With spring comes new beginnings! My name is Kofi Ansah-Brew, and I am excited to join NICE as the Lead for Government Engagement. I recently graduated from the University of Maryland College Park as a CyberCorps: Scholarship for Service (SFS) Scholar. In my new role at NICE, I collaborate with government partners on the local, state, and federal levels to further best practices in cybersecurity education, training, and workforce development. Just a few of the councils I sit on are the NICE Interagency Council, the CISO Council, and the CIO Council IT Workforce Committee.
In this edition of our newsletter, our featured article discusses the importance of aligning the NICE Framework and Data Skills Catalog as it relates to data science roles and skills. As the field of data science continues to grow, it is important to develop a standard approach to defining work roles and competencies.
The Academic Spotlight emphasizes the need for more training and educational programs to close the significant workforce gap in the Cyber Engineering field. This article describes how the widening gap serves as forewarning to national security, with a specific focus on the United States Air Force. Secure elections at all levels of government are the cornerstone of American democracy, and our Government Spotlight features a new state initiative to ensure election integrity: The State of Illinois has recently launched the Cyber Navigator Program (CNP), which aims to improve election security statewide. In our Industry Spotlight, Fortinet discusses their efforts to align their Education Pathways and certifications to the NICE Framework.
I hope you enjoy this fun read, and I look forward to working with you all to strengthen our nation’s cybersecurity workforce!
Lead, Government Engagement, NICE
Compiled by NICE staff with contributions from the Federal Chief Data Officers Council and the Office of Management and Budget
One of the ongoing challenges of creating workforce frameworks is the need for interoperability and an understanding of the relationship between the workforces that are being addressed. For example, the National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity (NICE Framework) focuses on cybersecurity work across a variety of functional areas. Similarly, the Federal Data Strategy Curated Data Skills Catalog, developed in accordance with the Federal Data Strategy 2020 Action Plan, offers a common vocabulary of data roles and skills in the federal data ecosystem. It is important to consider how to align the two frameworks – and how to follow a similar alignment process for overlapping or complementary frameworks that are sure to emerge.
When the NICE Framework was revised in November 2020, two of the most highly promoted attributes were interoperability (to exchange workforce information using a common language) and modularity (to communicate about other types of workforces within an enterprise or across organizations or sectors). These attributes can be applied to better understand the relationship between the NICE Framework and the Data Skills Catalog.
The Data Skills Catalog identifies nine distinct data roles – Define, Coordinate, Collect, Curate, Access, Analyze, Visualize, Disseminate, and Implement & Assess – and corresponding practices and skills. The catalog identifies Ensure Privacy and Security as an overarching concept to “[e]nsure that agencies are consistently adopting and using the most up-to-date methods to protect data and comply with all applicable laws and regulations.” The corresponding practices include Prioritize Data Governance, Govern Data to Protect Confidentiality and Privacy, and Protect Data Integrity. For corresponding skills, the catalog states that “[a]gency personnel in data-focused roles as well as staff that access data need to have a basic understanding of their agency’s cybersecurity and privacy policies that govern data as well as data ethics principles, and need to work closely with their agency experts in cybersecurity, privacy, and ethics throughout the Federal Data Lifecycle.”
Many of the skills in the catalog are similar to the NICE Framework’s Knowledge and Skill Statements and proposed competency areas, such as Data Analysis, Data Management, and Database Administration. Competency areas or skills fall under the categories of professional (communication, problem solving, teamwork, etc.), organizational (business acumen, planning, strategic thinking, etc.), leadership (data risks, relationship building, understanding stakeholder needs, etc.), and technical (data analysis, operating systems, metadata, etc.) skills.
The Federal Data Strategy and NICE Framework share several underlying principles as well. For example, the Federal Data Strategy identifies three principles to create a Learning Culture:
A Federal Data Science Training Program was piloted in 2020 to upskill the existing federal workforce to tackle problems unique to the federal government. Participants learned how to apply data science techniques to enhance data gathering, analysis, and presentation with data visualization to enable informed data-driven decisions. The learning phases involved a blend of synchronous and asynchronous training. In the capstone phase, participants will demonstrate knowledge transfer and skill development through a project-based learning approach to address real-world problems that confront federal agencies. The pilot program is expected to conclude in May of 2021.
The NICE Framework also aims to help learners who wish to explore cybersecurity work and engage in knowledge- and skill-building activities. It serves as a reference to describe the cybersecurity work and roles at an organization and also the ongoing learning environment needed to ensure that the work is done effectively.
It is easy to see the synergistic relationship between the NICE Framework and the Data Skills Catalog, especially for hybrid roles in data sciences and the adjacent skills. What’s more, aligning the two frameworks presents an opportunity to apply the NICE Framework attributes of interoperability and modularity and to promote the NICE mission of creating an “integrated ecosystem of cybersecurity education, training, and workforce development.”
A profile of a cybersecurity practitioner to illustrate application of the NICE Framework.
Title/Organization: Information Systems Security Officer, U.S. Food and Drug Administration
NICE Framework Category: Oversee and Govern
NICE Framework Work Roles: Information Systems Security Manager
Academic Degrees: B.S., Information Systems, Capitol Technology University
Certifications: Certified Information Systems Security Professional (CISSP)
This issue’s interview is with Charles Britt, Information System Security Officer at the U.S. Food and Drug Administration, who discusses his career path, the importance of professional skills like communication and continuous learning, among other things.
Comments Due May 3, 2021
NICE has released draft supplemental content to the Workforce Framework for Cybersecurity (NICE Framework). Draft NIST Interagency or Internal Report (NISTIR) 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work, elaborates on competencies, which were re-introduced to the NICE Framework in 2020. The NISTIR provides more detail on what NICE Framework Competencies are, including their evolution and development, and example uses from various stakeholder perspectives.
Learn more: Call for Comments
By Steven Comer, with support from Dr. Kamal Jabbour and Dr. Marla Jabbour
The United States’ ability to defend its interests depends on its ability to educate and employ cyber engineers, and yet this discipline continues to represents a significant gap in our education system. According to the CyberSeek.org, there are more than 300,000 unfilled positions that correspond to the “Securely Provision” category of the NICE Workforce Framework for Cybersecurity.
Three universities have implemented a Bachelor of Science in Cyber Engineering since the degree was first proposed by Dr. Kamal Jabbour of the Air Force Research Laboratory in 2010. Louisiana Tech University was the first to launch a program, and it provides insight about the program viability.
By Rob Rashotte, Vice President, Global Training & Technical Field Enablement, Fortinet
Cybersecurity certifications are valuable to professionals as they validate an individual’s knowledge and skills and help employers have some assurance that individuals can perform the tasks that are required. However, the path to certification may not always be obvious.
A student, a mid-career cybersecurity professional, or someone looking to move from another profession into IT or cybersecurity will each have different starting points and end-goals. To aid learners, Fortinet has developed tailored educational pathways that are mapped to the NICE Framework. They display common starting points and guide individuals toward end goals in various work roles in cybersecurity.
By Adam Ford, Chief Information Security Officer, Illinois Department of Innovation & Technology
The Illinois State Board of Elections has established a Cyber Navigator Program (CNP) to support the cybersecurity efforts of local election authorities (EAs). The program is a partnership among three Illinois state agencies: State Board of Elections, Illinois State Police (ISP), and Department of Innovation and Technology (DoIT).
A statewide fusion center operated by ISP is used as a central point of information sharing and incident reporting for all 108 EAs in the state. As the state’s information technology and cybersecurity agency, DoIT oversees the Cyber Navigator team, which is made up of eight security professionals who are responsible for building and maintaining relationships with the EAs in their regions.
Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs with updates on their activities:
NICE Framework Competencies: Call for Comments
The National Initiative for Cybersecurity Education (NICE) has released draft supplemental content to the Workforce Framework for Cybersecurity (NICE Framework). Draft NIST Interagency or Internal Report (NISTIR) 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work, elaborates on Competencies, which were re-introduced to the NICE Framework in 2020. The NISTIR provides more detail on what NICE Framework Competencies are, including their evolution and development, and example uses from various stakeholder perspectives. Click here to view the note to reviewers and draft content.
Learn more: NICE Framework Resource Center
The National Initiative for Cybersecurity Careers and Studies (NICCS), managed and maintained by the Cybersecurity and Infrastructure Security Agency (CISA), continues to strive to be a national hub for cybersecurity education, training, and careers.
On February 5, NICCS released Phase 2 of the Cyber Career Pathways Tool. The tool presents a new and interactive way to explore work roles within the NICE Framework:
On March 9, NICCS released an internal tool to fast-track the addition of providers’ courses into the Training Catalog in a more efficient way.
NICCS also features a Student Cybersecurity Resources page to encourage students to research cybersecurity industry career options and a Cybersecurity Careers page that links users to active federal cybersecurity job openings from USAJobs.com. Both pages may be used as teaching tools for the current cybersecurity job market and may help students find jobs after graduation.
To learn more about NICCS and its resources, email niccs [at] hq.dhs.gov
Advancing Skills-Based Education and Hiring Through the Open Skills Network
March 17, 2021
This webinar provided insights from diverse stakeholders into why the cybersecurity education, training, and workforce development community is uniquely poised to help empower learners to more rapidly and seamlessly move between education and work along a skills-based career pathway. Learn more and view the recording here.
Top Ten Ways to Discover a Cybersecurity Career That Is Right for You
February 17, 2021
This webinar was targeted to learners, including students and job seekers, and those who coach and advise them on how to get that first job in cybersecurity or advance in a career. Learn more and view the recording here.
Learn more and view recordings: NICE Webinar Series
Registration for Cyber Education Discovery Forum is Open
CYBER.ORG's Cyber Education Discovery Forum, a 3-day virtual professional development event, is designed to help educators reset, regroup, and refresh with new cybersecurity content and strategies. Learn more and register here: https://cvent.me/7ykA8r
Learn more: CYBER.ORG
Summer 2021: 160 Camps!
The summer of 2021 promises to be the busiest to date for the GenCyber program, with 160 camps in 46 states (plus Washington DC and Puerto Rico). For the latest offerings, visit www.gen-cyber.com and click on the “Locate a Camp” tab. Camps will be held in both virtual and in-person formats, depending on local COVID guidance. Questions can be sent to GenCyber [at] nsa.gov.
Learn more: www.gen-cyber.com
The NICE K12 Cybersecurity Education Community of Interest has developed a K12 Cybersecurity Education Roadmap. The roadmap establishes a coordinated, coherent portfolio of national K-12 cybersecurity education activities so that efforts and assets are deployed effectively and efficiently for greatest potential impact. The intent is to encourage a more deliberate focus among new and existing efforts and create synergies among programs and agencies.
Learn more: NICE Community Coordinating Council
In order to close the workforce gap in cybersecurity, we need all children and youth to be able to see themselves entering into these rewarding careers and to feel excited about their futures. Girls, in particular, may feel discouraged by what they see depicted in television and films. How can we better understand the cultural nuances that prevent girls from feeling welcomed in cybersecurity and STEM careers? And what can we do in our communities to ensure girls are excited about these fields and inspired to be part of a future in STEM?
NICE webinars are free to attend, but registration is required.
Learn more and register here.
This year's Federal Cybersecurity Workforce Summit will feature colleagues who are working first-hand on initiatives geared toward attracting and strengthening vital cybersecurity talent. It will include a webinar series where experts share information about the federal cybersecurity workforce. Registration is open to U.S. federal employees only.
Save the Date: Next year's Federal Cybersecurity Workforce Summit is scheduled for April 26, 2022.
Learn more here.
FISSEA Forums are quarterly meetings that provide opportunities for policy and programmatic updates, the exchange of best practices, and discussion and engagement among members of the Federal Information Security Educators (FISSEA) community.
Save the Date: The FISSEA Fall Forum (Virtual) will be held September 29, 2021.
Save the Date: The FISSEA Annual Conference will be held May 18-19, 2022.
Learn more here.
Mark your calendars to celebrate this year's Cybersecurity Career Awareness Week across the country! Join us in promoting awareness and exploration of cybersecurity careers by hosting an event, participating in an event near you, or engaging students with cybersecurity content.
Learn more here.
Call for Proposals open now through June 18!
Proposals are encouraged from a diverse array of organizations and individuals with different perspectives, including K12 educators, school counselors, students, institutions of higher education faculty, employers and practitioners, non-profits, curriculum providers, research centers, and training and certification providers. Topics should align with one of the five conference tracks:
This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce, under financial assistance award #70NANB20H144.
The next NICE Conference & Expo will take place at the Westin Peachtree Plaza in Atlanta, Georgia, in June of 2022. While we will not hold a full conference in 2021, we are planning a pre-conference event this year in November. Stay tuned for more information on our 2021-22 programming!
Learn more: https://niceconference.org/