Remarks at NICE Conference Local Stakeholder Engagement Event Colorado Springs, Colorado

Credit: Florida International University

Welcome to this annual NICE Conference Local Stakeholder Engagement Event. This year we are in Colorado Springs, Colorado – a community of stakeholders representing academic institutions and private sector employers who are working together to create a robust ecosystem of cybersecurity education, training, and workforce development. We are also just 1 hour south of Denver, Colorado which will be the location for the next annual NICE Conference & Expo, on June 1^st-4^th. I also want to welcome everyone who is participating online from whatever location you may be in the U.S. or around the world.

The theme for this year’s NICE Conference is “Climbing Higher: Educating and Sustaining a Resilient Cybersecurity Workforce.” Let me break that down a little bit further for you.

Obviously, the theme of “Climbing Higher” is a nod to the backdrop for our conference in Denver, with the Rocky Mountain range and its many hiking or recreational opportunities available to residents and tourists. I have enjoyed many trips to Colorado over the years where I have hiked the trails in the ski slopes of Snowmass, enjoyed the majestic views of the Maroon Bells in Aspen, walked along the Continental Divide, observed the wildlife at Rocky Mountain National Park, and experienced the views from Pikes Peak here in Colorado Springs. Each excursion has been both invigorating and gratifying. As you ascend to the plateau, you are promised amazing views, and it makes the journey worth it. However, in Colorado you inevitably see another trail or mountain peak in the distance which is a reminder that there is more to explore – and more mountains to conquer. Last year in Dallas, the NICE Conference celebrated its 15^th annual conference. And as satisfying as that milestone was, it only served as a reminder that there will be future celebrations as well – 20 years, 30 years, or more. Similarly, our efforts across the Nation to prepare, grow, and sustain a cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity still remains only as a Vision in our eyes. We are on a a journey in pursuit of that vision or destination - and Climbing Higher every day.

The next part of our theme focuses on “Educating” the Cybersecurity Workforce. Originally, the C and E in NICE was for Cybersecurity Education. And while we have moved away from spelling out the acronym, the NICE Community remains very committed to Transforming the Learning Process that contributes to the development of a knowledgeable and skilled cybersecurity workforce. In this context, the word “Education” not only encompasses K-12 schools, community colleges, and universities, but it includes training and on-the-job learning that is critical to further developing and maintaining cybersecurity skills. That is why NICE has a K12 Cybersecurity Education Community of Interest and an annual NICE K12 Cybersecurity Education Conference. We also partner with other federal government agencies, like CISA, NSF, and NSA who operate programs such as the National Centers of Academic Excellence in Cybersecurity and the CyberCorps: Scholarship for Service Program. Similarly, we partner with the Cybersecurity Credentialing Collaborative comprised of training and certification providers such as Cert-Nexus, CompTIA, Federal IT Security Institute, IAPP, ISACA, ISC2, and SANS/GIAC. Educating the Cybersecurity Workforce recognizes that there are multiple learning pathways to a career in cybersecurity, and we need to be committed to providing hands-on learning experiences, performance-based assessments, and work-based learning opportunities. Cybersecurity workers must be challenged to continuously Climb Higher as they develop new skills and acquire additional industry-recognized credentials, including diplomas, degrees, certificates, certifications, badges, and other documentation of achievements.

The conference theme also talks about “sustaining” the cybersecurity workforce. In this case, sustain does not mean status quo or stand still. Rather, it speaks to the scalability of education and training solutions and the institutionalization of programs for the long-term. The United States has made considerable investments into cybersecurity education and workforce development, and in order to reap the returns on those investments we need to sustain – and grow – programs have proven to be effective. One such example is the NICE Workforce Framework for Cybersecurity – or NICE Framework. The NICE Framework provides a common taxonomy for describing cybersecurity work. Its components include categories, work roles, competency areas, and Task/Knowledge/Skill statements. Early next week, we will announce version 2.0.0 of the NICE Framework which is a major update that will include Cyber Resiliency as a Competency Area and new Work Roles for Operational Technology Security, among other changes. Additionally, we will adjust the scope of the Framework to remove two categories – Cyberspace Effects and Intelligence – which are functions defined by statute and limited to authorized federal agencies. While the Department of Defense will continue to maintain those two categories, the new NICE Framework is being simplified to provide a standard that can be used by the private sector as well as civilian government agencies at the federal, state, and local levels. These recent changes to the NICE Framework reflect the changing nature of cybersecurity work and the need to sustain a common lexicon that can be used by employers, education and training providers, as well as students or job seekers.

Finally, our focus is on a “Resilient Cybersecurity Workforce”. NIST’s broader focus on Cybersecurity Resilience for enterprises includes an emphasis on building in Security and Privacy by Design. Similarly, we need a resilient cybersecurity workforce with the foresight to design hardware, develop software, and build products with safety, security, and privacy in mind. We also need a cybersecurity workforce with toughness in defending networks and systems against adversaries, and the elasticity to learn new skills and willingness to accept new challenges. Additionally, we need a cybersecurity workforce with the capacity to withstand or to recover quickly from cyber incidents as well as changes in technology. We are seeing some examples of the need for a resilient cybersecurity workforce resulting from emerging technologies such as artificial intelligence, the Internet of Things, quantum computing, and next generation networks. Each new discovery or invention comes with promise and opportunity, as well as a resulting set of risks to safety, security, privacy. Not only will the cybersecurity workforce need to be resilient to defend enterprises against vulnerabilities or threats resulting from the exploitation of new technologies, but the cybersecurity workforce can also use those very same technologies along with their newly developed skills to create a safer and more secure cyberspace.

I am very excited about the theme of this year’s conference: Climbing Higher to educate and sustain a resilient cybersecurity workforce. We hope that you will join us at The Denver Marriott Tech Center this coming June where we will bring together stakeholders from industry, government at all levels, schools and universities, and students and career seekers to further explore this conference theme. The conference will feature pre-conference seminars, keynote speakers and fireside chats, breakout sessions, an exhibit hall, human networking opportunities, and more. Most importantly, the conference attendees will get to experience the great state of Colorado and all that the state and cities of Denver and Colorado Springs have to offer. We look forward to seeing you there. Please visit NICEConference.org to learn more.

Finally, a special thanks to our partners at Florida International University and New America for making today’s event and the annual NICE Conference possible. And a Special Thanks to the National Cybersecurity Center here in Colorado Spring for hosting today’s event, and members of the planning team that made today’s event possible. One thing that I value about NICE is that we are a Community Working Together. And this event – and the conference in June – are great demonstrations of how Together We Are Better.