Welcome to the Summer 2020 NICE eNewsletter! My name is Joseph Mercado and I am working with the NICE Program Office this summer as a virtual undergraduate intern. I am currently a rising junior, studying Information Systems and Technology with a concentration in cybersecurity at California State University, San Bernardino. During my time at NICE, I have worked on several different projects - one of which included co-authoring this NICE eNewsletter’s featured article, The Future of Virtual Internships. Virtual internships are not only beneficial to prospective interns but also to organizations as they expand the potential talent pool. Read this eNewsletter’s featured article if you would like to learn more about virtual internships and the opportunities that come with them. I also am excited about providing technical support to the NICE webinar series, and I look forward to continuing my virtual internship with NICE!
2020 NICE Undergraduate Fellow
NICE released draft revisions to the Workforce Framework for Cybersecurity (NICE Framework), and we want your input! Take a look at the proposed changes and send your comments in no later than August 28, 2020. Learn more.
Cybersecurity professionals remain in high demand by employers across the United States and in virtually every industry, according to new CyberSeek data. Learn more.
To help organizations successfully hire and retain cybersecurity practitioners, the NICE Workforce Management Subgroup has drafted a hiring guide. Learn more.
By Frauke Steinmeier, 2020 Community College Cyber Pilot Program (C3P) Summer Experience at NICE, San Antonio College; Joseph Mercado, 2020 NICE Undergraduate Fellow, California State University, San Bernardino; and Matthew Scarborough, 2020 C3P Summer Experience at NICE, Clark State College
Internships allow individuals to break into a career field, learn new skills and knowledge about a profession, and gain much-needed experience. As technology has advanced and become more accessible, the option of working remotely has become not only a possibility but a reality for many. According to a study by Flexjobs and Global Workplace Analytics, remote work increased 159 percent from 2005 to 2017. As National Initiative for Cybersecurity Education (NICE) Summer 2020 interns, we wanted to take a look at virtual internships and how they can be conducted. In this article, we provide some suggestions for maximizing remote internship options.
159% increase in remote work from 2005 to 2017*
70% of professionals work remotely one day per week**
53% of professionals work remotely at least half the week**
*Flexjobs and Global Workplace Analytics
In recent years, working online became the solution to staying connected and relevant in an increasingly global economy. According to University Business and a 2018 International Workplace Group study, 70 percent of professionals across the globe work remotely one day per week, and 53 percent work remotely half of the week at a minimum. In 2019 in the United States alone, over 9.8 million employees worked from home. It is no surprise that internships would also gravitate to a digital format.
Recent studies suggest a growing need for more collaborative, project-based programs. The Association for Educational Communications and Technology presented a study of an instructional technology internship with an emphasis on a digital format. Findings showed that the digital format helped students prepare for a variety of challenges by providing real-world experiences and feelings of autonomy. More than that, it paved the way for alternative internship opportunities, which in turn opened the door for students who don’t have the luxury of relocating or the opportunity to take on a second job.
The ability to go virtual has opened the workplace up for more diversity. Individuals from lower socio-economic backgrounds, those with families to take care of, and those with disabilities that are difficult to accommodate now have similar opportunities through the virtual option as those working at in-person internships. Eric W. Waldo, executive director of Reach Higher, has explained, “Our most vulnerable students don’t come to college equipped with knowledge on the importance of an internship, much less the connections to land one.” Therefore, it is imperative that virtual internships provide the same type of experience as traditional internships by having concrete learning objectives and detailed descriptions of projects or expected deliverables.
How a virtual internship is structured and conducted will help determine the work readiness of the intern. If the emphasis is on honing skills and knowledge, the individual likely will have more confidence and feel better prepared for a future career. As more companies are introducing remote work, they are becoming more familiar with the process of figuring out how to work with their remote employees. Companies should provide interns with the right tools and resources, like secure Virtual Private Networks and remote authentication tokens, to enhance security and protect privacy in online meetings. They should also provide clear expectations for the internship and training on software used by the company. For example, many people are now familiar with how to conduct meetings online, but with all the different mediums for communicating digitally it is important to verify that the interns can access and use the preferred resources from personal devices and have the requisite Internet access.
As NICE summer interns, we benefit from having not only a mentor assigned to us, but also a whole team that checks in with us via weekly video conference meetings. The use of video conferencing helps us get to know everyone on the team and share what we are working on. It is helpful to work as a team when possible as it creates a sense of community and camaraderie. Having weekly meetings to discuss how the internship is going and to share highlights and address concerns is extremely beneficial and has made this internship a memorable and valuable experience.
These virtual internship opportunities will likely become more prevalent in the future. Even now, as working from home is the new norm, there has been a push for internships to follow suit. By incorporating similar flexible structures to internships, companies will see increased work quality, productivity, diversity, and overall job satisfaction.
A profile of a cybersecurity practitioner to illustrate application of the NICE Framework categories and work roles.
Securely Provision/ Protect and Defend
Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems with responsibility for aspects of system and/or network development. Identifies, analyzes, and mitigates threats to internal information technology systems and/or networks.
Name: Lonnie Harris
Title: Director, Security Enterprise Engineering
Organization: Equifax, Inc.
Work Roles: Security Architect/Systems Developer/Cyber Defense Analyst
Academic Degrees: B.S. and M.S., Electrical Engineering, North Carolina A&T
Certifications: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Cisco Certified Network Professional (CCNP)
Q: Lonnie, explain your role and responsibilities as Director of Security Enterprise Engineering at Equifax.
A: My role is basically to protect and defend Equifax core networks. We work very closely with the business units as well as IT to understand the business drivers for Equifax core business and understand exactly what are those implementation requirements, from an IT perspective, that need to be implemented to meet the business objectives.
From a security perspective, my team is then responsible for ensuring that security controls are in place. My team consists of architects, security engineers, and security operations engineers. The security architects’ main role is – we leverage NIST very heavily – to look to NIST SP 800-53 requirements and overlay those across different policies, whether they be protection polices, asset policies, vulnerability policies.
Q: How would you envision using the NICE Cybersecurity Workforce Framework to either guide your own career or maybe guide your role as a hiring manager or supervisor in your organization?
A: I’ve used it in a couple ways. I definitely take from it when I look at certifications that the Framework references. I also look at the knowledge and skills, of course, because a resume only tells half a story. For me, I like to understand your knowledge, and I can see that in your resume. From there, I want to understand what are some of the skills that you’ve learned along the way? In today’s market, the degrees are definitely a need – I would never not get a four-year degree or a two-year degree. But we also need to have people who have certain skills, and that means asking what are some of the tools you know? What are some of the languages you know?
To listen to the full audio interview with Lonnie Harris, Director of Security Enterprise Engineering at Equifax, click on the audio below:
By Donna Woods, Instructor at Canyon Springs High School and Inaugural Presidential Cybersecurity Education Awardee; and Albert Palacios, Education Program Specialist, Office of Career, Technical, and Adult Education, U.S. Department of Education
Although the Class of 2020 did not walk across the stage this year, American schools did award an estimated 3.7 million high school diplomas, 1 million associate’s degrees, and 2 million bachelor’s degrees. This year’s graduates will enter a historically competitive labor market, and economists say it will be especially brutal for recent graduates. While some graduates have yet to find a job, many who chose a cybersecurity-related path seem to be doing well.
There are numerous paths to an entry-level cybersecurity position. Some students obtain cybersecurity certifications or join the military. Some go on to pursue multiple degrees, while others take a traditional degree-related pathway by graduating and joining the workforce.
Read the full article.
By Bryan Parent, Senior Protective Intelligence Analyst, LinkedIn
High-profile corporate executives like Oprah Winfrey or Elon Musk gain public attention for their every movement, decision, or statement, with the latest news often being shared broadly by the internet. For as much good as the interconnected world of the internet provides, it’s also unfortunately a place where bad actors can stoke their obsession, alone or with like-minded individuals, and threaten real-world harm to these well-known people. To combat these incidents, a new specialty in the executive protection and security industry was created: cybersecurity protective intelligence. Professionals serving in this new role seek to identify those who desire to inflict a physical, mental, or reputational harm against a highly visible individual–our protectee or principal–online.
Cybersecurity protective intelligence is my passion and job at LinkedIn, but my path into cybersecurity was far from typical.
Read the full article.
By Harry C. Mourtos, Cybersecurity and Infrastructure Security Agency
We are gearing up to launch the second annual President’s Cup Cybersecurity Competition, which is open to any member of the Federal workforce and U.S. military. Registration opens July 27, with the Teams Competition kicking off August 10 and the Individuals Competition starting August 24.
The President’s Cup Cybersecurity Competition aims to identify, recognize, and reward the best cyber talent in the Federal government. Competitors are tested through three rounds of increasingly difficult challenges mapped to the NICE Cybersecurity Workforce Framework. Challengers apply their skills in real-world scenarios to complete a task or solve a problem.
This year, participants can compete as part of a team of five, as individuals, or both. The Individuals Competition will be broken down into two tracks based on work roles from the NICE Framework.
Read the full article.
Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs with updates on their activities:
The NICE Cybersecurity Workforce Framework is undergoing an update. A draft revision has been released and is available for public comment through August 28, 2020. In the revised draft of the NICE Framework, you will see:
Please view the full draft revision to the NICE Framework and consider submitting feedback via email to niceframework [at] nist.gov before August 28.
The NICCS Education and Training Catalog now has over 5,000 courses and counting! All courses listed on the training catalog are mapped to the NICE Framework to aid users in locating a course that will benefit their career development. On August 4, 2020, NICCS will release the Cyber Career Pathways Tool. The tool presents a new and interactive way to explore work roles within the NICE Cybersecurity Workforce Framework. This tool:
NICCS also features a Student Cybersecurity Resources page to encourage students to research cybersecurity industry career options and a Cybersecurity Careers page that links users to active Federal cybersecurity job openings from USAJobs.com. Both pages may be used as teaching tools for the current cybersecurity job market and help students find jobs after graduation.
To learn more about NICCS and its resources, email NICCS [at] hq.dhs.gov
A Summit for Federal employees was held on June 23, 2020, to support collaboration and information sharing among agencies focused on building and maintaining a robust cybersecurity workforce. The Summit kicked off a webinar series that will take place through October. The recordings of the summit and webinar series will be made available on the event website.
Learn more about this event: Federal Cybersecurity Workforce Summit and Webinar Series.
What’s New: Revisions to the NICE Framework - July 15, 2020
This webinar offered attendees the inside scoop on proposed changes to the NICE Framework and instructions on how to provide feedback and suggested edits before the official revision is released in November 2020. Learn more and view the recording here.
The Challenge of That First Job in Cybersecurity: Entry Level Roles and How to Qualify - June 17, 2020
This webinar explored ways to turn lessons learned from the recent pandemic into systemic changes to improve cybersecurity education, training, and workforce development for the future. Learn more and view the recording here.
Learn more and view recordings: NICE Webinar Series
According to a new benchmark study released by CYBER.ORG (formerly NICERC, the National Integrated Cyber Education Research Center), less than half of K-12 students in the U.S. are currently receiving some type of cybersecurity education, and access to those resources varies considerably. The study, “The State of Cybersecurity Education in K-12 Schools” conducted by the EdWeek Research Center, also revealed that students from higher socioeconomic backgrounds where schools are in close proximity to technology companies and postsecondary institutions with cybersecurity programs had the greatest access to cyber education, while students from less advantaged socioeconomic backgrounds were the least likely to have the option for cyber education.
Learn more: CYBER.ORG
The 2020 GenCyber program was prepared to host 154 camps prior to the pandemic outbreak! Camps were set to occur in 44 states, along with Washington DC and Puerto Rico. Many institutions have chosen to defer their camps to the summer of 2021 in the hope of offering a traditional face-to-face experience for student or teacher participants. However, a handful of institutions have opted to host virtual events this year.
Learn more: gen-cyber.com/camps
The NICE Working Group (NICEWG) was established to provide a mechanism in which public and private sector participants can develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development.
This quarter, the Training and Certifications Subgroup released a draft Cyber Range Paper for comment. The paper seeks to provide guidance for the use cases, features, and types of cyber ranges in education, certification, and training. A final version of the paper will be released soon.
The Workforce Management Subgroup also released a draft Success Strategies for Cybersecurity Hiring for Human Resources and Hiring Professionals paper for comment. The adoption of one or more of the strategic concepts outlined in the paper may allow a hiring manager to reduce time-to-hire, identify gaps in their cybersecurity workforce, develop career pathways, and diversify their teams. Provide comments by August 14.
Learn more about these papers and other deliverables from the NICE Working Group.
This webinar will provide information to both hiring managers and human resources professionals about the hiring authorities available to attract diverse, talented applicants and hire highly qualified candidates. Particular attention will be given to explaining hiring options that target cybersecurity talent.
Learn more and register today here
Please submit all comments via email to niceframework [at] nist.gov. NICE intends to publish and announce the final version during the 2020 NICE Conference and Expo this fall.
This webinar will provide strategies and tools to help agencies find highly skilled talent by using effective assessments. This session will include various options for designing an assessment strategy and improving the types of assessments used by agencies. After completing this session, agencies will have the knowledge and resources needed to leverage a full range of assessment options for filling cyber positions.
Learn more and register today here
This webinar will focus on:
NICE webinars are free to attend, but registration is required.
Learn more and register today here
This webinar will provide an overview of the Cybersecurity Interpretive Guidance to help agencies hire and retain a highly skilled cybersecurity workforce. The session will cover cyber position classification, job evaluation, qualifications, and assessments. After completing this session, HR participants will have the knowledge and tools to partner with hiring officials to identify cybersecurity positions; clarify cybersecurity roles and duties; address position management issues; implement training, performance, and retention programs; and conduct cybersecurity workforce assessments.
Learn more and register today here
Mark your calendars to celebrate National Cybersecurity Career Awareness Week across the country. Join us in promoting awareness and exploration of cybersecurity careers by hosting an event, participating in an event near you, or engaging students with cybersecurity content!
Learn more here
Florida International University and New America have decided to reformat the NICE Conference and Expo to a virtual platform. This decision is an innovative solution during an evolving time, very much in tune to this year’s conference theme, “New Decade, New Solutions: Meaningful Actions for an Evolving Cybersecurity Workforce.” Subscribe to NICE Conference email notifications at www.NICEconference.org and follow @NICECyberCon on Twitter for the latest regarding the conference. We look forward to seeing you online this fall!
In an effort to be mindful of health concerns, travel restrictions, budget impacts, and based on the conference's continued commitment to equity and inclusion, the National Initiative for Cybersecurity Education (NICE) K12 Cybersecurity Education Conference will be reimagined to bring the community spirit and networking energy to an inspiring and engaging online space. Attendees will engage with cutting-edge presentations, networking, and resources—all from the safety and comfort of their home or office. Learn more about the exciting offerings at this year's event.