NICE 2019 Spring eNewsletter

| Featured Article | Academic Spotlight | Industry Spotlight | Government Spotlight | Affiliated Program Updates | Funded Program Updates | NICE Working Group Updates | Key Dates |

Subscribe to the NICE eNewsletter

---

 

Welcome to the 2019 spring edition of the National Initiative for Cybersecurity Education (NICE) eNewsletter. As we continue into another year of energizing the cybersecurity education and workforce development community, we strive to provide insightful developments from academia, industry, and government. For example, in the government spotlight article this quarter, we showcase the workforce implications of the National Cyber Strategy, including current efforts to enhance, modernize, and reward talent. In support of building and enhancing talent, the academic and industry spotlight articles focus on a shift in training approaches and introducing cybersecurity into the classroom. On the heels of taking a month to celebrate women’s history, enhancing diversity to build a stronger cybersecurity workforce is also emphasized in this edition. The featured article shares new resources for attracting, retaining, and supporting women in cybersecurity careers. This includes a report, community scan of efforts, and one pagers with actions for specific audiences. I hope that this particular article piques your interest and provides you with take-aways that you will implement in your own organizations.

Danielle Santos
Program Manager, National Initiative for Cybersecurity Education (NICE)

---

Featured Article

NEW RESOURCES TO SUPPORT WOMEN IN CYBERSECURITY
By Laura Bate, Policy Analyst, Cybersecurity Initiative, New America

Few people in the cybersecurity community are surprised to hear that women are seriously underrepresented in the field. Apart from the visible evidence of this at most conferences, various studies show that women make up only 11 to 24 percent of the field, are paid less on average in cybersecurity jobs, and are far more likely to report experiencing discrimination than their male counterparts. The problem is not new, and it does not appear to be significantly changing¹.

 

With support from NICE, New America—a public policy think tank—convened a group of experts to develop new, implementable ideas to attract, retain, and support women in cybersecurity jobs. The group included many familiar faces from the ongoing conversation on cybersecurity diversity and inclusion. On the basis that new perspectives generate new ideas, the group also incorporated outside experts in behavioral science, gender studies, venture capital and other fields that have a stake in the conversation. The project team then distilled the group’s findings into three products to share with the cybersecurity community.

One-page resources: The project participants generated a wealth of new ideas. Many of these ideas could be stand-alone projects or ideas that various influencers could implement. These ideas were the basis for the one-pagers produced as a part of the project. Each page is designed for a different category of influencers—K12 educators, higher education leaders, hiring managers, cybersecurity leaders, and partners outside the cybersecurity community. These resources are available  at NewAmerica.org.

Community scan: Throughout the process of shaping the participant list and the event itself, the project team encountered a wealth of organizations, projects, and resources dedicated to bringing women into and up through cybersecurity careers. The community scan aggregates these resources in a database that is searchable by stakeholder types (e.g., “job seeker,” “K-12 educators,” “executives,” etc.). The scan is designed both to make these resources more easily discoverable, and also to help community members to avoid duplication of effort through improved awareness of the existing community. By gathering the ongoing efforts together, users can more easily see what work is already in progress and where opportunities for new contributions exist. The scan is available at NewAmerica.org.

Report:  

Among the array of ideas generated, three higher-level themes emerged. These themes—and the next steps to implementing them—are discussed in greater detail in the project report. The first of these themes is that the cybersecurity community would benefit from a hub to facilitate coordination and build capacity among existing efforts to support women in cybersecurity and incubate initiatives that fall outside the scope of existing efforts. Second, greater alignment of incentives with the business community would create opportunities to work collaboratively to change recruitment tactics, cultural norms, and systems to enable more women to join and thrive in the industry. Third, partnerships with traditional media and social media influencers could have a profoundly positive impact on changing the narrative around work in cybersecurity and raise awareness of women in cybersecurity careers. This report is available at NewAmerica.org.

Throughout the course of the project, both the participants and project team noted that increasing the female percentage of the cybersecurity workforce is not just a matter of attracting more women and girls to the industry but supporting them through the course of their careers. Doing so will require immense structural and cultural changes. The resources developed during this project are not intended as the solution to that problem, but rather a step towards creating change. The NICE community is invited to use, improve, and engage with these resources as the community continues work towards the larger goal of bringing women into and up through cybersecurity careers.

¹More recent data shows a greater percentage of women in the field, but it is quite unclear whether this represents real growth or methodological change in the study. See https://blog.isc2.org/isc2_blog/2018/10/workforce-study-methodology-and-defining-the-gap.html

---

Academic Spotlight

INFUSING CYBERSECURITY CONCEPTS INTO PK-12 EDUCATION: THE COMPLEXITY OF INTEGRATING MULTIPLE STANDARDS
By Gretechen M. Richards, Ph.D., Assistant Professor, Emergency Management and School of Education, Center of Information Security and Assurance (CISA), Jacksonville State University, and Tommy E. Turner, Ph.D., Dean of the School of Education, Jacksonville State University

The 2018 report to the President, Supporting the Growth and Sustainment of the Nation's Cybersecurity Workforce, highlighted a number of key findings gathered from a national environmental scan. One conclusion is that, “there is an apparent shortage of knowledgeable and skilled cybersecurity teachers at the primary and secondary levels, faculty in higher education, and training instructors.” While there is a severe shortage of cybersecurity practitioners, the PK-12 teaching workforce has ballooned in size over the last two decades¹. Could investing in teachers be an easy fix to the cybersecurity workforce shortage? Trained teachers could reach a multitude of students—and a few teachers could even transfer to industry and help fill the cybersecurity workforce gap. 

But before we get too excited about investing inordinate time and money into cybersecurity training for teachers, let’s take a closer look at the teacher workforce which forms one of the largest occupational groups in the nation². Data on the increase in the number of teachers entering the workforce indicate an 89% growth in special education teachers, a 99% increase in bilingual/English-as-a-second-language teachers, and a 125% increase in the number of teachers whose main field is reading. While this ballooning effect includes many new hires who are young, recent college graduates, there is a growing number of older but inexperienced beginning teachers. Indeed, the current modal of public-school teachers is considered a beginner; still within their first three years of teaching.

In addition, over 44% of these new teachers leave teaching within five years of entry, with an increasing number exiting after just one year in the classroom. High levels of departures are worrisome not only because it is usually a symptom of an underlying problem in an organization’s function, but also because these early departures result in a continual influx of inexperienced teachers. Teachers are leaving before they are effective contributors. The schools must be continually training newcomers. High attrition can also lead to a negative perception of the profession and its environment.

While there are several reasons cited for their departure, most frequently cited reasons concerned dissatisfaction with salaries, student misbehavior, school leadership, and the growing labor intensiveness. Schools and teachers are continually being asked to take on more and more goals and tasks that were once the responsibility of family members and communities. Additional content and standards are also added to address the larger problems in our society and economy - computer science and cybersecurity being the two most current areas of national economic importance. This results in even more effort required to incorporate this subject matter in the classroom.
 
Training educators goes beyond just delivery of new content. It involves the gargantuan tasks of acquiring content knowledge, aligning it to the plethora of existing PK-12 standards, and obtaining the pedagogical skill set to introduce the newly acquired knowledge into each classroom to prepare students to be College and Career Ready. In addition, teaching via lecture-based instruction with students reciting the information received back to the instructor through verbal or written assessments is frowned upon. The change from rote-learning to a problem-based learning approach has become essential for students in the 21st century classroom because students must demonstrate their level of understanding rather than simply recite what they have learned. Design thinking is another teaching method recommended for teacher use to create collaborative, real-world environments for students. The introduction of technology in the classrooms has begun to change the traditional methods of instruction to a more collaborative environment. This requires teachers to carefully design classes that will integrate the classroom standards, subject content, and available technology into the lesson plan. However, many schools do not have the technology and internet access is unreliable to provide all classes and all students the ability to connect and learn based on the new courses of study.

Classroom Standards

Common Core, International Society of Technology Education (ISTE), and Next Generation Science Standards (NGSS) are three of the primary classroom standards teachers must integrate into their lesson plans. In addition, teachers are asked to provide instruction through engaging ways aligned to the National Board of Professional Teacher Standards (National Boards or NBPTS). The National Boards is the pinnacle of professionalism among PK-12 educators and the modules, lessons, and assessments should coincide with the National Boards to assist educators in achieving their national certification. Educators are also advised to research requirements for digital literacy, computing education, computer science, computational thinking, and other state and local standards to ensure that they have met all criterion. While the NICE Cybersecurity Workforce Framework is not a standard, it includes an alignment strategy in the example below to highlight the complexity of this field and provide a means for integration.

Alignment Example

The following example demonstrates the integration of multiple standards, assessments, and theoretical framework for a 6th grade class learning Abstraction in Alabama:

Grade 6: Module 6.1: Abstraction DLCS3  Objective: To introduce the concept and use of abstraction through process, pattern, and function. DLCS Components: Functions, pseudocode, algorithms, flowcharts—Patterns- Using Mathematics and CT. DLCS Tasks: Algorithm design, divide-and-conquer, sequencing, selection, iteration, program implementation. NICE Framework Work Roles: Software Developer, Systems Architecture, Research & Development Specialist, Database Administrator. NICE Framework Knowledge Description: Knowledge of computer algorithms. Knowledge of computer programming principles. STEM/Common Core  MP.2 Reason abstractly and quantitatively. (MS-PS2-1) 6.NS.C.5 Understand that positive and negative numbers are used together to describe quantities having opposite directions or values; use positive and negative numbers to represent quantities in real-world contexts, explaining the meaning of 0 in each situation. (MS-PS2-1) 6.EE.A.2 Write, read, and evaluate expressions in which letters stand for numbers. (MS-PS2-1) 7.EE.B.3 Solve multi-step real-life and mathematical problems posed with positive and negative rational numbers in any form, using tools strategically. Apply properties of operations to calculate with numbers in any form; convert between forms as appropriate; and assess the reasonableness of answers using mental computation and estimation strategies. (MS-PS2-1) 7.EE.B.4 Use variables to represent quantities in a real-world or mathematical problem and construct simple equations and inequalities to solve problems by reasoning about the quantities. (MS-PS2-1) NGSS: MS-PS2-1: Motion and Stability: Forces and Interactions-Newton’s Third Law Teacher CT Assessment/ NBPTS: Participants will develop a lesson plan and lab using two objects in motion that could collide or repel from one another based on Newton’s Third Law and a computer-based application. The teacher will write a reflection, video the lab activity, and collect student assignments to meet the NBPTS criteria. Student CT Assessment: Two cars at varying speeds colliding, or how to determine load bearing structures to stabilize a wall and how to remove objects while keeping the overall structure stable. Students could program a classroom robot to remove pieces of a Jenga puzzle.

The example above demonstrates the complexity of integrating multiple standards for introducing content into the classroom and aligning them with the wide range of pedological standards teachers must consider when delivering. In addition to the content and pedological requirements, today’s teachers are also asked to deliver through computational thinking, problem-based learning, or design thinking in all PK-12 classes to build soft and hard skills that help increase student outcomes in College and Career Readiness.

The movement in education towards integrating multiple standards is both overwhelming and exciting for PK-12 and college and university educators. For teachers to be truly effective in integrating the knowledge and skills into an effective learning environment, technology and cybersecurity subject matter experts need to become aware of the various standards, new teaching methodologies, soft and hard skills, as well as the critical and computational thinking skills that industries are requiring. Educators must consider and incorporate all these ideas and standards into their lessons. When this occurs, instruction for both pre- and in-service educators’ needs will be better addressed, and a course of action will be created that will lead students to achieve outcomes that will support the knowledge and skills found in college and career readiness, especially relevant for the cybersecurity workforce. Thus, designing professional development opportunities is complex, and must include pedagogical techniques, 21st Century skills, and the requisite frameworks. Application of the NICE Framework provides a means to being able to perform this integration for cybersecurity education and ensure lessons include the work roles, tasks, knowledge, skills, and abilities necessary to succeed in this growing and exciting field.

¹https://repository.upenn.edu/cgi/viewcontent.cgi?article=1109&context=cpre_researchreports 
² Bureau of Labor Statistics. (2018). Labor Force Statistics from the Current Population Survey: https://www.bls. gov/cps/cpsaat11.htm 
³ Alabama has combined Digital Literacy (ISTE) stands and Computer Science Standards to form the Alabama Digital Literacy and Computer Science (DLCS)  Program of Study: https://www.alsde.edu/sec/sct/COS/Final%202018%20Digital%20Literacy%20and%20Computer%20Science%20COS%5B5206%5D.pdf

---

Industry Spotlight

TRAIN LIKE YOU FIGHT, FIGHT LIKE YOU TRAIN; BEYOND TABLE TOP EXERCISES
By JC Vega, COL (USA Retired), Executive Security Advisor, X-Force Command Cyber Range Coach, National Security Institute Visiting Fellow, IBM Security, and Daniel J.W. King, COL (USA Retired), X-Force Command Cyber Range, Chief of Operations, IBM Security

The paradigm shift for cybersecurity crisis response training is here. If you want to prepare for a security breach,

tabletop exercises and unpracticed runbooks aren’t enough. Cyber responders, from Cyber Incident Response Teams (CIRTs) to Security Operation centers (SOCs), and from C-suites to boardrooms, require a whole-of-business response to act with confidence in dynamic, business do-or-die situations. The answer is to be found in new forms of cybersecurity crisis response training. The cyber threat environment is driving the change, where incidents happen at machine speed, and social media may be the first indication of a looming storm that will propel an organization into action, and where actions, or the lack thereof, can have a decisive impact on the end state or the aftermath. Organizations need to prepare for a worst day with an intense, immersive experience that builds your team’s critical cybersecurity and leadership skills in a realistic and gamified environment.

Have you and your staff ever participated in a leadership reaction course (LRC)? In an LRC (popular with the military and with leading MBA programs), individuals, as well as organizations, are challenged to address fast-moving challenges and their strengths and weaknesses as strategists, planners and doers are exposed. The cybersecurity version of this training is a social-technical system that blends the two environments. It offers a cybersecurity response team with immersive, realistic, flight-simulator-like training scenarios, and is designed to test the ability of individuals, leaders, and organizations to collaborate in a cybersecurity crisis. Business best-practices indicate that successful cybersecurity involves the organization a as whole, and that it is far from just an “IT Problem”. Tabletop exercises are an anachronism, and while better than nothing, notecards and role-playing are yesterday’s standard. That is not how threats and challenges manifest. The new training ideal is an environment that integrates the physical and cyber domains and replicates real business operations as well as consequences and impacts.

 

In the new cybersecurity training paradigm, the environment replicates a fusion center, an environment staffed with multidisciplinary, cross-functional professionals. An environment that is tailored and configurable to address cybersecurity challenges for any skill level participant group, from C-suite executives and government officials to practitioners and highly technical experts.

Participants are immersed in scenarios that guide and challenge an organization’s ability to respond to cyber threats across the enterprise. This new training system uses a variety of learning approaches, to build problem solving and social interaction skills, and applies gamification techniques to increase engagement and impact the event’s outcome. The participants report that running through a cybersecurity leadership reaction course like this is heart-pumping excitement and completely educational. The knowledge flow, between the experts and the audience, is frictionless.

Team of Teams focus

The environment exposes individuals and teams to realistic scenarios that blends the fusion center feel and the physicality of the LRC. The experience is guided by multidisciplinary professionals from the fields of cybersecurity, crises response, gamification, and a myriad of technical disciplines with theater, yes theater. The experience generates an incisive, and decisive experience with participants asking for more.

Another benefit of training with this scenario-based approach, is it allows teams that form from multi-stakeholder organizations to test their bonds. How well your city’s critical infrastructure cybersecurity response team works may rely on personal relationships and communication as much as technical ability. The structure of the scenarios is aimed at training a collective, teams-of-teams approach, both internally and externally. Cybersecurity crisis response demands a coordinated and collaborative effort to succeed. These training programs might bring the mayor’s office together with the utility managers, along with their physical and cybersecurity staff to conduct a training. Other teams may consist of multisector groups with a common reliance upon infrastructures like municipalities, financial and energy sectors. Teams are brought together that have interdependencies and cross-functional organizational structures. Training in a holistic manner allows participants to assess the strengths and gaps within their organizations and identify friction points within current process and procedures. The goal is to rehearse and practice collectively now, in advance of a crisis, while reducing risk to the enterprise.

Practicing in realistic environments challenges and develops trained and proficient individuals and teams. The collective skills and experiences of teams when synchronized to unify effort can alter the outcome of a crisis from poor performance to acceptable and from acceptable to a best business practice. And from everything we’ve heard, people enjoy the training and the competition to improve.

---

Government Spotlight

NATIONAL CYBER STRATEGY:  DEVELOPING A SUPERIOR CYBERSECURITY WORKFORCE 
By Rodney Petersen, Director, National Initiative for Cybersecurity Education, National Institute of Standards and Technology, U.S. Department of Commerce

In September 2018, the Trump Administration announced a National Cyber Strategy – “the first fully articulated strategy in 15 years.”  The Strategy articulated four pillars with corresponding priority actions and strategies. One of the pillars, “Promote American Prosperity”, includes the priority action to “Develop a Superior Cybersecurity Workforce.”  The stated objective of this pillar is to “Preserve United States influence in the technological ecosystem and the development of cyberspace as an open engine of economic growth, innovation, and efficiency.” 

The National Cyber Strategy was issued in the Fall of 2018. Earlier during the Trump Administration, in May 2017, Executive Order 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure tasked the Department of Commerce (DOC) and Department of Homeland Security (DHS) to, 1) “assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education”; and, 2) “provide a report to the President with findings and recommendations regarding how to support the growth and sustainment of the Nation's cybersecurity workforce in both the public and private sectors.”  The corresponding assessment and development of findings and recommendations was led by the National Initiative for Cybersecurity Education (NICE) and an interagency team from the Federal government with substantial input from academia and industry. The resulting Report to the President identified the following imperatives:

• Launch a national Call to Action to draw attention to and mobilize public and private sector resources to address cybersecurity workforce needs. 
• Transform, elevate, and sustain the learning environment to grow a dynamic and diverse cybersecurity workforce.
• Align education and training with the cybersecurity workforce needs of employers and prepare individuals for lifelong careers.
• Establish and leverage measures that demonstrate the effectiveness and impact of cybersecurity workforce investments.

The National Cyber Strategy articulates a priority action to Develop a Superior Cybersecurity Workforce and identifies the following strategies:

• Build and Sustain the Talent Pipeline
• Expand Re-skilling and Educational Opportunities for America’s Workers
• Enhance the Federal Cybersecurity Workforce
• Use Executive Authority to Highlight and Reward Talent

Each of these strategies were featured prominently in the DOC/DHS Report to the President and the 2016 NICE Strategic Plan.

Build and Sustain the Talent Pipeline

It is not surprising that shortly after the Report to the President entitled “Supporting the Growth and Sustainment of the Nation’s Cybersecurity Workforce” that a front and center strategy would be the need to both build and sustain a talent pipeline that could meet both near-term and long-term cybersecurity workforce demand from both the public and private sectors. That is why the first goal of the NICE Strategic Plan is to “accelerate learning and skills development” (to support near-term demand) and the second goal is to “nurture a diverse learning community (to systemically address medium- and long-term demand). Many of the programs and initiatives put in place over the past two decades by academia, government, and industry have been devoted to the attainment of a future vision of a sustainable cybersecurity workforce. In 2019, we will celebrate the 20^th anniversary of the National Centers for Academic Excellence in Cybersecurity, 10^th anniversary of the Annual NICE Conference & Expo, and 5^th anniversary of the NICE K12 Cybersecurity Education Conference. These accomplishments along with many other community initiatives are evidence of the coordinated effort to build a cybersecurity talent pipeline that is sustainable into the decades that will follow.

Expand Re-Skilling and Educational Opportunities for America’s Workers

The President’s Management Agenda, Modernizing Government for the 21^st Century, was released in March 2018 and created a vision for “Building a Modern IT Workforce by recruiting, reskilling, retaining professionals able to help drive modernization with up-to-date technology.”

The Management Agenda further asserts, “The workforce for the 21^st Century must enable senior leaders and front-line managers to align staff skills with evolving mission needs. This will require more nimble and agile management of the workforce, including reskilling and redeploying existing workers to keep pace with the current pace of change.” Recently, the Federal CIO Council Workforce Committee announced the Federal Cyber Reskilling Academy as a pilot to upskill non-IT workers into in-demand cybersecurity work roles. Community colleges have introduced non-credit as well as for-credit courses leading to associate degrees, certificates, and industry-recognized certifications in an effort to reskill underemployed or unemployed Americans. The SANS institute has instituted a series of Cyber Talent Immersion Academies designed to reskill veterans, women, and minorities in an effort to increase training opportunities and diversity the cybersecurity workforce.

Enhance the Federal Cybersecurity Workforce

The first Federal Cybersecurity Workforce Strategy was developed in 2016 to help Federal departments and agencies 1) identify cybersecurity workforce needs, 2) expand the cybersecurity workforce through education and training, 3) recruit and hire highly skilled talent, and, 4) retain and develop highly skilled talent. In 2015, Congress passed the Federal Cybersecurity Workforce Assessment Act that requires the federal government to use the NICE Cybersecurity Workforce Framework (NICE Framework) to inventory their current cybersecurity workforce and identify work roles of critical need. The Administration’s 2017 recommendations for reorganizing the Federal Government, Delivering Government Solutions in the 21^st Century:  Reform Plan and Reorganization Recommendations, proposed “the establishment of a unified cyber workforce capability across the civilian enterprise.”  Therefore, it is not surprising that a central tenet of the National Cyber Strategy is an emphasis on the continued use of the NICE Framework to support policies allowing for a standardized approach for identifying, hiring, developing, and retaining a talented cybersecurity workforce.

Use Executive Authority to Highlight and Reward Talent

“Pay for cybersecurity positions tends to be above the average levels for other positions in many parts of the economy, but in some areas—including the Federal government—cybersecurity pay is below the level needed to attract the necessary talent” was one of the conclusions of the DOC/DHS report.  Consequently, it is not surprising that the report recommended that “OPM and federal departments and agencies should explore the use of direct hire or other authorities and salary incentives, to address recruiting difficulties and shortages of cybersecurity expertise.”  However, recognizing and rewarding talent can occur in a variety of ways. For example, the DOC/DHS report recommended that we “Expand the availability and expertise of teachers and faculty through a combination of incentives and policy changes”, including “develop a national recognition program that identifies and acknowledges school districts, colleges and universities, employers, and individuals that are role models in enhancing the development of future cybersecurity workers.”

There is a recurring theme in the National Cyber Strategy, Executive Order 13800, the NICE Strategic Plan, and the DOC/DHS report to the president that the President’s top priority is to protect America’s national security and promote the prosperity of the American people. “Developing a Superior Cybersecurity Workforce” is an enabler of many of the other priority actions set forth in the National Cyber Strategy. That is why the collaborations and partnerships between academia, industry, and the government that are facilitated by NICE are so critical to the national security and economic prosperity of the Nation.

---

Affiliated Program Updates

Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs.

National Initiative for Cybersecurity Careers and Studies (NICCS)

The National Initiative for Cybersecurity Careers & Studies (NICCS) is the Nation’s one-stop shop for cybersecurity careers and studies. It connects the public with information on cybersecurity awareness, degree programs, training, careers, and talent management. The NICCS Education and Training Catalog connects the public to nearly 4,000 cybersecurity courses offered by organizations across the nation and is growing every day.

The courses in the training catalog are cybersecurity focused and delivered by accredited universities, National Centers of Academic Excellence (CAE), federal agencies, and other training providers. Each course is mapped to the National Cybersecurity Workforce Framework, the foundation of the National Initiative for Cybersecurity Education (NICE) effort to describe cybersecurity work.

NICCS offers resources to build foundational skills for a career in cybersecurity, collegiate level programs, and continuing education resources for outside the classroom. Educators can find curriculum resources and programs to help students gain the knowledge and skills they need to join the growing cybersecurity community. 

For organizations wanting to build a world-class cybersecurity workforce, tap into additional Cybersecurity Resources to design and build a top notch cybersecurity workforce.

To Learn more about NICCS, visit us at: https://niccs.us-cert.gov/ or email us at niccs [at] hq.dhs.gov (NICCS[at]hq[dot]dhs[dot]gov) for more information.

National Centers of Academic Excellence (CAE) in Cybersecurity

The CAE-CD Program turns 20 this year! Since 1999, we have been designating institutions in an effort to reduce vulnerabilities in America's national infrastructure. Through the years, the CAE Program Management Office has undergone many enhancements in order to keep up with the cyber landscape. 

In honor of this anniversary, there is a great opportunity to “go back to our roots” and rejoin the Colloquium for Information Systems Security Education (CISSE) Conference. CISSE provides government, industry, and academia with a forum to discuss ways to work together to define current and emerging requirements for information assurance education and to influence the development and expansion of information assurance curricula. 

CISSE’s ideals tie together with the vision of the CAE program, which is why it is fitting to celebrate this momentous anniversary alongside it.

This year’s symposium will be held on June 10-12 in Las Vegas, Nevada. Register here. 

For questions, please feel free to reach out to us via askcaeiae [at] nsa.gov (askcaeiae[at]nsa[dot]gov). For specific questions about the event, please contact askCISSE [at] cisse.info (askCISSE[at]cisse[dot]info). Looking forward to seeing everyone there!

Learn more about CAE here.

---

Funded Program Updates

DHS National Cybersecurity Awareness Grant Funding Opportunity

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) colleagues have announced the National Cybersecurity Awareness Grant funding opportunity. The funding opportunity number is DHS-19-NPPD-128-NCSA-001 and can be found on grants.gov. For a quick reference, this link will take you to a pre-filtered search and from there you can click on the grant: https://www.grants.gov/web/grants/search-grants.html?keywords=DHS-19-NPPD-128-NCSA-001%20.

All applications must be received by close of business on May 9, 2019. 

Grant program objective and activities include:

• Strategy Development: Assess cybersecurity needs for the general public as well as for targeted markets, develop an annual cybersecurity communications campaign, and report on the effectiveness of awareness efforts.
• Communication Materials Production: Create awareness collateral and website content to promote cybersecurity messaging.
• Stakeholder Engagement and Outreach: Establish partnerships with stakeholder groups and conduct outreach efforts.
• Cross promotion of Cybersecurity Resources: Promote DHS/CISA cybersecurity resources and regularly update outreach efforts with new and innovative ideas, content, and strategies.
• Execute National Cybersecurity Awareness Month Activities: Design a strategy to engage national participation across cybersecurity stakeholders, conduct media engagement, produce campaign materials, and plan and produce targeted events.
• Program Management: Provide timely progress reports.
• Performance Metrics: Measure the national understanding of individual roles in cybersecurity. Measure the increase in partnerships of the Campaign and the increase the number of Americans receiving cybersecurity awareness messaging.

Learn more about this DHS Funding opportunity at https://www.grants.gov/web/grants/search-grants.html?keywords=DHS-19-NPPD-128-NCSA-001%20.

NICE Challenge Project

The NICE Challenge Project develops real-world cybersecurity challenges within virtualized business environments that bring students the workforce experience before the workforce. The goal is to provide the most realistic experiences to students, at-scale year-round, while also generating useful assessment data about their knowledge, skills, and abilities for educators.

The winter quarter was a busy one for both challenge content and platform feature releases. Additionally, the project reached some new milestones and released a completely redesigned website.

The project released many new challenges, most of which were aligned with the Protect & Defend tasks and work roles of the NICE Framework. One of the new challenges, “Disastrous DNS Destruction”, puts the player in charge of handling a disgruntled employee’s final ploy where suddenly all company internal web traffic is being redirected to a server hosting a suspicious web page and distributing malware.

While the focus of the winter quarter was challenge development, there were still many “quality of life” updates to the NICE Challenge Platform. This includes additional informational tool tips across the Webportal, check type visibility while preforming a challenge, and a new notification banner where we can directly communicate important live information to users on the platform.

Along with these little improvements, there was one big improvement: the release of “Challenge Strategy Guides”. This feature adds a new section to every technical challenge in the “Challenge Previews” page for Curators (Educators) that includes high level knowledge requirements for completing each check that is within a challenge. This will allow Curators to better understand how to prepare their players for challenges.

Lastly, the project released a completely redesigned informational website. The redesign effort has two major goals: make the website look more modern and refocus the content on the website. The NICE Challenge Project has been around for roughly six years and has matured a great deal in that time. The old website reflected the more exploratory nature of the project in its early years, while the new website focuses on what the project has created and how it is used today by educators and educational institutions around the United States. Visit the new website at www.nice-challenge.com.

The project’s development and content decisions are driven not only by our strategic vision, but by the extremely valuable feedback we receive from our growing user base, whom we feel privileged to work with on this journey forward in creating the next generation in hands-on cybersecurity content. Professors or staff members at educational institutions within the United States may sign up, or learn more at www.nice-challenge.com.

National Integrated Cyber Education Research Center (NICERC)

At NICERC, the goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow. In addition to curricular resources and professional development, an important component to this goal is career awareness. By highlighting various cyber careers, we hope to create an exciting menu of options to spark students’ imaginations and ambitions, as well as expand their options past the traditional careers of yesterday. Check out the newest resource to the NICERC extensive library of content by clicking here.

---

NICE Working Group Updates

The NICE Working Group (NICEWG) has been established to provide a mechanism in which public and private sector participants can develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development. In February 2019 the Collegiate subgroup kicked off a new project team to study, document, and develop resources for Career Pathways in Cybersecurity. The project aims to document existing cybersecurity career pathway initiatives, identify best practices and model programs and develop resources for describing pathways at various levels of a career.

Learn more about the NICE Working Group and sign up to participate at nist.gov/nice/nicewg

---

Key Dates

Accelerate your career in cybersecurity with Cyber FastTrack

Registration and qualifier open April 5^th to May 10^th 2019.

Could you be part of solving the huge shortage of cybersecurity experts in the U.S.? Find out by participating in the 2019 Cyber FastTrack competition opening for registration on April 5, 2019. Cyber FastTrack is a free and unique online three-stage program that provides everything needed to build a foundation of knowledge in cybersecurity. No experience is required to sign up and give it a shot. 

Once participants have demonstrated excellence in the foundation concepts, they can move on to master forensics, intrusion detection, security operations, system and network penetration testing, and application penetration testing. Students who excel in all aspects of the program will be awarded scholarships to advanced cybersecurity courses and industry-respected certifications, where they will master in-demand skills and techniques that employers’ value - $2.5 million worth of scholarships will be awarded in total. Students who score well but do not win full scholarships will be included in a drawing for 200 scholarships of $500 each to use at their college.

So, what are you waiting for? It's easy to join Cyber FastTrack. Simply check the criteria on the website and if you're eligible, sign up today! 

Register here today: https://www.cyber-fasttrack.org

FISSEA Conference, June 27-28, 2019
Gaithersburg, Maryland

New dates announced! The FISSEA Conference will take place on June 27-28, 2019 in Gaithersburg, Maryland. The call for presentations is open now and will close April 9, 2019.

FISSEA is an annual conference that brings together managers responsible for information systems security training programs in federal agencies, contractors providing awareness and training support, and faculty members or program directors of institutions of higher education who offer certificate or degree programs in cybersecurity to federal government employees. This year’s theme focuses on “Innovations in Cybersecurity Awareness and Training: A 360-Degree Perspective.” 

Conference Tracks:

Track 1: Building Innovative Approaches to Awareness Programs
How do you build an effective cybersecurity awareness program? Now is the time to provide specifics -- what exactly is an innovative awareness program? We are looking for presentations on how your organization’s cybersecurity culture changed; institutionalizing information security into the organization’s mindset through a comprehensive awareness program (not an hour a year) – come tell us what innovations you are doing to champion and lead this transformation. In this track, we are looking for presentations that raise the bar for cybersecurity awareness programs, products, events, and activities.

Track 2: Developing Skills through Innovative Role-Based Training
How do you address individual training requirements when individuals perform multiple roles? Is it the content, the instructor, the student interaction, the delivery medium, or the location that has the most influence on training acceptance? What factors make the most difference in learner acceptance and transference? In this track, share your innovations with the FISSEA community and make a difference in shaping the behaviors of the federal cybersecurity workforce.

Track 3: Implementing Comprehensive Awareness and Training Programs
How are you using awareness and training to engage all employees at your organization? How have you built a comprehensive awareness and training program that includes managers, executives, technical, nontechnical staff? How do you ensure employees know their cybersecurity responsibilities and how they contribute to risk reduction? How do you measure performance and demonstrate benefits? In this track, we are looking for presentations that help to answer and address these questions.

Learn more, submit a presentation proposal, and register at https://nist.gov/fissea.

CyberSmart Conference 2019, May 29-30, 2019
Fredericton, New Brunswick, Canada

The CyberSmart Summit was created to bring together decision-makers and practitioners in industry, government and academia to share challenges, opportunities, and best practices for cybersecurity skills and workforce development. In 2019, the third Summit will bring together colleagues from countries around the world to demonstrate how we have moved the needle and showcase the new connections and collaborations that have resulted over the last couple of years. We will also focus on updates from the Summits outcomes and take-aways from 2018. 

Save the date and learn more by visiting https://cybernb.ca/en/cybersmart-2019/. 

National Cybersecurity Career Awareness Week, November 11-16, 2019

Mark your calendar for this year’s National Cybersecurity Career Awareness Week!

The National Cybersecurity Career Awareness Week (NCCAW) focuses local, regional, and national interest to inspire, educate, and engage children through adults to pursue careers in cybersecurity. National Cybersecurity Career Awareness Week takes place during November’s National Career Development Month, and each day of the week-long campaign provides learning about the contributions and innovations, and the plethora of job opportunities that can be found by exploring cybersecurity as a field of study or career choice.

Learn more here. 

NICE Conference and Expo, November 18-20 2019
Phoenix, Arizona

 

Call for proposals is open now! 

The 10th annual NICE Conference and Expo will take place on November 18-20, 2019 in Phoenix, Arizona. The theme for this year’s conference is “Reimagining the Future of the Cybersecurity Workforce: Adapting to a Changing Landscape”. There will be four tracks at the conference: 

• Partnering for a Stronger Cybersecurity Community
  • This track focuses on creating connections between industry, higher education, government, and others to lead to better alignment between learning systems and employer skill needs, while creating new or evolved systems better adapted to the training and educational needs of cybersecurity work roles.
• The Impacts of Future Technologies on the Cybersecurity Workforce
  • This track will invite discussion on how future technology--and interfacing with that technology--is likely to shape demands on cybersecurity work and workers.
• Connecting Theory and Practice
  • This track describes methods to teaching cybersecurity through hands-on experiences, including collaborative opportunities between employers and educators, competitions, apprenticeships, hackathons, and gamified learning, in turn reducing the gap between education and real-world experiences.
• Expanding Skill Development through Lifelong Learning
  • This track explores learning outside of conventional classroom environments and educational disciplines to make cybersecurity more accessible to all learners and creating mechanisms for learning at every stage in life including learners looking to cross disciplines, career changers, employers interested in upskilling their workforce, and many others.

Submit your proposal to speak at the NICE Conference by May 19, 2019!

Learn more at www.niceconference.org

NICE K12 Cybersecurity Education Conference, December 9-10, 2019
Garden Grove, California

 

Call for proposals is open now!

The 5^th annual NICE K12 Conference and Expo will take place on December 9-10, 2019 in Garden Grove, California. The theme for this year’s conference is “"Innovation, Vision, Imagination: Harnessing the talent of today to build the cybersecurity workforce of the future”. There will be five tracks at the conference: 

1. Increasing Cybersecurity Career Awareness
2. Infusing Cybersecurity Across the Education Portfolio
3. Integrating Innovative Cybersecurity Educational Approaches
4. Designing Cybersecurity Academic and Career Pathways
5. Promoting Cyber Awareness

Submit your proposal to speak at the NICE K12 Conference by June 15, 2019!

Learn more at www.k12cybersecurityconference.org 

NICE Webinars

On April 17, 2019, NICE will hold a webinar on “Women in Cybersecurity: Finding, Attracting and Cultivating Talent.” This webinar will help participants identify programs most likely to motivate more young women to enter the cybersecurity workforce. Learn more and register today here.

On March 20, 2019, NICE held a webinar on “Computational Thinking and Skills: A Foundation for STEM and Cybersecurity Education.” This webinar explained why acquiring computational thinking and skills are important for STEM-related careers and how to incorporate and assess computational thinking and skills as part of cybersecurity education and training programs. Learn more and view the recording here.

NICE webinars are free to attend, but registration is required.

Learn more, view webinar recordings, and more here.