Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
NICE eNewsletter Fall 2021
Subscribe to the NICE eNewsletter
welcome
Welcome! My name is Timothy Desir, and I was an intern at NICE this past year. I joined NICE through the Professional Research Experience Program (PREP) at Montgomery College. I am now enrolled at Capitol Technology University to continue studying cybersecurity. During my internship, I’ve had the privilege to work on different projects related to the promotion of cybersecurity education and careers.
In one project I worked on, I researched different cybersecurity professionals whose careers were aligned to the NICE Workforce Framework for Cybersecurity. Throughout this project and others, my mind was opened to both the breadth and depth of the cybersecurity field.
This quarter’s newsletter exemplifies cybersecurity’s wide range of work, discussing topics like machine learning, digital forensics, protecting schools against cyber-attacks, and much more. As technology advances, the need for cybersecurity will only increase. I hope you enjoy these informative and interesting articles and interviews.
Timothy Desir
NICE Intern
Featured Article
Automation and the Cybersecurity Workforce
By Caron Carlson, Exeter Government Services
Machine learning (ML) has been baked into cybersecurity tasks for well over a decade, taking on a growing role in recent years – all the while vulnerabilities and threats have risen steadily and the shortage of skilled cybersecurity practitioners has become more apparent. There may be some disagreement about the degree to which recent advances in ML and artificial intelligence (AI) are changing the game in the near term, but it is clear that automation will be used increasingly as organizations seek efficient, cost-effective ways to manage enterprise cybersecurity risks.
Identifying components of the National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity (NICE Framework) that potentially could be performed via automation is one objective of the NICE Strategic Plan. A look at some recent advances in ML and AI technologies can help in identifying relevant tasks and work roles and lead to a better understanding of the overall impact of automation in cybersecurity work.
Recent Innovations in Machine Learning
Over the past half-decade or so, there have been a number of advances in ML that researchers say could have significant implications for cybersecurity roles and tasks. In a study published in June, the Center for Security and Emerging Technology (CSET) at Georgetown University identified four categories of machine learning methods that are primarily responsible for these advances: deep learning, reinforcement learning, generative adversarial networks, and massive natural language models. Tools leveraging these advances will be useful primarily in prevention- and detection-related processes of cybersecurity – or, in the language of the NIST Cybersecurity Framework, the Identify, Protect, and Detect functions – according to the CSET report, Machine Learning and Cybersecurity: Hype and Reality.
Prevention-related tasks revolve around finding and patching vulnerabilities. Recent research has examined how deep learning could be used to help discover more vulnerabilities in code before they are exploited, according to the report. Meanwhile, reinforcement learning might be used in building AI agents for more strategic and effective penetration testing. Machine learning advances potentially could have implications for automating bug report triage and vulnerability severity assessment.
As for detection-related tasks, traditional ML technologies have been applied for decades, notably in spam detection, intrusion detection, and malware detection. Recent innovations in ML, leveraging deep learning, show potential in the areas of increasingly effective analysis, improving detection, and allowing for more efficient prioritizing of interventions.
Impact on the Workforce
Analysts widely expect the growing application of these technologies to alter the types of cybersecurity skills in greatest demand. The 2021 Technology Spotlight: Cyber and AI from Booz Allen Hamilton, like the research from CSET, focuses on prevention and detection processes in the use of new AI and ML technologies. The paper categorizes the application of these technologies into three component processes: Attack detection, behavior analysis, and risk assessment. The emerging applications will broaden the demand for skilled ML professionals with cybersecurity experience, the authors predict. They recommend that today’s technologists find ways to enhance cybersecurity with AI and focus on efforts that require human action.
KPMG took a similar stance in a report earlier this year, predicting that CISOs will have to rebalance the skillsets among their employees from “doers” to “enablers.” Cybersecurity departments will focus more on developing new products, improving productivity and resilience, and strategizing, according to the report, From enforcer to influencer: Shaping tomorrow’s security team. KPMG predicts that there will be a reinvigorated interest in workers with strong technical skills and abilities. By reducing repetitive, manual work, cybersecurity could become more interesting and attract more people to the field.
Automation and the NICE Framework
In the NICE Framework, many prevention- and detection-related tasks fall under the general work category of “protect and defend,” which is broadly described as identifying, analyzing, and mitigating threats to technology systems and networks. Work roles in this category include positions along the lines of cybersecurity analyst, vulnerability assessment analyst, and incident responder. Just a few of the tasks that correspond to these roles that have potential for automation include:
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
- Conduct or support authorized penetration testing on enterprise network assets
- Perform analysis of log files from a variety of sources to identify possible threats to network security
- Provide timely detection, identification, and alerting of possible attacks or intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
- Use tools for continual monitoring and analysis of system activity to identify malicious activity
- Monitor external data sources to maintain currency of threat condition and determine which security issues may have an impact on the enterprise
As these types of tasks become increasingly automated, cybersecurity practitioners will likely turn their talents toward more strategic tasks involving design and development, which are mostly included in the NICE Framework category of “securely provision”. Job seekers may want to focus on developing competencies in research and development for roles such as software developer, systems developer, data analyst, or security architect. Organizations may find that resources are freed up to focus on other strategic and prevention-oriented roles, including awareness and employee and customer training. Afterall, there will always be an important human dimension to cybersecurity in helping steer safe and secure behavior.
Framework in Focus
A profile of a cybersecurity practitioner to illustrate application of the NICE Framework.
Eoghan Casey, Chief Scientist
Organization: Department of Defense Cyber Crime Center (DC3)
NICE Framework Category: Protect & Defend; Analyze; Investigate
NICE Framework Work Roles: Cyber Defense Analyst; Cyber Defense Forensics Analyst; Cyber Defense Incident Responder; Counter-Intelligence Forensics Analyst; Threat/Warning Analyst
Academic Degrees: B.S., Mechanical Engineering, University of California, Berkeley; M.A., Educational Communication and Technology, New York University; Ph.D., Computer Science, University College Dublin
This issue’s interview is with Eoghan Casey, Chief Scientist at the Department of Defense Cyber Crime Center (DC3). Mr. Casey discusses the relationship between incident response and digital forensics, the importance of engaging with the cybersecurity community for career development, and his own rewarding work helping people, among other topics.
Karen Wetzel: Eoghan, could you start by explaining with us the work you do in digital forensics and incident response via your consultancy and your non-profit work?
Eoghan Casey: I’ve come from a long experience in digital forensic work in both the criminal context and the cybersecurity context. My role has evolved to the point where I deal with very complex incidents, and it’s a matter of coordinating a number of specialists in different areas to determine the root causes, the extent of the damage, and follow-up actions that might be necessary—whether it’s to improve the cybersecurity weaknesses that were exploited or to pursue legal action involving law enforcement, for example.
Karen: I wonder if you could share a bit more about the people you work with and the kinds of roles that they fill?
Eoghan: I work with all phases of the cybersecurity work chain, from the system administrator or security analyst on the front line of defense through to front-level incident responders. I work with them to help get better visibility of the incident, learn what they’ve gathered and gleaned from their response activities, and provide guidance on what to do and what not to do in terms of evidence preservation and making decisions, which is often at the executive level. At that higher level, there is the need to translate all the technical detail into the big picture—describing the exposures and options for response, including technical and potential regulatory or legal responses—for decision makers in an organization. Ultimately, if an incident goes into the legal action phase or into law enforcement, there is a testifying role. Usually where I’m involved is at this point of coordination level and then also at the presentation and decision-making level or in court.
Read More and Listen to the Interview
spotlight articles
Media Specialists on Front Line in Cybersecurity Education
By Damon L. Austin, Director of Library and Media Services, DeMatha Catholic High School
Information literacy education often falls to school media specialists who offer stand-alone instruction on everything from internet safety to proper computer use to evaluating information sources. However, research reveals that media literacy needs to be included in the curriculum in all classes and not just provided as a stand-alone lesson or topic. Content impacts almost every subject, and integration needs to occur as a partnership among classroom teachers, librarians, technology specialists, and students.
Unexpected changes in the learning environment as a result of Covid-19 sparked an uptick in malevolent actors devising methods to breach virtual education spaces, highlighting the need for cybersecurity awareness and practices in all information literacy instruction sessions and exercises.
San Diego’s Special Sauce: Collaborative Cybersecurity and Workforce Development
By Lisa Easterly, President and CEO, San Diego Cyber Center of Excellence
San Diego is home to more than 870 cybersecurity firms, and productivity in the area's cybersecurity cluster has grown 7.5 percent since 2018, nearly triple the average for all San Diego industries. AI has helped mitigate chronic labor shortages by increasing employee productivity with automation of repetitive tasks.
Local cybersecurity firms are developing AI at a rate three times the regional average, according to a recent survey, Securing the Future: AI and San Diego’s Cyber Cluster Study, commissioned by the San Diego Cyber Center of Excellence (CCOE) and the San Diego Regional Economic Development Corp. Growth in remote working, distance learning, and connected devices has created new security risks that are propelling next-generation capabilities.
Arkansas Schools Bolster Defenses against Cyber-Attacks
By Ray Girdler, Director of Data Use and Privacy, Arkansas Department of Education
Knowing that ransomware, zero-day exploits, and other cybersecurity threats can hit schools anywhere at any time has spurred school districts around the nation to develop strategies to shore up their defenses. The Arkansas Department of Education (ADE) launched the first-ever Cyber Threat Response Team (CTRT) for Arkansas public schools in the fall of 2019, and since then it has improved its ability to respond to threats.
Members of the CTRT are volunteers from Arkansas’ regional education service cooperatives and school districts. With diverse skill sets and backgrounds, they are all driven by the belief that no school district should feel alone when facing a cyber-attack. As one technology specialist put it, “Knowing I have people that are ready and waiting to help me is a huge relief that everything will be okay.”
affiliated programs update
Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs with updates on their activities:
Workforce Framework for Cybersecurity (NICE Framework)
Developing a Workforce to Secure Operational Technologies
In August, the NICE Program Office partnered with the CAE Community to offer a NICE Framework virtual workshop on “Developing a Workforce to Secure Operational Technologies.” The workshop convened academic, industry, and government stakeholders to explore what competencies or work roles are needed to secure operational technologies and how to integrate those into the NICE Framework. The presentation slides from this event are available online, and a workshop summary report is being prepared.
Learn more: NICE Framework Resource Center
National Initiative for Cybersecurity Careers and Studies (NICCS)
Improved Website, Careers by State Interactive Map, New Tools, and More
The National Initiative for Cybersecurity Careers and Studies (NICCS), managed by the Cybersecurity and Infrastructure Security Agency (CISA), continues to strive to be a national hub for cybersecurity education, training, and careers. NICCS announced a new and improved website, which includes a streamlined training catalog search feature and improved mobile search experience.
NICCS also announced the availability of a Cybersecurity Careers by State Interactive Map, the first of its kind. The streamlined interface allows for a better, more interactive job search experience. The tool pulls data from USAJobs.gov daily to ensure timely and accurate job information is available. Searching for a cybersecurity job has never been easier.
Additionally, the NICCS Career Pathways Tool offers new features, including:
- Ability to compare any two work roles
- Commercial job titles that were determined to be common for the work roles
- Ability to compare core and non-core Task and KSA statements for different roles and ability to search commercial job titles and select a work role from the results
On September 28, 2021, a new tool called the Career Pathway Roadmap will be available. It will allow users to select three to five roles and compare Tasks and KSA statements across all selected roles.
To learn more about NICCS and its resources, email niccs [at] hq.dhs.gov (NICCS[at]hq[dot]dhs[dot]gov)
National Centers of Academic Excellence (CAE) in Cybersecurity
K-12 RING Pilot
The NCAE-C K-12 RING (Regions Investing in the Next Generation) pilot officially began in August 2021. Teams from the University of Alabama in Huntsville and Moraine Valley Community College in Palos Hills, IL, developed an online cybersecurity course with interactive resources for rural, home-schooled, and under-represented high school students. Fifty students are participating in the pilot program during the first semester of the 2021-2022 academic year.
For more information, including links to resources, visit https://caecommunity.org/initiative/k12-ring or email ring [at] caecommunity.org (ring[at]caecommunity[dot]org).
Recent NICE Webinars
The Information Technology Workforce and Skills for the Future
September 15, 2021
We celebrated National IT Professionals Day in September, and this timely webinar focused on the evolution, growth, and future outlook for IT occupations, jobs, work roles, and skills. Learn more here.
Securing Operational Technologies and Control Systems with a Skilled Workforce
July 21, 2021
This webinar described efforts to update NIST’s Guide to Industrial Control Systems and explored the competencies or work roles that are needed to secure operational technologies. Learn more and view the recording here.
Learn more: NICE Webinar Series
funded projects update
CYBER.ORG
K-12 Cybersecurity Learning Standards Now Available
The newly released K12 Cybersecurity Learning Standards aim to ensure that students have not only a foundational understanding of cybersecurity but also the skills and knowledge needed to pursue cybersecurity careers in greater numbers.
Learn more: K12 Cybersecurity Learning Standards
US Cyber Games
First-Ever US Cyber Team To Be Drafted October 5, 2021
Led by Katzcy and in cooperation with NICE, the inaugural US Cyber Games team selection will take place October 5, 2021 – livestreamed from Las Vegas and simulcast on a variety of social channels. Only the top 20 cyber athletes will be selected as part of the team to represent the United States at the International Cybersecurity Challenge (ICC) in Athens, Greece in June of 2022. Join us for this momentous event and find out how we got to this point. Learn a bit about the US Cyber Games, hear from exceptional speakers about the importance of gaming and training the best in cybersecurity, and get a glimpse into what the athletes have been doing over the past few months. Most importantly, watch as the coaches announce the first US Cyber Team!
Register here.
NICE community coordinating council
NICE Strategic Plan Implementation Plan
The NICE Community Coordinating Council is pleased to announce the Implementation Plan for the NICE Strategic Plan. The Strategic Plan, released November 2020, outlines NICE's mission, vision, goals, and objectives. The Implementation Plan expands on this by identifying strategies for each objective. Over the last several months, the NICE Community Coordinating Council Working Groups and NICE program office staff have met to prepare strategies, tactics, and success measures for implementing the Strategic Plan. View the Implementation Plan here.
Learn more about the NICE Community Coordinating Council and join today!
Key dates
September 28, 2021
FISSEA Fall Forum (Virtual)
Federal Information Security Educators (FISSEA) Forums are quarterly meetings that provide opportunities for policy and programmatic updates, the exchange of best practices, and discussion and engagement among members of the FISSEA community.
Learn more here.
October 18-23, 2021
Cybersecurity Career Awareness Week
Mark your calendars to celebrate Cybersecurity Career Awareness Week across the country! Join us in promoting awareness and exploration of cybersecurity careers by hosting an event, participating in an event near you, or engaging students with cybersecurity content.
Learn more here.
October 20, 2021
NICE Webinar: Digital Citizenship- Safety and Security for an Online World
This webinar will explore digital citizenship as a competency that all citizens and workers need to ensure they are behaving responsibly, ethically, and legally. It will also examine the importance of evaluating online information and resources for reliability and validity.
Learn more and register here.
October 26, 2021
Federal Cybersecurity Workforce Webinar: Introducing Cybersecurity Apprenticeships in Federal Environments
In this webinar, speakers will discuss why now is the time to experiment with a cybersecurity apprenticeship, what it takes to build a such a program, what the barriers are, and how we can make progress as a community.
Learn more and register here.
November 5, 2021
Pre-Draft Comments Due on Revising SP 800-50
NIST plans to revise Special Publication 800-50, Building an Information Technology Security Awareness and Training Program. Prior to drafting the update, NIST is seeking public comment on several topics, including how to help organizations include privacy awareness and training in addition to security and the potential consolidation of companion document SP 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model, into the revised SP 800-50.
Learn more here.
November 16, 2021
NICE Symposium: A Coordinated Approach to Supply Chain Risks (Virtual)
Join us for this half-day virtual symposium that serves as a precursor to the annual NICE Conference in June 2022. In light of recent dramatic events and emerging risks, experts will discuss the role of the cybersecurity workforce and the need for a coordinated response to strengthen the security of the supply chain. The NICE Symposium is free and open to the public.
Learn more and register here.
December 6-7, 2021
NICE K12 Cybersecurity Education Conference (Virtual)
Early Bird Registration Now Open. Register today for the 2021 NICE K12 Virtual Cybersecurity Education Conference, Broadening the Path to Cybersecurity Careers through K12 Education. This year's conference will provide learning tools that educators and schools can use immediately. The event will be jam-packed with keynote speakers, presentations, panels, and break-out sessions covering five tracks -- and you can access it all from the convenience of your home or office! Pre-Conference workshops will take place December 4-5.
Calling all teachers interested in cybersecurity! A limited number of stipends are available for eligible K12 educators of cybersecurity-related subjects for general conference admission. The application deadline is October 25, 2021. Winners will be notified via email on October 26, 2021.
Learn more about the K12 Cybersecurity Conference here.
May 18-19, 2022
FISSEA Annual Conference
Elevate the general level of information security knowledge for the federal government and federally related workforce. Serve as a professional forum for the exchange of information and improvement of information systems security awareness and training programs throughout the federal government. Provide for the professional development of community members.
Learn more about FISSEA here.
June 6-8, 2022
NICE Conference & Expo
Call for Proposals Now Open. Submit your timely, topical, and thought-provoking presentations for the next annual NICE Conference & Expo, which will take place at the Westin Peachtree Plaza in Atlanta, Georgia, in June of 2022. This year’s theme, “Demystifying Cybersecurity: Integrated Approaches to Developing Career Pathways,” inspires presentations that take a holistic view of cybersecurity risks. Such a view considers the dimensions of people, process, and technology, and it includes a comprehensive approach to developing career pathway systems that address the lifecycle of a learner from early education through a life-long career in cybersecurity.
Learn more and submit a proposal here.