NICE Fall 2019 eNewsletter

| Featured Article | NICE Framework in Focus | Academic Spotlight | Industry Spotlight | Government Spotlight | Affiliated Program Updates | Funded Project Updates | NICE Working Group Updates | Key Dates |

Subscribe to the NICE eNewsletter

---

 

Welcome! My name is Rickie Grigsby and this past summer I had the opportunity to be a Summer Graduate Fellow at NICE. I worked on multiple projects in support of the NICE Strategic Plan. One project that I’ll have the opportunity to work on throughout the school year is cybersecurity education capacity building for minority serving institutions. My experiences this summer revealed to me the vast consortium of individuals from academia, government, industry, and non-profit organizations who work together, mostly behind the scenes, to create a better future for cybersecurity education and the workforce. I look forward to the continuation of work with these thought leaders to collaborate on effective efforts to increase the number of minorities in the cybersecurity workforce. 

 

---

Featured Article:

A CONSULTATIVE PROCESS FOR CYBERSECURITY EDUCATION, TRAINING, AND WORKFORCE DEVELOPMENT FOR THE NATION
By Dr. Jose-Marie Griffiths, President of Dakota State University (NICE Working Group Academic Co-Chair); Jason Hite, Vice President of Talent Acquisition and Chief People Officer at Xcelerate Solutions (NICE Working Group Industry Co-Chair); and Rodney Petersen, Director of the National Initiative for Cybersecurity Education at the National Institute of Standards and Technology (NICE Working Group Government Co-Chair)

The National Initiative for Cybersecurity Education (NICE), as a primary premise of its mission to promote and energize a robust and integrated cybersecurity education and workforce ecosystem, represents a public-private partnership of academia, industry, and government.  That is why the NICE Strategic Plan proudly embraces values such as Facilitate Collaboration, Foster Communication, and Share Resources. Therefore, when America’s Cybersecurity Workforce Executive Order, announced on May 2, 2019, called for a “consultative process that includes Federal, State, territorial, local, and tribal governments, academia, private-sector stakeholders, and other relevant partners to assess and make recommendations to address national cybersecurity workforce needs and to ensure greater mobility in the American cybersecurity workforce” we didn’t have to look very far to find existing mechanisms, including the NICE Working Group.

The NICE Working Group, established in 2015, provides a mechanism by which public and private sector participants can develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development.  The working group is led by three co-chairs, each representing academia, industry, and government.  The NICE Working Group is comprised of six sub-working groups focused on topics or audiences interested in K12 cybersecurity education, Collegiate cybersecurity education and workforce development, cybersecurity Competitions, cybersecurity Training and Industry-Recognized Certifications, Workforce Management, and cybersecurity Apprenticeships.  Each of the subgroups and full working group is open to the public.  

The NICE Working Group was instrumental in developing the NICE Strategic Plan established in January of 2016.  The working group and subgroups continue to actively identify projects and produce products (one-pagers, white papers, tools, presentations, etc.) that are directly responsive to the goals and objectives of the strategic plan.  The working group and each subgroup were actively consulted in the summer of 2017 when NICE organized a process to respond to the requirements of the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, to include an assessment of “the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education” and “provide a report to the President with findings and recommendations regarding how to support the growth and sustainment of the Nation’s cybersecurity workforce in both the public and private sectors.”  The consultative process used at that time resulted in the Report to the President on “Supporting the Growth and Sustainment of the Nation’s Cybersecurity Workforce:  Building the Foundation for a More Secure American Future” (Workforce Report).
Other ways that NICE seeks to consult with academia and industry include:

• Requests for Information (RFI) that seek input on cybersecurity education and workforce topics, such as the RFI issued in response to Executive Order 13800 that requested “information on the scope and sufficiency of efforts to educate and train the Nation’s cybersecurity workforce and recommendations for ways to support and improve the workforce in both the public and private sectors”.
• Public Comment periods are routinely used to encourage review and feedback of draft NIST publications, including NIST Special Publication 800-181 that established the NICE Cybersecurity Workforce Framework.
• Engagement with the Information Security and Privacy Advisory Board of the National Institute of Standards and Technology (NIST), established in accordance with the Federal Advisory Committee Act (FACA), that advises NIST on information security and privacy issues.
• Insights from the American Workforce Policy Advisory Board, another FACA group, that provides advice and recommendations to an interagency council led by the U.S. Department of Commerce pursuant to an executive order “Establishing the President’s National Council for the American Worker”.
• Other public forums or advisory boards established for other federal government departments and agencies.
• Participation in events supported by grants from NIST such as the annual NICE Conference & Expo, NICE K12 Cybersecurity Education Conference, and Center for Academic Excellence (CAE) in Cybersecurity Symposium that is held each year immediately following the Annual NICE Conference and Expo.
• Invitations as speakers or guests at other academic and industry meetings or events where NICE community members can listen and learn about emerging issues, opportunities, and programs of public and private sector organizations.

NICE also engages with the government through a number of different mechanisms (see Government Spotlight below).
The Workforce Report introduced a vision of “preparing, growing, and sustaining a national cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity.”  America’s Cybersecurity Workforce Executive order indicates that priority consideration will be given to the following imperatives from the Workforce Report:

1. To launch a national Call to Action to draw attention to and mobilize public- and private-sector resources to address cybersecurity workforce need;
2. To transform, elevate, and sustain the cybersecurity learning environment to grow a dynamic and diverse cybersecurity workforce;
3. To align education and training with employers’ cybersecurity workforce needs, improve coordination, and prepare individuals for lifelong careers; and
4. To establish and use measures that demonstrate the effectiveness and impact of cybersecurity workforce investments.

The Workforce Report contains 4 imperatives (see above), 20 recommendations, and 47 actions.  The process for prioritizing the actions and recommendations has begun, as has an assessment of what recommendations are already being actively pursued or what has changed in the environment since the report was written two years ago.  The public is invited to actively contribute or share what you are doing by joining and participating in the NICE Working Group, attending the NICE Conference or one of the other NICE-supported events, or including cybersecurity education- and workforce-related dialogues at your meetings or events.  

---

NICE Framework in Focus

A profile of a cybersecurity practitioner to illustrate application of the NICE Cybersecurity Workforce Framework categories, specialty areas, and work roles.

Name:  Anju Chopra

Title:  Senior Vice President, Cyber Technologies

Organization: Kroll

Work Roles: Authorizing Official/Designating Representative, Security Control Assessor, Software Developer, Secure Software Assessor, Enterprise Architect, Security Architect, Research & Development Specialist, and Systems Requirements Planner 

Academic Degrees:  MBA, Strategic & Entrepreneurial Management, Tepper Business School, Carnegie Mellon University; M.S., Electrical & Computer Engineering, Florida Atlantic University; B.E., Electronics & Communications, Delhi College of Engineering  

Certifications: None

Q: Explain your role and responsibilities as SVP.

A: My role at Kroll is both Strategic and Operational, I focus on innovation, new product development, and implementation of all business-critical technology products and platforms.

Q:  How could you envision using the NICE Cybersecurity Workforce Framework to both guide your own career and in your role as a hiring manager for your organization?

A: I think the framework is very helpful because it functions as a guide to the organization for understanding what technical roles need to be filled to make the organization successful. It absolutely helps us to identify gaps in our Cybersecurity staffing.  We have used the framework to fine-tune and improve our job descriptions postings! NICE Framework allows us to focus on the most valuable assets a hire brings to an organization: technical competence and passion. 

To listen to the full audio interview with Anju Chopra, Senior Vice President, Kroll, click on the audio below.

Audio file

Download a transcript of the interview.

---

Academic Spotlight:

CAREER DEVELOPMENT, WORK-BASED EXPERIENCES, AND THE ROLE OF THE CAREER EXPERIENCE SPECIALIST
By Shelli Farquharson, Career Experience Specialist, Fairfax County Public Schools, and Angela Cleveland, National Center for Women Information Technology Counselors for Computing (NCWIT C4C)

The skilled worker shortage, to include cybersecurity, impacts communities, individuals, and America’s national security and economic prosperity. Part of the shortage comes from a lack of awareness of these skilled careers. It is essential for educators to have career conversations with their students. Career education should begin early and continue past secondary education. Far too often others refer to career education as the “primary responsibility of the guidance counselor.” The guidance counselor of yesteryear is gone. 

The U.S. compulsory education movement led to counselors introduced into schools to assist students with occupational and vocational choices. This vocational guidance movement was concerned with guiding people into the workforce to become productive members of society. Later, spurred by the Soviet Union's launching of Sputnik, counselors promoted college preparatory support to help “guide” students to pursue fields of mathematics and science; thus, the proverbial “guidance counselor” was born.  However, over time the duties and roles of counselors have changed considerably. [History buffs click here]

 

Today, the term “guidance” when referring to a counselor in a school is viewed as an archaic term and a word that makes counselors cringe. Indeed, counselors no longer focus on only guiding students into the workforce. In addition to advising on future courses of study, they evaluate students’ abilities and interests, identify issues that affect school performance, help with social and behavior problems, collaborate with teachers, administrators, and parents on ways to help students succeed, and address topics such as bullying, teen pregnancy, and drug abuse. Today, professionals in the field prefer the term school counselor which better represents the expansion of duties within the entire school setting. 

Although they provide academic and career selection guidance, they serve a larger purpose in the lives of their students. As listed by the American School Counselor Association (ASCA), school counselors encourage a variety of mindsets and behaviors from their students and participate in many aspects of their students’ education and personal growth. 

It is important that teachers are knowledgeable about careers to assist school counselors in matching students with all the opportunities available to them. A burgeoning job is the career counselor. Career development facilitator, career coach, and career experience specialist, are other names that refer to someone who helps with others’ career plans. They are not just for the education community; they work across both business and academia. They can help you explore career options, inform you of labor market trends, and assess your skills, interests, and work-related values. They can help you sharpen your job search skills and help you learn how to move up the corporate ladder. School-based career counselors assist all students but are key to career and technical education (CTE) and academy programs which emphasize work-based experiences. 

Fairfax County Public Schools in Virginia recognized the benefits of work-based experiences. With the increased need to engage with local business and industry, the school system created a Career Experience Specialist position over fifteen years ago. The Career Experience Specialist works with other educators, counselors, and students. The primary role is to work with businesses to coordinate internships and other work-based experiences for students, particularly those in CTE and academy programs. They also work with colleges and universities to coordinate dual enrollment and industry-recognized certifications.

George C. Marshall High School hosts the Marshall STEM Academy, a "school within a school” that offers a variety of specialized and technical courses to highly motivated students in Fairfax County Public Schools. This designated Governor's STEM Academy serves students from predominantly 7 different high schools in 11 course areas. Culinary arts, engineering, robotics, and IT and cybersecurity are just a few of these areas. Each provides students the opportunity to obtain highly desirable industry-recognized certifications, licensure, postsecondary course credit, and valuable career experiences.

By working with academia, government, and industry, IT and cybersecurity students gain a wealth of experience. They can attend local conferences like the Cyber Summit and George Mason’s Engineering Youth Conference with support from the Northern Virginia Tech Council. They successfully compete in hackathons and competitions like the RUSecure Cybersecurity/Forensics/Cryptography competition and CyberPatriot. They hear a variety of speakers, tour facilities, and participate in job shadowing. Students intern with local agencies like Northern Virginia Community College and the county Network Operations Center. 

 

Examples of career development activities categorized by intervention strategies based on the work of Dykeman, Ingram, Wood, Charles, Chen, & Herr

Regardless of what path students are following, career development activities can take a variety of forms, be integrated into a variety of curricula and contexts, and be particularly effective when integrated in different aspects of a young person’s life. Work-based and work-related learning are closely connected to career development and merit mention in the context of school to work transitions.

---

Industry Spotlight

APPRENTICESHIPS AS A PROVEN MODEL
By Tony Bryan, Executive Director, CyberUp

Once upon a time in Europe, every tradesman began their career as an apprentice. From one generation to the next, in a training process lasting as long as 7 years, a trade was passed on. After completion, the apprentice would gain professional status and have the skills necessary to practice their trade with competence.

While some may still associate the concept of apprenticeship with traditional trades (electricians, construction, plumbing), today’s apprenticeships are far more sophisticated and technical. Two years ago, CyberUp, a St, Louis-based regional non-profit dedicated to workforce training, took a serious look at the cybersecurity workforce issue and resolved to apply apprenticeship concepts to their efforts. 

Any conversation about the cybersecurity workforce will include mentions of the shortage of talent, the growth of the profession, and the media’s depiction of the dark and overwhelming outlook. You might have seen such headlines as “The cybersecurity talent gap is getting even worse.” We came to believe that the most promising way to address the gap would be to create regional cybersecurity apprenticeships to serve multiple local employers’ needs. 

With some help from our friends in Missouri, Illinois, and the U.S. Department of Labor, we created the third U.S. registered apprenticeship for cybersecurity analysts. Similar to any traditional trade program, our program combines the three main elements of apprenticeship: curriculum, on-the-job training, and mentorship. We provide 580 hours of online instruction, grounded in cybersecurity best-practices and fundamentals, and coordinate with local employers like Bayer AG, Peabody Energy, Centene, and the Science Center to complete the 2,000 hours of on-the-job training. This approach equips an apprentice with the skills necessary to excel as a cybersecurity analyst for any of these leading employers.

According to CyberSeek, there are over 4,524 openings for cyber jobs in the St. Louis region. This number has been multiplying as the St. Louis region grows into a nationally recognized tech hub. With college costs through the roof and graduates not always securing job placement, despite possessing a degree, apprenticeships offer a solution to filling the workforce with bright, educated, and experienced talent. We believe a combination of traditional education and non-traditional programs can meet regional workforce needs in the future.  

Since we launched two years ago, we continue to improve the program to ensure our participants succeed and employers’ needs are met. Our commitment to individuals is to tailor elements to address their programmatic needs, to meet them wherever they are starting. This has led to the creation of our pre-apprenticeship program where candidates train for 8 weeks on soft skills, IT fundamentals, and the NIST Cybersecurity Framework. They earn industry-recognized credentials while gaining the confidence they need to be successful in the workforce. On the employer side, we continue to adapt to their needs. Hiring options are flexible and include direct hiring, contingent workforce hiring, and custom training for their own candidates and teams. Our goal is and always will be to help great people get jobs and help companies fill their teams to better protect their networks. 

The good news is that the model works. Our employer partners value our program and our ongoing support to the individuals they hire. Brad Hettenhausen, Vice President of Strategic Services at Gadellnet, a small managed services provider in St. Louis explains, “It’s important for us to have high-quality candidates and traditional hiring puts all of the work on us. We were open to the apprenticeship program because CyberUp was selective about candidates and serious about their training.” He added, “The process of hiring an apprentice was easy overall. I’d compare it similarly to internships. It’s great to be able to take a chance on a candidate we may shy from hiring full-time but to take a chance in an apprenticeship format.” Gadellnet has hired two apprentices and has committed to hiring more in the future. 

The model works in larger organizations like Bayer AG and Barry Wehmiller Companies. Roftiel Constantine, Chief Information Security Officer at Barry Wehmiller, stated, “CyberUp does a good job of reducing risk for the hiring companies by screening the apprentices, offering a 90-day transitional period, and putting them through a technical training program. The bonus is the 580 hours of additional training provided on key topics within the cybersecurity discipline.” Chris Sawall of Bayer looked at their role from a larger regional perspective. “I see this as an opportunity to engage and support the local community. We have a negative unemployment rate in this field and a significant need to fill the talent gap. We must delve into any path that will help lead us to success. I think the apprenticeship program creates a non-traditional means to help educate and train those interested in the field and a path to employment.” 

Apprenticeship programs in the technology sector are still a new concept. To scale these programs, companies will need to recognize their current hiring models are insufficient and outdated. As an example, the degree requirement previously mentioned is necessary for most organizations, even if it’s from an unrelated field. Too many individuals are blocked from entering cybersecurity because of this requirement, even if they already have job-ready skills. Large tech firms like Apple and Google are leading the way on this topic, but we need more to follow suit. Companies must also look at other ways to bring on entry-level talent. Traditionally, internships and cooperative employment have been a company’s “farm system.” Companies should not abandon those models but begin to add apprenticeship to their mix of entry-level options.

CyberUp will continue to advocate for apprenticeship. We have presented our program to the State of Missouri, the Military Defense Communities Summit, New America, and at the annual National Initiative for Cybersecurity Education Conference. We are in conversations with other regions and cities like San Antonio and Colorado Springs about adopting our model and scaling apprenticeship programs. With the right push from the right organizations, the apprenticeship concept will be the catalyst needed to close the cybersecurity workforce gap.  

---

Government Spotlight

A CONSULTATIVE PROCESS FOR A FEDERAL, STATE, TERRITORIAL, LOCAL, AND TRIBAL GOVERNMENTS
By Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE), and Danielle Santos, Program Manager of NICE

The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, seeks to engage with other government partners in both formal and informal ways. Below are a few examples of mechanisms that the NICE Program Office uses to share information as well as consult with other government entities:

The NICE Interagency Coordinating Council convenes federal government partners of NICE for consultation, communication, and coordination of policy initiatives and strategic directions related to cybersecurity education, training, and workforce development. The monthly meetings provide an opportunity for the NICE Program Office to communicate program updates with key partners in the federal government and to learn about other federal government activities in support of NICE. The group also identifies and discusses policy issues and provides input into the strategic direction for NICE.  The focus of this group is to coordinate federal programs and investments designed to grow and sustain the nation’s cybersecurity workforce.

The federal CIO Council Workforce Committee is comprised of federal government chief information officers and works with the human resource community to develop, implement, and communicate strategies to recruit, retain, and manage a fully trained and qualified IT workforce, to meet current and future mission requirements. Other supporting agencies include the General Services Administration, Office of Personnel Management, Office of Management and Budget, and NICE. The focus of this group is to develop strategic initiatives that provide the federal government with a cadre of highly capable IT professionals.  

The Federal Privacy Council is comprised of federal privacy professionals (also known as Senior Agency Officials for Privacy as described in Executive Order 13719) and operates as the principal interagency forum to improve the privacy practices of federal government departments and agencies. The Council seeks to expand the skill and career development opportunities and promote collaboration between and among agency privacy professionals to reduce unnecessary duplication of efforts and to ensure the effective, efficient, and consistent implementation of privacy policy government-wide. The Council’s objectives include to work with the Office of Personnel Management to assess and address the hiring, training, classification, and professional development needs of federal employees in areas related to privacy.  

The National Governor’s Association (NGA) Center for Best Practices includes a Resource Center for State Cybersecurity. The NGA, as the convener of our nation’s governors and their cabinet members, partners with the NICE Program Office to ensure that state government leaders are actively seeking solutions at the state and local level to create a cybersecurity education, training, and workforce development ecosystem that meets the needs of employers, including state and local governments. The NGA Policy Academy on Implementing State Cybersecurity has become an important opportunity for consultation and collaboration between NICE and the states.

In addition to the above formal mechanisms, NICE coordinates with specific federal departments and agencies in the following areas:

National Science Foundation (NSF) – the NSF provides grants to improve cybersecurity education through the CyberCorps: Scholarship for Service program, Secure and Trustworthy Cyberspace, and Advanced Technological Education program.

National Security Agency (NSA) – the NSA is the lead for the National Centers of Academic Excellence that includes National Centers of Academic Excellence in Cyber Operations and the National Centers of Academic Excellence in Cyber Defense, administers the Department of Defense Cyber Scholarship Program, and provides grants for GenCyber Camps.

Office of Personnel Management (OPM) – the OPM is responsible for overseeing the implementation of the Federal Cybersecurity Workforce Strategy and leads the federal government’s implementation of the Federal Cybersecurity Workforce Assessment Act.  OPM also partners with NSF to administer the CyberCorps: Scholarship for Service Program.

U.S. Department of Education (ED) – the ED Office of Career, Technical, and Adult Education (OCTAE) is responsible for helping all students acquire challenging academic and technical skills and be prepared for high-skill, high-wage, or high-demand occupations, such as cybersecurity, in the 21st century global economy.

U.S. Department of Homeland Security (DHS) – the DHS Cybersecurity and Infrastructure Security Agency includes several components that address both DHS’s cybersecurity workforce needs and programs designed to grow the cybersecurity workforce for the nation.  See CISA resources on Cybersecurity Education and Career Development and the Office of Academic Engagement.

U.S. Department of Labor (DOL) – the DOL Employment and Training Administration and Office of Apprenticeships are important federal partners in efforts to support American workers and the private sector’s workforce needs, including implementation of the Workforce Innovation and Opportunity Act.  Some of the key cybersecurity workforce resources include the Occupational Information Network (O*NET) Online Resource Center, CareerOneStop, and MyNextMove.

If you are a representative of a federal, state, territorial, local, or tribal government and would like to learn more about the consultative processes available to you visit the NICE Working Group or NICE Interagency Coordinating Council websites; or, if you would like to explore how the NICE Program Office can more actively engage with you please email us at nist-nice [at] nist.gov (nist-nice[at]nist[dot]gov).

---

Affiliated Program Updates

Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs.

National Initiative for Cybersecurity Careers and Studies (NICCS)

 

About NICCS

The National Initiative for Cybersecurity Careers & Studies (NICCS) is the nation’s one-stop shop for cybersecurity careers and studies. NICCS connects the public to information on cybersecurity awareness, degree programs, training, careers, and talent management.  NICCS accomplishes this through a number of interactive resources such as, the NICCS Education and Training Catalog, which provides over 4,000 cybersecurity courses offered by organizations across the nation and is growing every day.

A new resource for students

On September 6, 2019, NICCS published the Students, Launch Your Cyber Career page, empowering students interested in cybersecurity to learn more about the industry, available jobs, and how to get started on a cyber career. The page features career profiles to show students diverse career options. It directs students to nationally recognized institutions, recommended classes, and much more. 

 

October is National Cybersecurity Awareness Month

National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity to ensure all Americans have the necessary resources to be safer and more secure online.

NICCS now has a NCSAM 2019 page to emphasize this year’s overarching mission of “Own IT. Secure IT. Protect IT.” promoting personal accountability and stressing proactive cybersecurity practices. Resources available on the page include a NCSAM Toolkit, a NCSAM Trivia Game, graphics for promoting NCSAM on social media, and a form to request the Cybersecurity and Infrastructure Security Agency (CISA) to speak at a NCSAM-related event.

 

Visit us at: https://niccs.us-cert.gov/ or email us at niccs [at] hq.dhs.gov (NICCS[at]hq[dot]dhs[dot]gov).  

Advanced Technological Education Program

Community College Cyber Summit (3CS) 2019

The 6^th annual Community College Cyber Summit (3CS) took place at Bossier Parish Community College in Louisiana on July 30-August 1, 2019. 3CS is organized by the National Science Foundation's Advanced Technological Education centers for cybersecurity education and is the only national academic conference that focuses on the role of community colleges in cybersecurity education. The theme for this year's conference, "Change is NOW," emphasized the changing landscape of cybersecurity degrees, programs, and courses.

The keynote address by Louisiana Governor John Bel Edwards highlighted the need for cybersecurity experts in every sector, the overlapping demand for academic and workforce development offerings, the need for close collaboration between colleges and industry, and the special role that community colleges play in meeting the demand for cybersecurity professionals.

Features of this year's summit:

• 502 attendees, including 115 students, 52 volunteers, and over 100 presenters
• 32 sponsors (the most ever) for the Vendor Showcase and 23 employers at the Job Fair
• 4 full-day Cybersecurity Skills Development workshops, which covered Hands-On Cryptography, Secure Scripting, IBM QRadar, and paper development for the Cybersecurity Skills Journal 
• 94 workshops, mini-workshops, demonstrations, panels, and paper presentations, spread out over five tracks: Evidence-Based (5 sessions), Instruction (29), Practice (13), Program Development (30), and Student (17)
• Recognition of the 2019 Innovations in Cybersecurity Education awardees and the roll-out of the publication describing the nominees and winners
• Digital badges (offered through synED) for summit attendees, volunteers, presenters, and participants in the Cybersecurity Skills Development workshops
• IBM CyberDay4Girls (a full-day event for middle school girls) and Girl Scouts of America Cyber Badge Day (a full-day event for Girl Scouts of all ages)
• Estimates of the summit's economic impact (provided by the Shreveport-Bossier Convention & Tourist Bureau): $510,000 in direct sales, $718,000 in total sales, 139 jobs supported, $32,000 in local taxes, and $29,000 in net direct tax ROI 

In addition to the formal program, attendees appreciated the outstanding Louisiana hospitality and cuisine, from a Mardi Gras-style parade at the sponsors' reception to a sugar cane plantation tour at the end. For additional details, see the complete summit program.

CyberWatch West Advanced Technological Education Center

CyberWatch West (CWW), a National Science Foundation Advanced Technological Education (NSF ATE) national resource center, will soon become the National Cybersecurity Training & Education Center (NCyTE; pronounced "insight")! This name change reflects the center's expanding role in cybersecurity education across the entire United States. Read more at www.ncyte.net.

CWW and the Center for Systems Security and Information Assurance (CSSIA) have presented workshops on Governance, Risk Management, and Compliance for community college faculty in six different regions around the country, as well as online. More than 60 faculty members received instruction and materials on incorporating these key aspects into existing technology courses. Workshop materials may be downloaded from the National Cybersecurity Training & Education Center's website.

This summer Whatcom Community College hosted three GenCyber camps, building on the successes of previous camps. The 2019 camps used a combination of Raspberry Pis, Sphero SPRK+, iPad Minis, micro:bits, and publicly available websites (such as Code Combat) to teach the basics of computer science and programming. More kinetic activities were added for the middle school camps, and more hands-on content engaged students at every level. The high school camp was at capacity, with 24 students. The middle school camps had 43 students out of 48 available seats. Six community college mentors participated in each camp, providing an additional connection to help participants envision a future that includes higher education in cybersecurity.

CWW has developed a new resource that should be valuable to faculty. The NICE Framework to Knowledge Unit (KU) database project, which is available now at www.cyberindustry.org, details potential program outcomes and the skills students need to acquire during their course of study. This resource will help colleges align their curricula with national standards recognized by industry.

The Catalyzing Computing & Cybersecurity at Community Colleges (C5) Project

During the last quarter, 12 community colleges and 4 universities received the CAE designation, bringing the total number of two- and four-year institutions that have received the CAE designation, assisted by the C5 Project, to 95. The spring 2019 cycle of CAE application reviews by the NSA is still in progress and may result in additional designations. Multiple workshops on the CAE application process were held during the 2019 Community College Cyber Summit (3CS).

Efforts to develop a Cybersecurity Introductory Course are on track, with the course, Instructor Guide, and Assessment Guide just completed. These items will be available on the NCyTE website, along with the C5 curriculum modules.

Learn more at www.atecenters.org/security-technologies and www.nsf.gov/ate. 

GenCyber 

The GenCyber Program just completed its sixth year of offering summer cybersecurity camp experiences for students and teachers at the K-12 level.  This year, the National Security Agency (NSA) and the National Science Foundation (NSF) were happy to sponsor a total of 122 GenCyber summer camps at 76 institutions across 38 states (plus D.C. and Puerto Rico). This year the GenCyber program reached over 3,000 students and over 750 teachers nationwide. The 2020 GenCyber Call-for-Proposals has been released and will close on October 25^th.

Details for submission can be found on the GenCyber website, www.gen-cyber.com.

---

Funded Program Updates 

NICE Challenge Project

The NICE Challenge Project develops real-world cybersecurity challenges within virtualized business environments that bring students the workforce experience before the workforce. The goal is to provide the most realistic experiences to students, at-scale year-round, while also generating useful assessment data about their knowledge, skills, and abilities for educators.

Over the summer quarter, the NICE Challenge Project continued to see steady user growth while taking advantage of the quieter quarter to make more disruptive changes and setup for big updates on horizon. The project also released a handful of new challenges and quality of life platform updates over the course of the summer quarter.

The continued steady growth of the project’s user base has over 625 instructor signups and serves over 375 educational institutions throughout the United States. Of the newly added educational institutions, the most rapid growth is in the K12 sector. 

The summer quarter tends to be the quieter quarter during the year, while most students are on break. The project took advantage of this time to make more disruptive updates to our environments and challenges in addition to laying the groundwork for some major platform features coming later in the year.

While the project focused its efforts mostly on some big things that are not quite ready to be announced, it did release some quality of life updates to the platform. These included more informational tool tips for users and updated informational displays to shift focus from NICE Framework Specialty Areas to Work Roles. The project also released a handful of new challenges within the Protect & Defend and Operate & Maintain categories.

The project’s development and content decisions are driven not only by our strategic vision, but by the extremely valuable feedback we receive from our users whom we feel privileged to work with on this journey forward in creating the next generation in hands-on cybersecurity content. Professors or staff members at educational institutions within the United States may sign up and learn more at www.nice-challenge.com. 

National Integrated Cyber Education Research Center (NICERC)

Our A+ Certification Prep course is now available! This course prepares students for the CompTiaA+ certification exam, which provides IT professionals with an internationally recognized IT credential. The course covers the most common hardware and software technologies and prepares students to support complex IT infrastructures.

Learn more here: https://nicerc.org/curricula/a-certification-prep/

The dates and location for next year’s Cyber Education Discovery Forum have been set for June 22-24, 2019 in Minneapolis, Minnesota! Stay tuned to https://nicerc.org/cedf/ for more information.

---

NICE Working Group Updates

The NICE Working Group (NICEWG) has been established to provide a mechanism in which public and private sector participants can develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development. The Workforce Management Subgroup is coordinating a project team focused on creating guidance for public and private sector updating of cybersecurity job descriptions to leverage the NICE Cybersecurity Workforce Framework. As a start to this project, the group is seeking current job postings for positions in cybersecurity. If you have or know of a job posting to share, please email NICEframework [at] nist.gov (NICEframework[at]nist[dot]gov).

Learn more about the NICE Working Group and sign up to participate at nist.gov/nice/nicewg.

---

Key Dates

NICE Webinars

On September 18, 2019, NICE held a webinar on “Understanding Interventions that Broaden Underrepresented Minority Participation in Cybersecurity Careers”. This webinar shared key factors contributing to and inhibiting success; including information on diversity hiring and why it matters, effective instructional strategies through the equitable learning environment model, and  examples of successful diversity hiring programs. Learn more and view a recording here.

On July 17, 2019, NICE held a webinar on “How Talent Management Systems Help You Manage Your Cybersecurity Human Capital.” This webinar informed attendees about how talent management systems address four main areas of personnel management: recruitment, performance management, development, and compensation. Learn more and view a recording  here.

NICE webinars are free to attend, but registration is required. 

Learn more, view webinar recordings, and more here. 

National Cybersecurity Career Awareness Week, November 11-16, 2019

Mark your calendar for this year’s National Cybersecurity Career Awareness Week! 

National Cybersecurity Career Awareness Week focuses local, regional, and national interest to inspire, educate, and engage children through adults to pursue careers in cybersecurity. National Cybersecurity Career Awareness Week takes place during November’s National Career Development Month. Each day of the week-long campaign provides information about contributions and innovations, and the plethora of job opportunities that can be found by exploring cybersecurity as a field of study or career choice.

Now is the time to commit to observe National Cybersecurity Career Awareness Week! Commitments are actions taken by the community to promote awareness & exploration of cybersecurity careers. Commitments come in all sizes and do not always require financial investment. You can host an event, distribute career awareness materials, or engage through social media. Be creative!

Learn more here.

NICE Conference and Expo, November 18-20, 2019
Phoenix, Arizona

 

The 10^th annual NICE Conference and Expo will take place on November 18-20, 2019 in Phoenix, Arizona. The theme for this year’s conference is “Reimagining the Future of the Cybersecurity Workforce: Adapting to a Changing Landscape.”
Registration is open! Don’t forget to register for the conference prior to October 20^th and add a pre-conference seminar to your registration. 

Learn more at www.niceconference.org. 

This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce, under a Cooperative Agreement (Award# 70NANB18H025).

CAE in Cybersecurity Symposium, November 21-22, 2019
Phoenix, Arizona

The Center of Academic Excellence (CAE) in Cybersecurity Symposium is designed to provide community members and applicants the opportunity to network, receive community updates, and present their research to the community.  The symposium is open to all existing Centers of Academic Excellence in Cyber Defense (CAE-CD), Centers of Academic Excellence in Research (CAE-R), and Centers of Academic Excellence in Cyber Operations (CAE-CO), as well as government representatives and invitees. This also includes schools that have applied for CAE Designation or are in the process of applying. Attending the event is free, but registration is required in advance to gain access to the conference.

The CAE in Cybersecurity Symposium is co-located with the annual NICE Conference at the Sheraton Phoenix Downtown in Phoenix, Arizona. The CAE designation ceremony will take place during the evening of November 20 at the NICE Conference. 

Learn more at caecommunity.org

NICE K12 Cybersecurity Education Conference, December 9-10, 2019 
Garden Grove, California 

 

The 5^th annual NICE K12 Cybersecurity Education Conference will take place on December 9-10, 2019 in Garden Grove, California. The theme for this year’s conference is “Innovation, Vision, Imagination: Harnessing the talent of today to build the cybersecurity workforce of the future”.  There will be five tracks at the conference:  

1. Increasing Cybersecurity Career Awareness 
2.  Infusing Cybersecurity Across the Education Portfolio 
3. Integrating Innovative Cybersecurity Educational Approaches 
4.  Designing Cybersecurity Academic and Career Pathways 
5.  Promoting Cyber Awareness 

Registration is open! 

Learn more at www.k12cybersecurityconference.org.

This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce, under financial assistance award #60NANB16D302.