Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NICE 2018-19 Winter eNewsletter

| Featured Article | NICE Framework in Focus | Academic Spotlight | Industry Spotlight | Government Spotlight | Affiliated Program Updates | Funded Project Updates | NICE Working Group Updates | Key Dates |

Subscribe to the NICE eNewsletter


Rodney Petersen
Welcome! As we approach the end of 2018 and reflect upon all that we have accomplished as a community (See 2018 Accomplishments), I am reminded of how grateful the NICE Program Office is for how we have united together “to promote and energize a robust and integrated ecosystem of cybersecurity education, training, and workforce development.” Together, we will continue to Grow and Sustain a Cybersecurity Workforce that will enable the United States to “prepare, grow, and sustain a national cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity.” (See Report to the President)  
The Winter edition of the NICE eNewsletter highlights innovative efforts to accelerate learning and skills development such as a new 11-month associates degree program that is being introduced in Indiana. As we seek to increase the quantity of individuals prepared to assume careers in cybersecurity, we must also work to increase the quality of education and training programs which is why the article about ABET accreditation for cybersecurity degree programs is so critical and timely. Our emphasis at NICE about the community building orientation of our work and importance of regional partnerships is also demonstrated by an article that describes Cyber NYC, an example of a public-private partnership led by the New York City Economic Development Corporation. 
Finally, state governments increasingly recognize the imperative of cybersecurity workforce development for their state and local communities; which is why North Dakota is pursuing a comprehensive, statewide approach to computer science and cybersecurity education and workforce training. These collections of articles are an indication of how we are “Getting Things Done” as a community and demonstrate that we are “Better Together”.

Featured Article

CYBERSECURITY WORKERS NEEDED ASAP:  ACCELERATED PATHWAY TO A CYBERSECURITY DEGREE
By Chris Schilling, Director of Marketing and Communications, Ivy Tech Community College Columbus

At an old psychiatric hospital in rural Indiana, college students are learning some of the most advanced techniques to thwart online hackers and protect the nation’s cyber network.  They are enrolled in Ivy Tech Community College’s Muscatatuck Cyber Academy – an 11-month program in which they can earn an Associate Degree in Cyber Security and study in one of the most unique, state-of-the art facilities in the world.

Ivy Tech is Indiana’s community college network with 19 campuses statewide. The Columbus campus, located about an hour south of Indianapolis, collaborated with the Indiana National Guard to create the Muscatatuck Cyber Academy. The program is housed at the Muscatatuck Urban Training Center, a former state developmental center that was transformed into the U.S. Department of Defense’s largest urban training facility in the country.

The proximity of Ivy Tech Columbus to National Guard facilities in southcentral Indiana helped pave the way to creating the accelerated pathway to a cybersecurity degree. The Columbus campus sits just 12 miles south of Camp Atterbury, a military training base, and 30 miles northwest of Muscatatuck Urban Training Center.

Ivy Tech Columbus Chancellor Dr. Steven Combs had discussed teaming with the National Guard on a project. When he toured the training center in 2016, it sparked the idea of offering college courses at the site. The College’s cybersecurity program was the perfect fit.

“The National Guard has long been a good neighbor, and now we are teammates with them in developing a well-trained workforce that can defend and repair online infrastructure for businesses and our country,” Dr. Combs said. “The Muscatatuck Cyber Academy provides high-quality cybersecurity education and training, giving Ivy Tech another pipeline to prepare the workforce for the growing cybersecurity industry.”

The 11-month accelerated format of the program is based on the College’s Associate Accelerated Program (ASAP), which helps high school graduates earn an associate degree in less than a year. This is made possible through a rigorous course schedule in which students are in class daily, much like a full-time job. The students in the accelerated program also operate as a cohort, enabling them to build relationships and support each other.

NICE eNews Cyber Academy

Figure 1

The program, which has Center of Academic Excellence 2-Year (CAE2Y) designation, is open to civilians and service members of all military branches. The inaugural cohort includes more than 40 students, ranging in age from 17 to 60. They came from all over Indiana, and some students are from other states. Through the assistance and partnership of the National Center for Complex Operations, free on-site housing also was made available to the inaugural cohort of students.

Muscatatuck provides a globally unique complex urban operating environment to conduct live and virtual testing, training and evaluation. The multi-domain range includes a physical metropolitan infrastructure; a rural and urban landscape with over 200 brick and mortar structures; a managed airspace; a 180-acre reservoir; and a cyber “live-fire range” (CyberTropolis) capable of supporting live offensive and defensive operations. These domains are part of the complex battlefield of the 21st Century that includes land, maritime, air, the human element, and cyberspace.

Muscatatuck's CyberTropolis is embedded in a real city with a robust and realistic electromagnetic environment, telecommunications infrastructure and a well-developed, closed network wireless environment consisting of 2G, 3G, and 4G LTE, Wi-Fi and other RF technologies.

NICE eNews Cyber Academy 3

Figure 2

“The experiences that Muscatatuck can provide our students are unparalleled and will equip them to be ready for rewarding careers,” said Pam Schmelz, Department Chair of the Ivy Tech Columbus School of Information Technology. “Upon completion of the 60 credit-hour program, the students will earn an associate degree and have an opportunity to earn three industry-recognized certifications that will that will make them stand apart from other potential candidates in meeting the needs of our state’s employers.”


NICE Framework in Focus

A profile of a cybersecurity practitioner to illustrate application of the NICE Cybersecurity Workforce Framework categories, specialty areas, and work roles.

NICE Framework Categories: 

Oversee and Govern/Protect and Defend: Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work. / Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.

NICE Framework Specialty Areas/Work Roles: 

Specialty Areas: Program/Project Management (PMA) and Acquisition, Incident Response, Vulnerability Assessment Management

Work Roles: IT Program Auditor, Cyber Defense Incident Responder, Vulnerability Assessment Analyst

Name: Miguel Ramirez

NICE Miguel Ramirez

Title: IT Security and Compliance Apprentice

Organization: Department of Information Technology, State of North Carolina

Work Roles: IT Program Auditor/Incident Response/Vulnerability Assessment Analyst

Academic Credentials: Cybersecurity Technician Apprentice Certificate, North Carolina Community College System; Cybersecurity Technician Certificate, Office of Apprenticeship, U.S. Department of Labor

Certifications: Certified Information Systems Security Professional (CISSP); PCEC - Cybersecurity Essentials Certification, Palo Alto Networks

Q: Hello, this is Rodney Petersen, the Director of the National Initiative for Cybersecurity Education. Thank you for joining us today for our Framework in Focus interview where we're joined by Miguel Ramirez, who recently completed an apprenticeship program with the Information Technology Department in the State of North Carolina. Miguel, thank you for participating in this interview.

A: You're welcome, Rodney.

Q: Miguel, please explain your role and responsibilities as an IT security and compliance apprentice.

A: My role as an IT security and compliance apprentice consisted of vulnerability management and assisting with compliance regarding state regulations and also PCI TSS framework. The State of North Carolina has PCI networks, PI networks, and also other networks. We have to be compliant with the state's laws and regulations, and also industry standards such as PCI TSS. I also was part of an in-house SOC team. We monitor incidents and events using SIMs and IPS alerts and my role was to track them down, find the system in play, and determine whether there was a false positive or an actual threat that needed to be escalated or resolved, if possible on-site. That sums it up.

Q: What does it mean to be an apprentice? Were you an employee, were you a student, were you doing this as an internship? Describe what the apprenticeship experience was like for you.

A: The apprentice experience was a little of both school, I worked for Innovative Systems Group, they were my sponsor. They provided schooling on Fridays. It was a work day sitting in a lab with an instructor going over materials. We focused on pen testing, vulnerability assessment, and different tools we might use in the state. Then, Monday through Thursday was a regular week as an analyst. When I first started it was more shoulder surfing, learning the tools. The state sent me to different classes to learn the different tools that we use, and also online resources so I could be a little bit productive. Within six months or so, I would say I was very comfortable with the tools and the processes, but I was still learning the environment. One of the hardest things in government is learning the environment. It is so complex and so vast that in order for you to put your skills to work you have to know who to contact. You don't play by yourself. It's a team of layers of people you work in sync with to resolve issues and get things done. That was my role.

To listen to the full audio interview with Miguel Ramirez, IT Security and Compliance Apprentice, Department of Information Technology, State of North Carolina, click on the audio below.

Download a transcript of the interview


Academic Spotlight

MOVING THE NEEDLE: SECURING CYBERSECURITY IN COMPUTING CURRICULA VIA ACCREDITATION
By Larry Jones, President, ABET; Allen Parrish, Associate Vice President for Research, Mississippi State University; and Rajendra Raj, Professor of Computer Science, Rochester Institute of Technology

A core responsibility of a profession is to ensure its practitioners possess specialized knowledge and skills to be used in service to the public. With the enormous impact of cyber threats on the world, there is no doubt that cybersecurity practitioners must rally around this obligation. Not only must cybersecurity be included in all computing education, but there should also be procedures to ensure consensus on accreditation standards and that the quality of programs is being maintained. ABET accreditation can be an important part of making this happen.

What is ABET?

First, a bit of background about ABET. The letters A.B.E.T. originally stood for Accreditation Board for Engineering and Technology. But over the last 80 years the scope has broadened, and now ABET accredits computing, applied and natural science, and engineering technology programs. So, the acronym was dropped, and it became simply ABET. Founded in 1932 as a non-governmental non-profit, ABET has evolved to become a world leader in the accreditation of technical higher education programs. At present, ABET accredits 4,005 programs in computing, engineering, sciences and technology at 793 colleges and universities in 32 countries. As part of the accreditation process, ABET requires programs to have and follow a continuous improvement process to assess how well its graduates are meeting their intended learning outcomes and to take action to ensure improved learning.

The ABET Accreditation process is carried out by four Accreditation Commissions: Applied and National Science Accreditation Commission (ANSAC), Computing Accreditation Commission (CAC), Engineering Accreditation Commission (EAC), and Engineering Technology Accreditation Commission (ETAC). Each commission sets accreditation standards for specific program areas and degree levels. Besides setting the standards for degree programs, these commissions are responsible for reviewing educational programs and making the final accreditation decision for each program. In addition, each accreditation commission is responsible for the continuous review and enhancement of its criteria, policies, and procedures.

Bachelor level computing programs are accredited by ABET’s Computing Accreditation Commission (CAC) and must satisfy the CAC accreditation criteria, which are composed of General Criteria and various Program Criteria. All computing programs must satisfy the general criteria while specialized programs for which Program Criteria exist must also be satisfied. Program criteria exists for computer science, information systems, information technology, and starting this year, cybersecurity. A computer science program needs to satisfy both the general criteria and the computer science program criteria. Similarly, a cybersecurity program would need to satisfy both the general criteria and the cybersecurity program criteria. Which criteria are assigned to a program depends on the program name, thus allowing ABET to evaluate programs for “truth in advertising.”  


Proposed Cybersecurity Program Criteria Cybersecurity and Similarly Named Computing Programs
Program criteria for computing programs using cybersecurity, computer security, cyber operations, information assurance, information security, or similar terms in their titles

Student outcomes must include:

  • Ability to apply security principles and practices to the environment, hardware, software, and human aspects of a system.

  • Ability to analyze and evaluate systems with respect to maintaining operations in the presence of risks and threats.

Curriculum: 

Forty-five (45) semester credit hours of computing and cybersecurity course work to include:

1. Crosscutting concepts of confidentiality, integrity, availability, risk, and adversarial thinking.

2. Data Security

3. Software Security

4. System Security

5. Human Security

6. Organizational Security

7. Societal Security

8. Advanced cybersecurity topics

9. At least 6 semester credit hours (or equivalent) of mathematics that must include discrete mathematics and statistics.


What is ABET doing to address the cybersecurity crisis?

First, starting in 2018, Computing Programs General Criteria 5: Curriculum includes a requirement to cover the “principles and practices for secure computing” appropriate to the program’s discipline. This means all computing programs accredited by the CAC/ABET from the 2019-20 accreditation cycle will have to demonstrate that their students are learning cybersecurity appropriate to their discipline. Computer science students will need to learn about security in terms of writing code, using databases, and understanding secure networking protocols. Information technology students will need to learn how to secure deployed systems and network routers. Other computing students will need to learn security appropriate to their discipline.

Second, the advent of the new cybersecurity criteria means that graduates will need to learn appropriate curricula as described in cybersecurity program criteria, which are essentially an operational version of the CSEC2017 curricular guidelines developed by the Joint Task Force of the ACM, IEEE-Computer Society, Association for Information Systems (AAIS) and International Federation for Information Processing (IFIP). While the cybersecurity criteria apply to computing programs named “cybersecurity” or similar, ABET also simultaneously developed similar “cybersecurity engineering” criteria that apply to engineering programs with a “cybersecurity” modifier (e.g., “cybersecurity engineering”).

Finally, the continuous improvement processes required of each accredited program ensures that the programs are assessing student learning and evaluating the results to effect improvement as needed.

What’s the progress on moving the needle?

Over the next six years, all 500+ computing programs will be up for re-accreditation. These programs will have to incorporate the level of cybersecurity required by the general criteria. Many of these schools are doing little or no security in their courses of study and will need to incorporate appropriate security into their programs.

In a recent report to the President on Enhancing Resilience Against Botnets, there is the recommendation for the government to encourage the academic and training sectors to fully integrate secure coding practices into computer science and related programs. Adding security to the general criteria is an important first step to making this recommendation a reality, as well as increasing participation by institutions who might not be otherwise involved.

Regarding specialized programs in cybersecurity, there are four accredited cybersecurity programs: South East Missouri, U.S. Naval Academy, U.S. Air Force Academy, and Towson University, that opted to pilot the new cybersecurity program criteria. Now that these program criteria are officially available, ABET anticipates a rapid growth in cybersecurity programs that will opt to get accredited.

Building on prior work by the NSA/DHS Centers of Academic Excellence, the NICE Cybersecurity Workforce Framework and the Cyber Education Project initiative, ABET is pleased to catalyze a change for the better in the presence of security within computing educational programs. ABET envisions enormous potential to impact cybersecurity programs within computing education.


Industry Spotlight

CYBER NYC: INCLUSIVE INNOVATION IN CYBERSECURITY WORKFORCE DEVELOPMENT
By Brigit Goebelbecker, Project Manager, New York City Economic Development Corporation

Cyber NYC is a $100 million public-private investment led by the New York City Economic Development (NYCEDC) Corporation to grow the local cyber ecosystem. Through a suite of programmatic investments, NYCEDC will develop the cyber workforce, help companies drive innovation, and build new networks and community spaces to foster collaboration. Together, these programs will catalyze 10,000 jobs over the next ten years.

Jobs are the primary aim of Cyber NYC because the single most important obstacle to cybersecurity industry growth is the talent gap. According to CyberSeek, there are currently about 20,250 cybersecurity job openings in the New York City metropolitan area. At the same time, the supply of cybersecurity workers in the same area is listed as “Very Low,” with a supply/demand ratio of 3.1. While New York City is home to more Fortune 500 companies than any other U.S. city, and has a diverse workforce over 4 million strong, a coordinated approach between government, industry, and educational institutions is necessary to match the acute need of New York employers with the energizing potential of the local workforce. To do so, Cyber NYC has launched six interventions that fall under three core areas:

NICE Cyber NYC Description
  1. Develop the Cyber Workforce of the Future: Expand access to cybersecurity careers by reframing the education experience
  2. Catalyze the Next Billion Dollar Company: Build a thriving ecosystem that nurtures, connects, and propels cybersecurity entrepreneurs 
  3. Establish NYC as an International Landing Pad: Convene the cybersecurity industry in meaningful, innovative, and lively settings to attract attention and investment from around the globe

While these six interventions strive to build a competitive cybersecurity industry in New York City, the foundation of this industry lies in a reliable talent pool. Cyber NYC has developed two, industry-driven workforce development programs that target students and job-seekers post–high school.

  1. The Applied Learning Initiative is run by a City University of New York-led consortium that includes Columbia University, New York University, Cornell Tech, and an online educational platform, iQ4, to provide industry-informed learning experiences to prepare students for the job market. From the development of a new one-year master’s program at City College, built in collaboration with Facebook, to a Stackable Credentials Program led by NYU, the Applied Learning Initiative will integrate experiential learning inside and outside the classroom and provide students and faculty alike, exposure to industry challenges and practitioners. In this way, Cyber NYC will build a cybersecurity education system that is flexible, accessible, and practical—broadening and diversifying New York City’s talent pipeline.
  2. The Cyber Boot Camp program prepares individuals from underserved communities for local jobs in cybersecurity through an accelerated training program. Run by Fullstack Academy, and LaGuardia Community College, the boot camp is a targeted intervention to quickly build a steady stream of diverse talent.

By bringing together universities, students, and industry partners, the Applied Learning Initiative and Cyber Boot Camp will change how cybersecurity is taught in New York City, widen the talent pipeline, and prepare thousands of students for the labor market. The Cyber Boot Camp will place more than 1,000 students in jobs that have an average starting salary of $65,000 over the first three years of the program. With industry partners like PWC (who have committed to hiring graduates of the programs) and Goldman Sachs (who are co-developing lesson materials), Cyber NYC will combine innovative educational opportunities with direct connections to industry pipelines.

The NYCEDC is committed to making New York City’s economy fairer and stronger for all New Yorkers, and Cyber NYC is simply one example of how a comprehensive workforce intervention can expand access to economic development. By creating new career pathways for more New Yorkers, Cyber NYC will prove that comprehensive investments in cybersecurity talent can transform the economic and social fabric of a city. 

Learn more about Cyber NYC here, and read our white paper here.

About the Author:
Brigit Goebelbecker is a Project Manager at the New York City Economic Development Corporation and works on Cyber NYC. With a background in service design and international development, she is passionate about using technology to build stronger communities. She may be reached at bgoebelbecker [at] edc.nyc.

About NYCEDC: 
New York City Economic Development Corporation is the City's primary vehicle for promoting economic growth in each of the five boroughs. NYCEDC's mission is to stimulate growth through expansion and redevelopment programs that encourage investment, generate prosperity, and strengthen the City's competitive position. NYCEDC serves as an advocate to the business community by building relationships with companies that allow them to take advantage of New York City's many opportunities. Find us on Facebook or follow us on Twitter(@NYCEDC) or visit our blog to learn more about NYCEDC projects and initiatives.


Government Spotlight

TEACHING TECH -EVERY STUDENT, EVERY SCHOOL, CYBER EDUCATED
By Shawn Riley, CIO, North Dakota Information Technology Department

North Dakota has received accolades as a great place to live, work and do business. Our workforce is highly engaged, industries from agriculture and energy to the Unmanned Aerial Systems (UAS) sector are thriving, and we have a phenomenal ecosystem of public and private sector partners committed to growing our state’s economy and supporting our students and workforce.

We also have our eye on the prize: in a world where virtually every industry is being impacted by technology, we are growing our economy and helping set students up for success with a focus on computer science and cybersecurity education. 

The jobs of today and tomorrow involve significant emphasis on technology skills, which is why North Dakota is pursuing a comprehensive, statewide approach to computer science and cybersecurity (CCS) education and workforce training, with a goal of, “Every Student. Every School. Cyber Educated.” This “K-20W” Initiative (kindergarten through PhD and workforce) reflects a whole-of-government approach to helping students and businesses compete and succeed in a global economy. 

Technology expertise is essential in a world where every state is competing nationally and globally for talent and capital. Regardless of career path, giving students at all grade levels access to integrated curricula, coding, robotics and similar programs creates a fun, meaningful learning experience that can also open the door to rewarding careers.  

North Dakota was recently recognized in a Brookings Institute Report for being a center of economic vitality, as described in this recent article. Indicators include: wage growth of 2.3% a year, compared with .8% for the rest of the country. Just over eighty percent (80.9%) of the state’s working-age population is employed, second only to Minnesota, and GDP per capital rose at 3% a year, the fastest in the country, with productivity growing at a ‘sizzling’ 2.4% annually.

These statistics illustrate a strong economy and continued leadership in key sectors. They also illustrate why we need to promote computer science and cybersecurity education and training. The applications and opportunities are endless:

  • Precision agriculture relies on connected sensors and equipment to identify levels of moisture, crop growth, soil nutrients and other factors with pin-point accuracy, helping farmers be more efficient and increase production;
  • The energy industry is benefitting from technologies that are expanding our access to shale, natural gas and other natural resources, while improving safety and environmental protections;
  • UAS and counter UAS efforts in the state are booming, with demonstrable benefits in everything from wind turbine inspection, to high-res crop photography (a key element in precision agriculture), to private sector and military opportunities globally.
  • Small and rapidly growing business like Co-Schedule and Protosthetics have chosen North Dakota because of our tech-friendly ecosystem and ability to recruit and retain talent.

Our students have every opportunity to continue to help North Dakota lead and pursue high-paying, rewarding career fields that are increasingly reliant on technology expertise. But our challenge is clear. By the numbers:

Cybersecurity:  

  • Cybersecurity has virtually zero unemployment. According to CyberSeek.org there are approximately 301,873 cybersecurity job openings in the U.S., and Palo Alto Networks projects the number of cybersecurity job openings worldwide will be 6 million by 2019.  

Computer Science: 

  • There are more than 570,000 computing jobs open nationwide. 
  • Data from the Bureau of Labor Statistics shows that by 2020 there will be 1.4 million new computer science jobs, but only 400,000 computer science students. 
  • The number of computer science jobs, according to Code.org, is growing at a pace two times the national average for job growth.  

In North Dakota: 

  • There are approximately 1,108 open computing jobs, yet we have only 117 CS graduates within the state. (Source: Code.org)

The “K-20W” Initiative team is a collaborative effort with nearly 40 public and private sector partners who are committed to providing resources and training to teachers, administrators and students. Planting seeds of curiosity around technology and nurturing those interests from grade school through high school and post-secondary training will help create a 21st century technology workforce.

That’s why we’ve built strategic alliances with the National Integrated Cyber Education Research Center (NICERC), Microsoft TEALS (Technology Education and Literacy in Schools), Code.org, and the National Center for Women & Information Technology (NCWIT) to amplify our ability to reach rural and urban areas of the state with computer and cyber science training, certification and classroom resources. 

The North Dakota Department of Public Instruction is developing computer and cyber science standards which will be the first in the nation to emphasize cybersecurity as a main component. Our higher education institutions are creating new degree and apprenticeship opportunities, including a partnership between Bismarck State College and Palo Alto Networks that will grow the college’s Cybersecurity and Computer Networks Program.

We recognize that to compete locally, and globally, we need to create a technology literate workforce that can compete and succeed in the 21st century economy.

North Dakota is not only a great place to live, work and do business – it’s leading the way in innovative education and a future-facing approach to helping our students and communities thrive well into the future.


Affiliated Program Updates

Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs.

National Initiative for Cybersecurity Careers and Studies (NICCS)

The National Initiative for Cybersecurity Careers & Studies (NICCS)  is the nation’s one-stop shop for cybersecurity careers and studies. It connects the public with information on cybersecurity awareness, degree programs, training, careers, and talent management. The Training Catalog connects the public to over 4,000 courses every day.

As of November 2018, NICCS has published a new set of National Centers of Academic Excellence (CAEs) in Cyber Defense to be featured on the NICCS CAE Highlights page.

To show appreciation to the CAEs who contribute to the NICCS Training Catalog, each quarter we highlight two to four CAEs, and the courses they provide, on the new CAE Highlights page.  CAE’s can self-nominate themselves to be featured on NICCS. Please email niccs [at] hq.dhs.gov for additional information on our self-nomination process.

Learn more about NICCS or the CAE program: niccs.us-cert.gov or email us at niccs [at] hq.dhs.gov for more information.

National Centers of Academic Excellence (CAE) in Cybersecurity

The CAE Program Management Office will host the 2019 Executive Leadership Forum in April 2019, in Pensacola, FL. The Forum unites executive leadership from academia, industry, and government to seek collaborative strategies and solutions to advance cybersecurity.

Learn more about CAE here

NICE Cybersecurity Workforce Framework

On November 5, 2018 a half-day seminar on “International Perspectives on Cybersecurity Workforce Development” was held in conjunction with the annual NICE Conference and Expo in Miami, Florida. The seminar took stock of initiatives underway in Australia, Canada, the United Kingdom, and the United States to adopt the NICE Cybersecurity Workforce Framework to standardize the nomenclature, ensure consistency in skills development, and facilitate international mobility of the cybersecurity workforce.

In particular, the Australian representative announced a new interactive tool that uses the NICE Framework to show how cybersecurity work is described. Users of the tool can click through various categories of cybersecurity work and explore the knowledge, skills, abilities and tasks associated with each work role.

Keep up-to-date with the NICE Framework here


Funded Program Updates

NICE Challenge Project

The NICE Challenge Project develops real world cybersecurity challenges within virtualized business environments that bring students the workforce experience before entering the workforce. Our goal is to bring the most realistic experiences to students, at scale year-round, while also generating useful assessment data about their knowledge, skills, and abilities for educators.

The NICE Challenge Platform updates were abundant over the fall quarter. We finalized and released the remapping of all NICE Challenge content to the updated NICE Framework and CAE Knowledge Units. Additionally, the major user interface overhauls to the submission review and reservation curator pages are completely developed. The submission review page has been released and the reservation page will be released in the next few weeks. The new notification system and email-based logins have been pushed to spring releases while we focus on major challenge releases for the end of winter.

During the fall quarter we released a handful of new Protect & Defend challenges. Throughout the winter quarter we will be focusing almost entirely on challenge development and release.
The NICE Challenge Project has two monthly webinars for curators. The "Curator Crash Course" webinar occurs on the first Friday of every month and covers everything a new curator needs to know to get started using the NICE challenges. This includes running through a challenge, using the NICE Challenge Webportal, and discussion on integrating challenges into classes. The "Meet the NICE Challenges" webinar occurs on the third Friday of every month and covers two challenges in depth. They include possible challenge solutions and context development methodology. Each webinar is about one hour in length and requires the curator to register ahead of time. More information on these webinars and signup forms can be found at www.nice-challenge.com

The project's development and content decisions are driven not only by our strategic vision, but by the extremely valuable feedback we receive from our growing user base, whom we feel privileged to work with on this journey forward in creating the next generation in hands-on cybersecurity content. If you are a professor/staff member at an educational institution within the United States looking to sign up, or would like to learn more, head over to www.nice-challenge.com

CyberSeek

The new data from CyberSeek was announced November 7, 2018 at the NICE Conference and Expo in Miami, Florida. The new data shows that cybersecurity workers are in particular demand, even as job openings outpace job seekers in the U.S. Across all occupations, there are currently 5.8 employed workers for every job opening. Within the cybersecurity field, the ratio of existing cybersecurity workers to the number of cybersecurity job openings is 2-to-3. That means employers have fewer trained cybersecurity workers in the labor force to choose from and must look to other tactics—including retraining current workers or attracting and training new talent—to fill their needs for cybersecurity professionals.

Read the full press release here

Learn more at www.cyberseek.org


NICE Working Group Updates

The NICE Working Group welcomes Dr. José-Marie Griffiths, President of Dakota State University, as the new NICE Working Group Co-Chair representing Academia. We also welcome several new subgroup Co-Chairs including Dr. Denise Kinsey, from the University of Houston, as a new co-chair to the Collegiate Subgroup, John McCumber, ISC2, as a new Co-Chair for Training and Certifications, and David Hernandez, American Express Global Business Travel, as the new Co-Chair for K12!

Learn more about the NICE Working Group and sign up to participate at nist.gov/nice/nicewg


Key Dates

Webinar: Moving the Needle - Women in CyberSecurity, January 18, 2019

Women in CyberSecurity (WiCyS), a non-profit organization with deep roots in academia, government and industry, is driving to increase recruitment, retention and advancement of women in cybersecurity. During this engaging webinar Taly Walsh, the WiCyS Executive Director, will interview three WiCyS Board Members who offer stats, facts, and hope toward a better, more productive, and safer tomorrow.

Register or watch on-demand here

FISSEA Conference, March 27-28, 2019
Gaithersburg, Maryland

FISSEA is an annual conference that brings together managers responsible for information systems security training programs in federal agencies, contractors providing awareness and training support, and faculty members or program directors of institutions of higher education who offer certificate or degree programs in cybersecurity to federal government employees. This year’s theme focuses on “Innovations in Cybersecurity Awareness and Training: A 360-Degree Perspective.” 

Conference Tracks:

Track 1: Building Innovative Approaches to Awareness Programs
How do you build an effective cybersecurity awareness program? Now is the time to provide specifics -- what exactly is an innovative awareness program? We are looking for presentations on how your organization’s cybersecurity culture changed; institutionalizing information security into the organization’s mindset through a comprehensive awareness program (not an hour a year) – come tell us what innovations you are doing to champion and lead this transformation. In this track, we are looking for presentations that raise the bar for cybersecurity awareness programs, products, events, and activities.

Track 2: Developing Skills through Innovative Role-Based Training
How do you address individual training requirements when individuals perform multiple roles? Is it the content, the instructor, the student interaction, the delivery medium, or the location that has the most influence on training acceptance? What factors make the most difference in learner acceptance and transference? In this track, share your innovations with the FISSEA community and make a difference in shaping the behaviors of the federal cybersecurity workforce.

Track 3: Implementing Comprehensive Awareness and Training Programs
How are you using awareness and training to engage all employees at your organization? How have you built a comprehensive awareness and training program that includes managers, executives, technical, nontechnical staff? How do you ensure employees know their cybersecurity responsibilities and how they contribute to risk reduction? How do you measure performance and demonstrate benefits? In this track, we are looking for presentations that help to answer and address these questions.

Learn more, submit a presentation proposal, and register at https://nist.gov/fissea

CyberSmart Conference 2019, May 29-30, 2019
Fredericton, New Brunswick, Canada

The CyberSmart Summit was created to bring together decision-makers and practitioners in industry, government and academia to share challenges, opportunities, and best practices for cybersecurity skills and workforce development. In 2019, the third Summit will bring together colleagues from countries around the world to demonstrate how we have moved the needle and showcase the new connections and collaborations that have resulted over the last couple of years. We will also focus on updates from the Summits outcomes and take-aways from 2018. 

Save the date and learn more by visiting https://cybernb.ca/en/cybersmart-2019/

NICE Conference and Expo, November 4-6, 2019

NICE Conference 2019

Phoenix, Arizona

Save the Date for #NICECyberCon19!

Learn more at www.niceconference.org

NICE Webinars

On January 16, 2019, NICE will hold a webinar on “Computational Thinking and Skills: A Foundation for STEM and Cybersecurity Education.” This webinar will explain why acquiring computational thinking and skills are important for STEM-related careers and how to incorporate and assess computational thinking and skills as part of cybersecurity education and training programs. Learn more and register here

On December 19, 2018, NICE will hold a webinar on “Encouraging Cybersecurity Career Discovery via Career Assessment Tools.” This webinar will share best practices and explore existing tools while identifying gaps and opportunities for improvements. Learn more and register here

On November 14, 2018, NICE held a webinar on “Upskilling and Reskilling the Workforce for Cybersecurity Roles.” This webinar presented upskilling and reskilling techniques and featured educator and employer experiences. View a recording and more here

On October 10, 2018 NICE held a webinar on, “The Underserved Cybersecurity Workforce - Securely Provisioning our Future.” This webinar explored how a more aggressive approach to building more secure systems and networks could potentially relieve some of the workforce demand in other areas (e.g., "Protect and Defend", "Investigate", etc.), and the role that education, training, and workforce will play to securely provision our future. View a recording and more here

NICE webinars are free to attend, but registration is required. 
Learn more, view webinar recordings, and more here

Created December 12, 2018, Updated December 18, 2018