Welcome to the Spring 2022 issue of the NICE eNewsletter. As NICE’s Lead for International Engagement, I am particularly excited to introduce our featured article this quarter from the United Kingdom’s Cyber Security Council. The article outlines the various strategies in the UK that are supporting the evolving needs of cybersecurity talent in the country. The government spotlight also focuses on strategies - and more specifically, policies - to qualify and manage the United States military’s cyberspace workforce. The industry spotlight shares insight on a tool that can be used to help document skills and streamline hiring for cybersecurity jobs. Finally, as we near the end of Mathematics and Statistics Awareness month, the academic spotlight article highlights how mathematics can be applied in cybersecurity careers.
Spring is a time of newness, so I’ll end with some exciting firsts! You’ll notice there are two Framework in Focus interviews this quarter, so don’t miss out on this double feature of unique paths in cybersecurity. Also, for the first time, this year the annual NICE Conference & Expo will take place in June. After two years of virtual events, I look forward to seeing many of you in-person again June 6-8 in Atlanta, Georgia!
NICE Manager of Communications and Operations
NICE Lead for International Engagement
By Simon Hepburn, Chief Executive Officer, UK Cyber Security Council
As the cybersecurity risk landscape continues to grow and evolve, so too does the workforce required to mitigate such risks. In this quickly advancing field, it’s often unclear how to get started in cybersecurity; and what skills are needed or what training or education will qualify one for a job. The United Kingdom (UK) identified this, and in the National Cyber Security Strategy of 2016 announced several initiatives to develop the cybersecurity profession, which includes achieving Royal Chartered status for a recognized body of cybersecurity excellence, providing a focal point that could advise, shape, and inform national policy. To further support this, the response to the 2018 National Consultation of the Cyber Profession recommended the establishment of an “umbrella body for existing professional organizations to “drive progress against the key challenges the profession faces”.
This umbrella body, the UK Cyber Security Council, would be charged with developing a framework of cybersecurity specialisms with alignment to career pathways through the profession, leading towards a nationally-recognized career structure. In response to the consultation, the UK’s Department for Digital, Culture, Media and Sport (DCMS) committed significant funding to establish the new, independent council and outlined an initial program of work.
And so began the formal structure to build the UK Cyber Security Council. DCMS kicked off the formation project where 16 cybersecurity organizations, including accredited certifying bodies such as CompTIA, (ICS)2, and ISACA, worked to establish the initial designs of the council.
Today the UK Cyber Security Council is fully formed and operates as an independent charity with Royal Chartered status, working in collaboration with the National Cyber Security Centre (NCSC), the UK technical authority.
Our strategic partners and membership scheme bring together several UK government organizations, industry via the UK Cyber Cluster Collaboration (UKC3), and academia via the Cyber Security Body of Knowledge (CyBOK) – an effort led by the University of Bristol. For the first time, there is coordination amongst several departments, corporations, and institutions on developing the cybersecurity workforce.
This ecosystem that the UK Cyber Security Council coordinates is in direct support of the new UK National Cyber Strategy objective to enhance and “expand the nation’s cyber skills at every level, including through a world class and diverse cyber security profession that inspires and equips future talent”.
Our primary aim is to be the voice for the cybersecurity profession in the UK by serving as a self-regulated body that supports the UK government’s National Cyber Strategy and develops, promotes, and stewards nationally recognized standards for cybersecurity.
We have begun 2022 with several efforts to establish a professional qualification framework. To start, we are conducting a national Consultation Roadshow to identify existing programs, standards, and defined career paths to inform our work and to build up those successful programs. A recently closed consultation will also help to inform our next steps. Finally, we’ve also established a Standards, Ethics, and Careers Working Group to begin development of a thematic Standards and Careers Route Map for the cybersecurity profession.
This work is just the beginning for the UK Cyber Security Council. In addition to developing guidance for the cybersecurity profession, we are working on our own strategic plan that will help guide the next several years. The strategic plan, much like the cybersecurity profession, will be agile and continue to adapt to the needs of the nation.
A profile of a cybersecurity practitioner to illustrate application of the NICE Framework.
In this issue we are featuring two interviews. Mr. Peebles shares about his non-traditional path into cybersecurity, how he has quickly advanced in his career, and secrets to his success that others can adopt. Ms. Ribble shares about managing projects in the health care sector, working with cybersecurity, and the importance of transferable skills.
Organization: SpearTip, LLC
NICE Framework Category: Protect & Defend
NICE Framework Work Role: Cyber Workforce Developer and Manager
Academic Degree: Associates in Sign Language Interpretation
Organization: Augusta University Health
NICE Framework Category: Oversee & Govern
NICE Framework Work Role: IT Project Manager
Academic Degrees: MS in Information Security Management, BS in Business Administration with a concentration in Management Information Systems (MIS)
Certifications: Project Management Professional (PMP)
By Alexis VanderWilt, IT Specialist, Western Area Power Administration
Some cybersecurity jobs require more complex math than others. Jobs in machine learning, for example, require an understanding of calculus and linear algebra. Machine Learning and AI are very complex fields that utilize graph theory and linear algebra to train systems to give certain outputs based on certain inputs by making small corrections. The work roles for these kinds of positions are very technical and will more than likely require high-level mathematics.
Jobs in cryptography may require a deep understanding of algebraic concepts like prime factorization. Prime numbers are extremely important in cybersecurity. A prime number is a number that cannot be broken down into any smaller integer components. This concept of breaking down numbers into their prime number components is the basis of modern cryptography. Because only the two people sending information know how their large cryptographic key is factored, that data is secure, but if an efficient method for factoring a number into its prime components ever came to fruition, modern encryption would completely fall apart. Cryptography is at the very core of information security and data confidentiality. The work roles for cryptography positions are fairly technical and might require a background in mathematics
By Peter Meehan, SVP International and Partnerships iQ4 Corp, Co-Founder Cybersecurity Workforce Alliance (CWA)
As of March 2022, the cybersecurity supply and demand website Cyberseek.org, reports 597,767 cybersecurity job vacancies, with only 1.5% (8,889) identified as open to entry level candidates. Why aren’t employers seeking more career entrants? Is it the pursuit of the “purple unicorn” who has a degree, 5-10 years’ experience, and multiple industry certifications? Or is it due to lack of data showing employers the positive return on investment (ROI) of investing in the next generation?
iQ4 Corp, a technology company focused on workforce skills management and talent development, created its Digital Talent Cloud Platform to accelerate and scale a pipeline of new professional cybersecurity talent equipped with related work experience. This platform combines a Workplace Academy to gain experience, a skills “wallet” to help the learner speed their acquisition of skills and better enable them to showcase their competency to employers, and an Enterprise Platform for employers to align their skills inventory and hiring needs. This can shorten the employer’s time to find, hire, develop and retain a skilled workforce.
By The Department of Defense Chief Information Officer, Cyber Workforce Management Directorate
The Office of the United States (U.S.) Department of Defense (DoD) Chief Information Officer (CIO) works with federal and private sector partners to continuously reduce the number of cybersecurity threats the U.S. faces every day. Through this collaborative effort, the DoD CIO can strengthen cyberspace defensive and offensive capabilities, as well as protect critical assets. In collaboration with federal partners, the Cyber Workforce Management Directorate (CWMD) developed the DoD 8140 policy series to strategically identify, develop, and qualify cyberspace professionals.
The implementation of the DoD 8140 policy series affords a comprehensive cyberspace workforce management approach across civilian, military, and contractor populations. The policy series takes a targeted, role-based approach to identify and develop cyberspace personnel using the DoD Cyber Workforce Framework (DCWF). Notably, the policy series focuses on demonstration of capability, rather than compliance-based requirements, and can be used as additional management tools for the cyberspace workforce. This compliance-based approach ensures the Department is able to address the ever-evolving cyberspace needs in a competitive national environment.
Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs with updates on their activities:
Draft updated NICE Framework Knowledge and Skill statements are available for public review and comment. Adjustments address:
Submit comments by email to niceframework [at] nist.gov. Comment deadline: 11:59pm ET on June 3, 2022
NICE is looking for someone who is eager to provide substantive programmatic contributions to NICE Workforce Framework for Cybersecurity (NICE Framework) activities. Work includes research, content development, stakeholder engagement, and support activities. Application deadline: May 16, 2022
Learn more: NICE Framework Resource Center
The NICE Framework is changing, and so is NICCS!
CISA’s National Initiative for Cybersecurity Careers and Studies website (NICCS) is undergoing big changes! With the release of the new version of the Workforce Framework for Cybersecurity (NICE Framework) data, the NICCS website will have a new interactive version of the NICE Framework including an updated interface and new content. Learn more about these changes by using the Cyber Career Pathways Tool to compare work roles and gain a better understanding of the tasks, knowledge, and skills (TSKs) needed for each.
Are you ready to enter the cyber workforce? Or maybe you’re interested in advancing your career to the next level? Check out cybersecurity job openings across the country and around the world using the interactive Cybersecurity Careers by State map. If you want to learn something new or need more training in a specific area, there are over 6,000 courses on the NICCS Education & Training Catalog. With beginner, intermediate, and advanced in-person and virtual options from hundreds of training providers across the U.S., NICCS has something for everyone!
NICCS is the nation’s one stop shop for cybersecurity training, education, and career information.
To learn more about NICCS or our resources, email niccs [at] hq.dhs.gov.
Community College Cyber Summit (3CS) 2022
The annual Community College Cyber Summit (3CS) will take place May 23-25, 2022, in Dayton, Ohio. The event has recently expanded to multiple locations to offer more programs supporting the entire cybersecurity talent pipeline. Produced by the members and partners of the National CyberWatch Center, this year's event will feature cybersecurity skills-development workshops, a designation ceremony for the National Security Agency's Centers of Academic Excellence program, innovative teaching and lifetime achievement awards, over 70+ presentations and hands-on workshops, and a career exploration event led by national leaders in career skill development and coaching. For more information, including the full program and how to register, please visit https://www.my3cs.org.
Call for Abstracts for the Cybersecurity Skills Journal: Practice and Research
The Cybersecurity Skills Journal: Practice and Research (CSJ), the nation's first journal dedicated to disseminating evidence-based practices in assessing, developing, and executing skilled performance in cybersecurity roles and functions, is excited to announce its latest call for abstracts. This new special issue series is focused on Evidencing Competencies: Progress from Funded Research. Later this year CSJ will be publishing the first volume in its special issue series on Diversifying the Cybersecurity Workforce. Finally, the journal will soon publish an update to the first volume in the special issue series on the NICE Framework: Investigating Framework Adoption, Adaptation, or Extension. Calls for proposals for the second volume in these two special issue series will be released this fall.
Recent investments in cybersecurity research have resulted in many opportunities to consider the impact of new cybersecurity technologies on the broader cybersecurity workforce, from testing to planning for technology transfer. CSJ seeks submissions for the Evidencing Competencies special issue arising from funded research that impacts cybersecurity practice and advances the state of the cybersecurity workforce's capability maturity. CSJ uses a unique consultative, two-step submission process designed to encourage development of scholarly rigorous and practically relevant papers aligned with the journal's mission. Prospective authors are strongly encouraged to review the Overview Presentation before submitting paper ideas. CSJ also seeks individuals interested in mentoring future authors on its 10-person paper development panels. For information, please register to attend an upcoming peer review panel information session at https://nationalcyberwatchcenter.wildapricot.org/event-4742342.
For more information, including links to resources, please visit https://caecommunity.org/initiative/k12-ring or email the team at ring [at] caecommunity.org.
Cybersecurity Considerations for The Quantum Information Science Technology (QIST) Workforce
April 20, 2022
The Quantum Information Science Technology (QIST) workforce now involves practitioners trained in a wide variety of disciplines such as computer science, engineering, chemistry, and materials science, who are working together often in multidisciplinary teams to pioneer revolutionary approaches to computing, simulation, sensing, timing, and networking. This webinar, was held in observance of World Quantum Day on April 14th, examined the cybersecurity implications of QIST and the impact on education, training, and the workforce. Learn more here.
The NICE Framework at Work - Use Cases from Industry
March 16, 2022
The NICE Framework is a voluntary tool used by organizations large and small, domestic and international, and across various sectors to help them recruit, develop, and retain cybersecurity talent. That is easy to say, but do you want to see it in action? During this webinar the audience heard about how private companies have implemented the NICE Framework at their organizations. Learn more and view the recording here.
Computational Literacy - A New Literacy Necessary for the Future of Learning and Work
February 16, 2022
Computation is changing the landscape of modern scientific and mathematical fields. Computational tools, practices, processes, and methods are reshaping the way mathematicians and scientists, including cybersecurity practitioners, conduct their work. Achieving a new literacy with computation is necessary for the future of learning and workforce development. This webinar discussed what computational literacy is, how we can conceive of its emergence, and how we can nurture its advancement. Learn more and view the recording here.
CYBER.ORG’s Cyber Education Discovery Forum is June 20-22 in Alexandria, Virginia. Early bird registration ends May 15! Learn more and register here for this K-12 cybersecurity professional development event.
Learn more here.
GenCyber 2022 is in full swing! There will be over 100 camps this summer! Host institutions have begun recruitment for summer 2022 activities and camps. Interested individuals should visit https://gen-cyber.com/camps/. GenCyber programs are offered free of charge.
The NICE Community Coordinating Council (NICE Community) has been established to provide a mechanism in which public and private sector participants can develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development.
Join the NICE Community Council at the 2022 NICE Conference and Expo in Atlanta, Georgia!
The NICE Community Coordinating Council (NICE Community) will have Birds of a Feather sessions where Working Group and Community of Interest members can meet. The schedule is as follows:
Learn more and join the NICE Community Coordinating Council today!
The Federal Cybersecurity Workforce Summit features colleagues who are working first-hand on initiatives geared toward attracting and strengthening vital cybersecurity talent.
Learn more and register here.
*Registration is open to US Federal Government employees. Please use your US Federal Government email address to register.
The FISSEA Forums are quarterly meetings to provide opportunities for policy and programmatic updates, the exchange of best practices, and discussion and engagement among members of the Federal Information Security Educators (FISSEA) community.
Learn more here.
This webinar will focus on current and emerging programs and services designed to meet the growing cybersecurity workforce demand by leveraging the employment of veterans and military spouses through a variety of different pathways that include education, training, apprenticeships, and more.
Learn more and register here.
This year’s theme, “Demystifying Cybersecurity: Integrated Approaches to Developing Career Pathways,” inspires presentations that take a holistic view of cybersecurity risks that considers the dimensions of people, process, and technology and includes a comprehensive approach to the development of career pathway systems that address the lifecycle of a learner from early education through a life-long career in cybersecurity.
Registration is Open!
Registration is open for the 2022 NICE Conference and Expo. We anticipate this year's conference to sell out quickly - please register as soon as possible! Group registrations are also available.
Learn more and register here.
Mark your calendars to celebrate Cybersecurity Career Awareness Week across the country. Join us in promoting awareness & exploration of cybersecurity careers by hosting an event, participating in an event near you, or engaging students with cybersecurity content!
“Expanding the Gateway to the Cybersecurity Workforce of the Future.”
The 8th annual NICE K12 Cybersecurity Education Conference will take place on December 5-6, 2022, in St. Louis, Missouri.
The Call for Speaker Proposals IS NOW OPEN and WILL CLOSE on Friday, June 24, 2022, at 11:59 pm PST. Selected presenters will be notified via email in Mid-August.
The Planning Committee encourages proposals from a diverse array of organizations and individuals with different perspectives, including K12 educators, school counselors, students, institutions of higher education faculty, employers and practitioners, non-profits organizations, curriculum providers, research centers, and training and certification providers. Topics should align with one of the five conference tracks:
This conference provides an array of in-person presentation formats including concurrent speaking and panel sessions, shorter "Ted-X style" talks, and pre-conference workshops. Virtual speaking opportunities include pre-recorded lectures and poster sessions.
ACT NOW - Submissions close on June 24, 2022
Call for Proposals submission information here.