Celebrating 5 Years of U.S. Cyber Games: The NICE Way (Opening Remarks)

Credit: NICE

I want to extend my congratulations to the selectees for the next U.S. Cyber Team and give my heartfelt thanks and congratulations to Jessica Gullick, Brad Wolfenden, the coaches, mentors, and everyone for a successful 5 year run of the U.S. Cyber Games. The National Institute of Standards and Technology is proud to be a founding – and ongoing – sponsor of the games.

As we celebrate the new team and reflect upon the accomplishments of the past 5 years, I also want to acknowledge that it was done “The NICE Way” Now, I know that having an acronym like “NICE” leads to a lot of puns and catchy phrases. I remember my first work day at NIST where I was introduced up and down the hallway as “the new NICE guy”. That set a pretty hard bar to live up to! In case you are not familiar with NICE, we are a program led by NIST in the U.S. Department of Commerce with the mission to energize, promote, and coordinate a robust community working together to advance an integrated ecosystem of cybersecurity education, training, and workforce development. So, when I reference “The NICE Way” I am referring to characteristics that are consistent with our mission, including community-building, development of competencies and skills, and continuous improvement.

Let’s start with community building. While I have already emphasized the NICE Program Office at NIST, the NICE community is actually far greater than just the small federal government staff that support community efforts. One of my colleagues in the Department of Commerce refers to the NICE staff as “small and mighty”. But the truth is that the NICE community is “vast and powerful”. If you start with just the federally-funded efforts like the U.S. Cyber Games, the Centers of Academic Excellence in Cybersecurity, Cyber.org, and the National Cybersecurity Training and Education Center at Whatcom Community College, to just name a few, each of those organizations impact thousands of students, teachers, and faculty. While there are a number of different government agencies such as the National Science Foundation, Cybersecurity and Infrastructure Security Agency, National Security Agency, that help to fund and influence cybersecurity education and workforce programs, the real work is done by the grantees or community members. Nonetheless, NICE convenes an Interagency Coordinating Council to “coordinate” investments and priorities across federal government departments and agencies. More importantly, we organize a Community Coordinating Council that is led by co-chairs from academia, industry, and government with a working group and community of interest structure designed to be inclusive of all stakeholders.

Similarly, the U.S. Cyber Games is building a community of players, coaches, and mentors that only continues to grow as the program continues to build upon its first 5 years. You see that sense of community demonstrated through events such as today’s Draft Day, kick-off events for the next season, team practices, and the competitions themselves. While you are competing against other countries – and even each other throughout the U.S. Cyber Games phases of competitions – you are ultimately all part of “One Team” – the U.S. Team – and I expect that you will develop relationships and friendships that will last a lifetime.

Speaking of relationships, next week we will launch Cybersecurity Awareness Month and the third week of October we will celebrate Cybersecurity Career Week. Both of those campaigns are centered around a community of cybersecurity professionals who want to improve online safety for everyone and to promote cybersecurity careers. If I could give one piece of advice to each of our 17-25 year old competitors and aspiring cybersecurity professionals, it is to network, network, network. Not in the technical sense, but in the spirit of building relationships and contacts that will not only lead to jobs but a peer network that you can lean on throughout your career. Cybersecurity professionals are caring, giving, and supportive. But remember to be willing to both take and receive. Be mentored by someone with more experience than you. But also reach out to be a mentor to others.

One such example of how the NICE community of cybersecurity professionals has shown itself to be supportive is through a growing network of NICE Cybersecurity Career Ambassadors. During Cybersecurity Career Week, our ambassadors will convene at the Department of Commerce in Washington, D.C., to celebrate the impact they are making across the United States. They are presenting at conferences, hosting field trips for students at their companies, serving as guest speakers in classes or community events, and generally making themselves available to inspire career discovery for both students as well as career changers. You, too, can be a NICE Cybersecurity Career Ambassador, and you can learn more about the opportunity on the NICE website or at our exhibit table.

Mental Health Hackers is another such community where advocacy and mutual support is occurring organically. While careers in cybersecurity are fun and rewarding, they can also be hard and demanding. Recognizing the stresses that come from 24x7 operations or the aftermath of security incidents, cybersecurity professionals have come together to lend their support to one another. Next week on Wednesday, October 1^st, NICE will kick-off Cybersecurity Awareness Month with a webinar at 2 pm ET that will focus on Managing Burnout and Finding Balance in Cybersecurity Work.

Whether it be through your experiences with U.S. Cyber Games or in the workplace, you will discover that Together is Better. That is “The NICE Way”. I trust that you will continue to find the NICE community to be a warm and welcoming group of educators, mentors, and practitioners.

Another aspect of the U.S. Cyber Games that I admire is its focus on “learning” – and the development of new skills and competencies. Knowledge and skill development are at the core of NICE’s work, especially the NICE Workforce Framework for Cybersecurity or NICE Framework. The NICE Framework provides a common taxonomy for describing cybersecurity work that is used in both the public and private sectors. The components include Work Roles that are comprised of Task, Knowledge, and Skill Statements, as well as Competency Areas. We are serious about the emphasis on skills. That is “The NICE Way”. And I know that the U.S. Cyber Games are committed to skill development, too.

Many of you already bring to the table significant knowledge and skills from classroom learning or co-curricular experiences such as student clubs or competition teams. However, you will continue to develop and hone your skills through practice and ongoing training. Most importantly, you are not just gaining theoretical knowledge or addressing hypothetical problems; you are putting fingers to keyboard as you encounter real-world situations that require problem solving, critical thinking, communication, teamwork – and, of course, technical skill.

In the workplace or in a job interview, it is not enough to have learned a skill or gained an experience. You must be able to demonstrate and document that capability, both to attest to your current career readiness and use those achievements to help advance your career or standing in the community. Academic degrees and industry-recognized certifications are longstanding, tangible ways that cybersecurity professionals have developed credentials that are valued in the marketplace. However, you must increasingly look for ways to capture your learning experiences, such as the participation in cybersecurity competitions, to create a permanent record of your capabilities and experiences. Digital portfolios are one method to transform traditional resumes into digital collections of achievements, including digital badges or microcredentials. Learning and Employment Records are also an emerging system where we can capture all the achievements of individuals into a consolidated and comprehensive format. Documenting your achievements is “The NICE Way”.

Finally, we must all embrace that cybersecurity is a journey and not a destination. That’s not just a trite statement. You are never “done”. You will never “arrive”. You will never consider your work “finished”. That is both daunting and exciting, in my opinion. In fact, the single most important skill that you can develop is the ability to “continuously learn” and “continuously improve”. When I coach someone to prepare for a job opportunity the most important thing I go over with them is how to answer a question for which they do not know the answer. It is impossible to know everything in technology or have all the experience that employers desire. But if you are presented with a question in a job interview that stumps you, the best answer is for you to explain the process you would go through to accomplish the task. You would research the topic. You would phone a friend. You would take a class. You would do whatever it takes to develop new knowledge and skill. Again, the best aptitude that you can bring to the cybersecurity profession is the ability – and willingness – to learn.

Credit: NICE

I also think the metrics for success are changing in the cybersecurity world. In earlier days, the existence or discovery of breaches or security incidents was perceived as a measure of the effectiveness of an organization’s information security program. Then, we introduced intrusion detection systems, data loss prevention solutions, and conducted asset inventories where the discovery of more cybersecurity incidents – or at least vulnerabilities – was considered a measure of success. Similarly, we are seeing the measure of human success quickly shifting from “what you know” to “what you can do”. That is why you are seeing “skills-based hiring” approaches across the federal government and in the private sector. Again, cybersecurity competitions provide the opportunity to “learn by doing” and provide future employers with a way to observe your skill development. I am a big believer in “continuous improvement” – both for organizations and individuals. “The NICE Way” for the U.S. Cyber Team to beat their international competitors is to approach each day with the goal of learning something new and developing a new capability.

It has been my pleasure to serve as the program sponsor of U.S. Cyber Games for these past five years as we have evolved from an initial phase of brainstorming and dreaming about forming a US Cyber Team to today’s celebration of 5 years of successful program execution. Again, my congratulations to the team members who will be drafted today and thanks to the other program sponsors, Katczy and PlayCyber leadership, coaches, and mentors. In other words, “NICEly done”!

Thank you for being a part of the NICE Community, congratulations on the development of your cybersecurity competencies and skills, and best wishes as you seek to continuously improve yourself and your team. Best wishes to the U.S. Cyber Team!