higher education institutions from Indonesia and Namibia, as well as two U.S. universities (the University of Central Florida and Brigham Young University), have committed to participate.

CyberWatch West will sponsor the National Centers of Academic Excellence Virtual Career Fair on October 13, 2017. This online job fair will connect students from CAE-designated schools to employers looking to fill internships, part-time positions, and full-time positions. The event will take place from 8:00 a.m. to 11:30 a.m. PDT. Employers interested in participating should e-mail cyber [at] csusb.edu (cyber[at]csusb[dot]edu). Participation is free. Registration for students from CAE-designated institutions will open on the CAE Community web site (https://www.caecommunity.org/) in July 2017. Students will also have an opportunity to participate in professional development activities prior to the job fair in order to strengthen their resumes and prepare for interviews.

CYBER SECURITY EDUCATION CONSORTIUM (CSEC) (http://cseconline.net/2014/

CSEC will host an Industrial Controls Security (ICS) Summit on July 11-12, 2017, at Jackson State Community College. The purpose of the summit is to develop an advanced technical certificate program that will educate front-line technicians about how to identify the threats, exploits, and vulnerabilities that threaten ICS network infrastructures and how to apply countermeasures to thwart potential cyber-attacks.

Learn more at www.atecenters.org/st/) and www.nsf.gov/ate)

National Centers of Academic Excellence in Cybersecurity

Twenty-two institutions were recently recognized by the National Security Agency and the Department of Homeland Security for meeting the requirements of the National Centers of Academic Excellence in Cyber Defense (CAE-CD) Program at a ceremony on June 7, 2017 at the National Cyber Summit in Huntsville, Alabama. An additional ten institutions will be recognized at a ceremony at the NICE conference in November 2017. This brings the total number of institutions participating in the National CAE-CD Program to 226, located in 45 states, the District of Columbia and the Commonwealth of Puerto Rico. The NSA/DHS Cyber Defense programs are designed to encourage more U.S. academic institutions to educate future cyber warriors. A full list of CAE-CD designated Institutions can be found at https://www.iad.gov/NIETP/reports/current_cae_designated_institutions.cfm

Learn more at www.caecommunity.org

GenCyber

The GenCyber Program, sponsored by the National Security Agency and the National Science Foundation, offers free cybersecurity summer camps to K-12 students and teachers at universities across the Nation.  The program intends to generate more awareness and interest in cybersecurity.  

Learn more about the camps at www.gen-cyber.com

NICE Cybersecurity Workforce Framework

Comments on the 2016 NICE Framework draft were gathered through January 6, 2017, and NIST Special Publication 800-181 (Rev. 1), the NICE Framework, will be published in June 2017. Concurrent with the publication, additional resources will be posted around the NICE Framework including a description of the revision process.

Learn more here.  

Funded Projects Updates:

 

The U.S. government provides funding to third parties to develop products that will help advance cybersecurity education, training, and workforce development needs. The following are a few of those projects.

NICE Challenge Project 
The NICE Challenge Project has officially reached a major milestone. It now has over 100 officially registered educational institutions in the United States. Having reached that milestone easily right at the start of the 2017 cybersecurity education conference circuit, it is well on its way to reaching 150+ by the end of the year. Of the conferences being held this year, the representatives of the project are now officially attending and speaking at the following events: National Cyber Summit, IAS, 3CS, & the NICE Conference.

The project is also expected to have some major releases this summer including the official 1.0 release of its web application, bringing it out of beta, as well as a new challenge environment. As of the end of spring, there are 60+ challenges available within the Operate & Maintain challenge environment. Development and content decisions are driven not only by our strategic vision, but by the extremely valuable feedback we receive from our growing user base, whom we are privileged to work with on this journey forward in creating the next generation in hands on cybersecurity content.

Learn more at www.nice-challenge.com

CyberSeek

The CyberSeek team is in the process of a scheduled update. CyberSeek will soon include certification data from GIAC and will be refreshing the job posting data. Since its November, 2016 launch, CyberSeek.org has received over 100,000 unique page views, reflecting the site’s growing presence as a go-to resource for cybersecurity jobs supply/demand analysis and career path guidance. During this time period, there were 640 press mentions of CyberSeek, reaching a potential audience of 13.2 million.

Learn more at www.cyberseek.org

National Integrated Cyber Education Research Center

The landscape of K-12 cyber education continues to evolve with a monumental importance for building the fundamental knowledge, skills and abilities of today’s students for tomorrow’s growing cyber workforce. The Department of Homeland Security Cybersecurity Education Training and Assistance Program (CETAP), in partnership with the Cyber Innovation Center and its National Integrated Cyber Education Research Center (NICERC) continue to positively influence the K-12 classroom through project driven, cyber-based curricula and professional development programs for teachers in order to begin systematically empowering educators with the resources needed to prepare our students and our future workforce. These resources, available to every K-12 educator at no cost, span across the county with teachers from all 50 states accessing and integrating the curricula into their classrooms. In addition, partnerships with state departments of education are being solidified to seamlessly integrate concepts of cybersecurity into existing math, science and liberal arts state-level standards.

Learn more at www.NICERC.org

Regional Alliances and Multi-stakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development

The RAMPS groups met at the National Cyber Summit on June 7, 2017 in Huntsville, Alabama to discuss accomplishments and planned efforts for their programs. Some of these are described below in each group’s summary. The groups also participated in a panel session during the Education and Workforce Development Track at the conference to provide the audience insight into how they are building successful regional partnerships and take questions from the audience.

THE PARTNERSHIP TO ADVANCE CYBERSECURITY EDUCATION AND TRAINING (PACET)

One of PACET’s many initiatives under the RAMPS program is to develop and provide C-suite training this summer to improve understanding of different elements of cybersecurity to better meet security needs of organizations. PACET is also actively involved in higher education and K-12 initiatives such as virtual labs, course mapping to the NICE Cybersecurity Workforce Framework, and week-long cybersecurity camps.

Learn more at www.albany.edu/facets 

THE HAMPTON ROADS CYBERSECURITY EDUCATION, WORKFORCE AND ECONOMIC DEVELOPMENT ALLIANCE (HRCyber)

HRCyber has been helping to promote cybersecurity career awareness through Cyber Saturday activities. By hosting Cyber Saturdays at partner community colleges, HRCyber has brought together high school students and parents to teach them about education pathways as well as participate in hands-on technical activities. Learn more about HRCyber’s coordination with local institutions and industry at their website below.

Learn more at www.securitybehavior.com/hrcyber

CINCINNATI-DAYTON CYBER CORRIDOR (Cin-Day Cyber)         

The Southwestern Ohio collaboration are actively engaged with their local industry organizations in bringing them together with local cybersecurity talent pools. Recently, the group sponsored an event with the Air Force Institute of Technology to bring employers to a platform where students could present their research and findings to them. The group had also hosted mixers and other events with local educational institutions and their career services departments.

Learn more at www.soche.org

CYBER PREP PROGRAM                                                          

The Pikes Peak regional cybersecurity alliance has been hard at work implementing certificate programs in their community college programs and in local high school districts. The program is also working with local students and companies to coordinate paid internships. A pilot of this program showed interest from 44 students. Learn more about the Pikes Peak Cyber Prep program and how they’re supporting hands-on learning, apprenticeship programs, and more at their website below.

Learn more at www.ppcc.edu/cyberprep

THE ARIZONA STATEWIDE CYBER WORKFORCE CONSORTIUM                                      

The consortium has been busy promoting cybersecurity career awareness in their region through hosting local security competitions, providing talks at Comic Con, offering workshops at local high schools, and more! They’ve also been coordinating with the local YearUp program and Registered Apprenticeship program to help prepare students in joining the cybersecurity workforce.

Learn more at www.ArizonaCyber.org

NICE Working Group Updates:

 

The NICE Working Group (NICEWG) continues to work toward identifying and producing deliverables that energize and promote cybersecurity education, training, and workforce development. For example, the Competitions subgroup recently created a “Ten Things Parents Need to Know about Competitions” letter that provides an overview of cybersecurity competitions and describe the benefits of young people participating in them. The Competitions group is actively seeking input on interests and accomplishments in competitions.

Discussions on projects like these and more take place monthly in each of the following five subgroup areas: K-12, Collegiate, Competitions, Training and Certifications, and Workforce Management.

Learn more about the NICE Working Group or sign up to participate in the NICE Working Group at the Working Group’s website.

Key Dates:

 

Cybersecurity Education and Workforce Development Stakeholder Engagement Program August 1, 2017

NIST is soliciting applications from U.S.-located, non-Federal entities to assist NICE in its outreach efforts to the cybersecurity education, training, and workforce development community. NICE seeks to provide assistance to an organization engaged in building national (and exploring international) relationships to further advance outreach with a year-round communication strategy and capping that engagement by planning and holding the NICE Annual Conference in the continental United States for up to the next five years. 

The deadline to apply for this funding opportunity is August 1, 2017.

Learn more at www.nist.gov/news-events/news/2017/05/notice-funding-opportunity-cybersecurity-education-and-workforce

NICE Annual Conference & Expo 2017 November 7-8, 2017

Register Today!

The 8th annual NICE Conference and Expo will be held on November 7-8, 2017 at the Dayton Convention Center in Dayton, Ohio. This year’s theme, "Challenging the Status Quo: Building a Robust and Sustainable Cybersecurity Ecosystem," aims to help shape the way in which the nation identifies, educates, trains and builds our 21st-century cutting-edge Cybersecurity Ecosystem. The conference will feature three tracks in the following areas:

  • Education & Training — Developing Cybersecurity Talent
  • Collaboration — Nurturing Cybersecurity Communities in Academia, Industry, and Government
  • Professional Development — Keeping Pace with Technology and Education

The conference will also feature the following 3 pre-conference seminars on November 6, 2017:

  • Critical Success Factors for a Cybersecurity Apprenticeship Program
  • How to Build Robust Internship Programs Between Employers and Academic Institutions
  • Application and Uses of the NICE Cybersecurity Workforce Framework

Learn more and register at www.fbcinc.com/nice/

NICE K-12 Cybersecurity Education Conference December 4-5, 2017

Save the date for the NICE K-12 Cybersecurity Education Conference! The conference will be held on December 4-5, 2017 in Nashville, Tennessee. The conference will convene thought leaders from education, government, industry, and non-profits to address how K-12 education is uniquely positioned to accelerate learning, increase skills, development, identify methods to best nurture a diverse learning community, and provide approaches to guide career development and workforce planning for today’s youth.

 Learn more at www.k12cybersecurityconference.org/

NICE Webinars

  • On April 19, 2017, NICE hosted a webinar on “Rethinking Credentials for Cybersecurity Careers” in which attendees learned about several national initiatives to rethink credentials with which the NICE community might engage. Learn more here.
  • On June 5, 2017, NICE hosted a special edition webinar on “The President’s Executive Order on Cybersecurity Workforce: Next Steps and How to Engage” that provided an overview of the cybersecurity workforce provisions of the Executive Order, presented a summary of existing federal government legislation and programs for additional context, and described plans to engage the community to collect input and receive feedback. Learn more here.
  • On June 21, 2017, NICE hosted a webinar on “Positioning the National Guard to Augment the Cybersecurity Workforce” that explored how the National Guard or civilian organizations can be used to build and expand the Nation’s cybersecurity workforce. Learn more here.

NICE webinars are free to attend, but registration is required.

Learn more, view webinar recordings, and more here. 

 

Information technology, Cybersecurity and Cybersecurity education and workforce development
Created June 26, 2017, Updated November 27, 2018