Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
NICE eNewsletter Fall 2020
Subscribe to the NICE eNewsletter
Welcome
Fall is always an invigorating time of year at the NICE Program Office. With the changing colors of the leaves, we are engaged in final preparations for our Annual NICE Conference and Expo along with the events in October in recognition of Cybersecurity Awareness Month.
A BIG fall event is the National Cybersecurity Career Awareness Week (NCCAW) November 9-14, 2020. You can support the campaign with efforts as small as sending a tweet or posting on social media about what you do in cybersecurity. Or, sign up to give a virtual talk in a classroom or a virtual open house with your employees. Let’s help drive awareness of all the great work we do in cybersecurity. Be sure to register your commitments so we can recognize your efforts! Visit nist.gov/nice/nccaw for more information.
Our lead story highlights a very exciting pilot to create a digital record for a student’s education, skills, and competencies – a learning and employment record (LER) pilot program from IBM, Western Governors University, National Student Clearinghouse, and iQ4. Keep reading in the current issue to learn about Cisco’s terrific global mentoring program – perhaps this is something you’ve thought of starting; the Department of Education has a new, innovative program for Career and Technical Education teacher professional development – CTE CyberNet; and there’s a fascinating story about the varied career pathways in the U.S. Air Force for cybersecurity professionals. Be sure to check out our Framework in Focus, featuring Wintana Girma, who is an example of someone who took a non-traditional pathway to cybersecurity and a manager who was ready to spot her talent and give her a chance.
Marian Merritt
Deputy Director, NICE
Cybersecurity Career Awareness
Help celebrate National Cybersecurity Career Awareness Week, November 9-14! You can promote the field on social media, host or participate in an event, reach out to students near you, and so much more. Learn more
NICE K12 Conference
The 2020 NICE K12 VIRTUAL Cybersecurity Education Conference takes place December 7-8, 2020. Learn more
NICE Webinar: october 21, 2020
Addressing the Cybersecurity Talent Gap at Scale - Introducing Learning and Employment Records. This webinar will introduce the emergence of LER’s and describe the cybersecurity pilot project. Learn more
Featured Article
Learning & Employment Records (LERs) to Accelerate Cybersecurity Careers
By Alex Kaplan, Global Leader, Blockchain and AI for Industry Credentials, IBM Talent and Transformation; Ricardo (Rick) Torres, President & CEO, National Student Clearinghouse; Frank C. Cicio Jr., CEO/Founder, iQ4; and Marni Baker Stein, Provost and Chief Academic Officer, Western Governors University
Increasing numbers of employers are using skills-based assessments to find and hire the best candidate for the job, making the resume-based process redundant. Efficient matching of skills to work roles offers benefits not only for employers but also for individuals, the government, and the economy. However, employers know it can be difficult finding candidates with the right skills in the right locations, and candidates know it can be difficult finding jobs that match their skills and competencies.
The pandemic has made the employment situation worse for many Americans with millions of workers now furloughed or deemed redundant. Many may not be going back to their jobs or workplaces, and others will work from home if online working is possible. Those wishing – or forced – to find new careers need a simplified way of defining their skills and competencies that are immediately transferable to new roles, and they need to understand the learning or up-skilling necessary to become the ideal candidate.
A disruptive digital solution to the employment marketplace conundrum is long overdue. To effectively scale skills-based assessments, we need a national digital repository of candidates and a standardized way of capturing their skills and competencies. Fortunately, a solution for all stakeholders will soon be available to help close the gap between the supply of skilled talent and the demand for it.
American Workforce Policy Advisory Board LER Initiative
The American Workforce Policy Advisory Board (AWPAB) has marshalled leading employers, academic institutions, and technology firms to create the Learning & Employment Record (LER) solution. An LER is a comprehensive digital record of skills, competencies, and achievements gained in school, on the job, through volunteer experiences, or in the military. The data is housed in a secure block-chained, updateable digital “wallet.” It enables individuals to match themselves to education, career pathways, and job opportunities, and it enables employers to efficiently search, filter, and find the best candidates for open roles.
Why Cybersecurity Perfectly Aligns with the LER Initiative
Cybersecurity is a high-priority need in all sectors of the economy. On August 26, 2020, CyberSeek showed 507,924 unfilled U.S. cybersecurity job vacancies. For many people, these job openings represent higher-paid opportunities and interesting career pathways. There are perhaps thousands of people with transferable skills who could, with a limited amount of up-skilling, close the current skills gaps and the projected exponential growth in demand.
The NICE Cybersecurity Workforce Framework taxonomy is an advanced, compressive, popular, standards-based framework used to describe cybersecurity work roles required to operate the NIST Framework for Improving Critical Infrastructure Cybersecurity. Cybersecurity work role profiles are compiled by using the NICE Framework Knowledge, Skill and Abilities (KSAs) which are required to operate in a given role. Role profiles can be flexibly created to suit the employer or sector with the NICE Framework taxonomy creating a common lexicon to match people and their skills to work roles. It is also used to describe the learning outcomes employers want the next generation to possess to reduce their time to productivity when hired.
For these reasons, cybersecurity was chosen for a high-priority, nationwide LER pilot program, leading to a joint initiative among IBM, Western Governors University, the National Student Clearinghouse (NSC), which houses academic transcripts, and iQ4 Corp., which provides the digital Myhub Passport “Wallet” LER.
Vision and Definition of Success
The pilot, which is to conclude by Thanksgiving, 2020, is the next step in turning this vision into reality. Via machine language translation, millions of job vacancy postings are parsed and mapped to the NICE Framework taxonomy. Educational achievements and competencies are shared, validated, and mapped to the NICE Framework taxonomy on the IBM Blockchain Cloud. This data is organized in the individual’s Myhub Passport LER “Wallet,” revealing the job vacancies that they are best suited to fill. The LER’s Compass module shows a wider range of potential opportunities and career pathways to pursue if a candidate were to take up-skilling courses, and it shows where to find those courses. The Compass module provides education and training providers with supply and demand analytics to best align their curriculum with the skills that employers need.
The pilot aims to validate the LER’s value as a comprehensive digital record of cybersecurity skills, competencies, and achievements. All stakeholders are slated see benefits:
- Learners and workers will have more control over information about their education and experience, making it easier for them to find new jobs or advance at their current organizations.
- Employers will be able to find the best candidates for open positions and verify a candidate’s competencies and credentials.
- Education, Training, and Credentialing providers will be able to document learning and align their curriculum, credentials, assessments, and career services with a rapidly changing job market.
- Government will be able to more effectively collect data and implement effective policies that allocate resources to support education and workforce development.
The LER solution will create a digital job marketplace that accelerates the trend of finding the right talent by matching skills to work roles rather than going through the time-consuming resume-based search and filter process.
Framework in Focus
A profile of a cybersecurity practitioner to illustrate application of the NICE Framework categories and work roles.
Framework Category:
Securely Provision; Oversee and Govern
Conceptualizes, designs, and builds secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development.
Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.
Name: Wintana Girma
Title: GRC Analyst, Third Party Risk Management
Organization: Rush University Medical Center
Work Roles: Risk Management, Authorizing Official/Designating Representative and Cyber Policy and Strategy Planner
Academic Degrees: B.A., Healthcare Administration
Certifications: GIAC Information Security Fundamentals
Q: Wintana, please share a little bit about your career in cybersecurity and, in particular, how your role relates to the NICE Cybersecurity Workforce Framework.
A: I am a Governance, Risk, and Compliance (GRC) Analyst. My specialty area is third party risk management. I do vendor onboarding for the hospital and university as well as some GRC team metrics and reporting and other projects as needed. I work with the medical device security team, IoT team, as well as security awareness and training.
Q: Your career pathway to your current role as a GRC analyst is not that typical. Perhaps you can share a little bit about how you got into this field.
A: I had already worked in healthcare for quite a while. I used to be a program manager for a surgery suite at a hospital in Boston, and so I had been working directly with clinicians in administrative and program planning role. I loved being in healthcare but wasn’t really married to that in terms of career progression. So when the opportunity came to move to Chicago, I knew that I wanted to look specifically at academic medical centers (AMCs) just because I really enjoy working with educators and feel that, personality-wise, it works well for me to learn from the people I’m working with. When I first came to Rush, I actually came in on a temporary contract role as the executive assistant to the CISO. He was just starting out and had only been here a few months and was starting to build his team. As his EA, I was working very closely with him on projects and contracts and helping him with scheduling interviews to build his team. As he was filling these roles, he found one that he thought would suit me. He moved me in as an analyst and taught me quite a lot at the beginning and then surrounded me with other teammates who would continue to teach me.
To listen to the full audio interview with Wintana Girma, GRC Analyst at Rush University Medical Center, click on the audio below:
Download a transcript of the interview.
spotlight articles
Cybersecurity Opportunities
in the U.S. Air Force
By Steven Comer, Instructor, 333d Training Squadron, United States Air Force
As a military service that relies heavily on advanced technology to enable operations, the Air Force has a deep interest in recruiting and training people who value service to our country, engage in a process of continuous learning, and desire to contribute their efforts to a highly technical field.
The Cyberspace Warfare Operations career field is one of the most technically demanding and academically rigorous communities in the Air Force. While enlisted service members make up a significant portion of the Cyberspace Warfare Operations career field, the remainder of this article will focus on career pathways and opportunities available to those considering service as a commissioned officer.
Mentoring Makes the Difference in Cybersecurity
By Noureen Njoroge, Founder of Cisco’s Global Mentoring Program
We rise by lifting others – a tenet proclaimed by the 19th century American writer Robert Ingersoll – is my guiding motto as I advocate for the importance of mentoring in cybersecurity.
When I began working at Cisco, I quickly realized I needed a mentor to help me navigate the new culture and find the corporate resources to become successful. Mentors can play a key role in offering custom-tailored career advice and answering discreet questions. The field of cybersecurity is so vast, with so many domains of expertise, that new entrants can get stuck trying to design their paths. With so few women in the sector, it’s even more vital that those who have walked this walk guide others.
CTE CyberNet: Strengthening Cybersecurity Education
By Albert Palacios, CTE CyberNet Program Manager, U.S. Department of Education
Cybersecurity is vital to national security and prosperity, yet many high schools do not have sufficient teachers or cybersecurity education programs to meet the labor market demand. To help increase the supply of cybersecurity professionals, the U.S. Department of Education (ED) launched the CTE CyberNet — a national professional development initiative and network of high school educators. ED coordinated the development of CTE CyberNet with multiple Federal Government partners, including the NICE program office. CTE CyberNet aims to increase the number of career and technical education (CTE) high school teachers who can effectively prepare students for cybersecurity education and careers.
affiliated programs update
Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs with updates on their activities:
NICE Cybersecurity Workforce Framework
The NICE Cybersecurity Workforce Framework is undergoing an update. A draft revision to the NICE Framework has been released. Comments on the draft are being adjudicated and a final version of the revised NICE Framework is scheduled to be published this Fall. In the revised draft of the NICE Framework, you will see:
- A new title proposed to offer flexibility and modularity of the NICE Framework in coordination with other workforce frameworks.
- Depreciation of the organizing constructs of Specialty Areas and Categories.
- A change in the relationships among Knowledge, Skills, Abilities, and Tasks.
- Knowledge, Skill, and Task (KST) statements are no longer located in the publication, but rather as supplementary documents.
Learn more: NICE Cybersecurity Workforce Framework Resource Center
National Initiative for Cybersecurity Careers and Studies (NICCS)
The National Initiative for Cybersecurity Careers and Studies (NICCS), managed and maintained by the Cybersecurity and Infrastructure Security Agency (CISA), continues to strive to be a national hub for cybersecurity education, training, and careers.
In August 2020, NICCS released the Cyber Career Pathways Tool, in partnership with the Interagency Federal Cyber Career Pathways Working Group. The tool presents a new and interactive way to explore work roles within the NICE Cybersecurity Workforce Framework.
This tool:
- Depicts the cyber workforce according to five distinct, yet complementary, skill communities
- Highlights core attributes among each of the 52 work roles, the foundational units of job descriptions in the NICE Framework
- Offers actionable insights for employers, professionals, and individuals considering a career in cyber
The NICCS Education and Training Catalog now has over 5,500 courses and counting! All courses listed on the training catalog are mapped to the NICE Framework to aid users in locating a course that will benefit their career development.
NICCS also features a Student Cybersecurity Resources page, to encourage students to research cybersecurity industry career options, and a Cybersecurity Careers page links users to active federal cybersecurity job openings from USAJobs.gov. Both pages may be used as teaching tools for the current cybersecurity job market and help students find jobs after graduation.
To learn more about NICCS and its resources, email niccs [at] hq.dhs.gov (NICCS[at]hq[dot]dhs[dot]gov)
Advanced Technical Education (ATE) Program
The American Association of Community Colleges, with the support of the National Science Foundation (NSF), will host the 27th National ATE Principal Investigators’ Conference as a virtual event October 19-23, 2020. The conference typically brings together more than 900 NSF ATE grantees and their project partners to focus on the critical issues related to advanced technological education. Key people working on ATE projects across the country participate in the conference. Conference attendees represent community colleges, business and industry, secondary school systems, and 4-year colleges covering projects in a wide variety of areas, including information technology and security technologies.
Learn more: https://www.atepiconference.com/
Recent NICE Webinars
Educating Youth for a Cybersecurity Future - September 16, 2020
This webinar focused on digital literacy, educational curriculum, and supporting opportunity youth. Learn more here.
Learn more and view recordings: NICE Webinar Series
funded projects update
CYBER.ORG
CYBER.ORG Kicks Off National K-12 Cybersecurity Learning Standards Development. When complete, the standards will help ensure that students not only have a foundational understanding of cybersecurity, but the skills and knowledge they need to pursue cybersecurity careers in greater numbers. Learn more about the initiative here.
Learn more: CYBER.ORG
GenCyber
The 2021 GenCyber Call For Proposals OPEN NOW!
The GenCyber program strives to be a part of the solution to the Nation’s shortfall of cybersecurity professionals by offering summer and year-round cybersecurity experiences for students and teachers at the K-12 level. The goals of the GenCyber Program are to:
- Increase interest in cybersecurity and diversity in the cybersecurity workforce of the Nation.
- Teach all students correct and safe online behavior.
- Improve teaching methods and cybersecurity content for K-12 curricula.
To meet these goals, GenCyber solicits proposals from academic institutions (or Not for Profits who partner with an academic institution) to conduct summer camps for students and teachers at the K-12 level. This year, the GenCyber Program is offering three more opportunities for funding: Combination Camps, GenCyber Outreach/Extension/Capacity-Building Activities, and the “GenCyber Goes Virtual” Teacher Camps (pilot).
Apply for all funding opportunities by October 30, 2020.
Learn more: www.gen-cyber.com/host
NICE Working Group update
The NICE Working Group (NICEWG) was established to provide a mechanism in which public and private sector participants can develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development.
This quarter the K12 Subgroup made progress on the K12 Educational Materials: Content Review and Repository Recommendations. The project team seeks to collect and review K12 educational materials that can be used to inspire cybersecurity career awareness with students in elementary school, stimulate cybersecurity career exploration in middle school, and enable cybersecurity career preparedness in high school. Learn more here
Learn more from the NICE Working Group
Key dates
October 1, 2020
Federal Cybersecurity Workforce Webinar Series: Interpretive Guidance for Cybersecurity Positions
This webinar will provide an overview of the Cybersecurity Interpretive Guidance to help agencies hire and retain a highly skilled cybersecurity workforce. The session will cover cyber position classification, job evaluation, qualifications, and assessments. After completing this session, HR participants will have the knowledge and tools to partner with hiring officials to identify cybersecurity positions; clarify cybersecurity roles and duties; address position management issues; implement training, performance, and retention programs; and conduct cybersecurity workforce assessments.
November 9-14, 2020
National Cybersecurity Career Awareness Week
Mark your calendars to celebrate National Cybersecurity Career Awareness Week across the country. Join us in promoting awareness and exploration of cybersecurity careers by hosting an event, participating in an event near you, or engaging students with cybersecurity content!
The call for commitments for the 2020 National Cybersecurity Career Awareness Week is now open!
Commitments are actions taken by the community to promote awareness and exploration of cybersecurity careers. Commitments come in all sizes and don’t always require financial investment. You can host an event, distribute career awareness materials, or engage through social media. Be creative!
Learn more here
October and November 2020
11th Annual NICE Conference and Expo
Florida International University and New America have decided to reformat the NICE Conference and Expo to a virtual platform. The conference will take place over four weeks:
- October 27: Growing and Sustaining the NICE Community
- November 5: Transforming the Learning Ecosystem
- November 9: Career Discovery
- November 16: The Future Cybersecurity Workforce
Learn more: www.NICEconference.org
December 7-8, 2020
NICE K12 Cybersecurity Education Conference
Registration open now!
The 2020 NICE K12 VIRTUAL Cybersecurity Education Conference takes place December 7-8, 2020. Pre-Conference Workshops will take place on December 5-6. This year's event will provide education and learning tools that educators and schools can use immediately. You can access it all from the convenience of your home or office!
The conference agenda will include both LIVE virtual programming sessions and ON-DEMAND video content. ALL of the content will be available to attendees for up to a year post-event. PLUS there will be abundant networking opportunities including discussion boards, social groups, one-on-one meetups, gamification, and more! Join your fellow educators, administrators, school counselors, students, and representatives from government and industry at what is sure to be an AWESOME event. The $125 Early Bird Registration pricing lasts only until October 16, 2020 so get your tickets now.
Learn more: www.k12cybersecurityconference.org