The National Initiative for Cybersecurity Education (NICE) The NICE Workforce Framework, NIST SP 800-181, Overview October 4, 2017
NICE Strategic Goals - http://csrc.nist.gov/nice/about/strategicplan.html Accelerate Learning and Skills Development Inspire a sense of urgency in both the public and private sectors to address the shortage of skilled cybersecurity workers Nurture A Diverse Learning Community Strengthen education and training across the ecosystem to emphasize learning, measure outcomes, and diversify the cybersecurity workforce Guide Career Development & Workforce Planning Support employers to address market demands and enhance recruitment, hiring, development, and retention of cybersecurity talent 2
NICE Strategic Goal #1: Accelerate Learning and Skills Development Inspire a sense of urgency in both the public and private sectors to address the shortage of skilled cybersecurity workers Objectives: 1.1 Stimulate the development of approaches and techniques that can more rapidly increase the supply of qualified cybersecurity workers 1.2 Advance programs that reduce the time and cost for obtaining knowledge, skills, and abilities for in-demand work roles 1.3 Engage displaced workers or underemployed individuals who are available and motivated to assume cybersecurity work roles 1.4 Experiment with the use of apprenticeships and cooperative education programs to provide an immediate workforce that can earn a salary while they learn the necessary skills 1.5 Explore methods to identify gaps in cybersecurity skills and raise awareness of training that addresses identified workforce needs 3
NICE Strategic Goal #2: Nurture a Diverse Learning Community Strengthen education and training across the ecosystem to emphasize learning, measure outcomes, and diversify the cybersecurity workforce Objectives: 2.1 Improve education programs, co-curricular experiences, and training and certifications 2.2 Encourage tools and techniques that effectively measure and validate individual aptitude, knowledge, skills, and abilities 2.3 Inspire cybersecurity career awareness with students in elementary school, stimulate cybersecurity career exploration in middle school, and enable cybersecurity career preparedness in high school 2.4 Grow creative and effective efforts to increase the number of women, minorities, veterans, persons with disabilities, and other underrepresented populations in the cybersecurity workforce 2.5 Facilitate the development and dissemination of academic pathways for cybersecurity careers 4
NICE Strategic Goal #3: Guide Career Development and Workforce Planning Support employers to address market demands and enhance recruitment, hiring, development, and retention of cybersecurity talent Objectives: 3.1 Identify and analyze data sources that support projecting present and future demand and supply of qualified cybersecurity workers 3.2 Publish and raise awareness of the NICE Cybersecurity Workforce Framework and encourage adoption 3.3 Facilitate state and regional consortia to identify cybersecurity pathways addressing local workforce needs 3.4 Promote tools that assist human resource professionals and hiring managers with recruitment, hiring, development, and retention of cybersecurity professionals 3.5 Collaborate internationally to share best practices in cybersecurity career development and workforce planning 5
NICE Cybersecurity Workforce Framework NIST SP 800-181 Categories of Cybersecurity Work SECURELY PROVISION OPERATE AND MAINTAIN OVERSEE AND GOVERN PROTECT AND DEFEND ANALYZE COLLECT AND OPERATE INVESTIGATE Specialty Areas (33) Distinct areas of cybersecurity work; Work Roles (52) The most detailed groupings of cybersecurity work, which include specific knowledge, skills, and abilities required to perform a set of tasks. Tasks Specific work activities that could be assigned to a professional working in one of the NCWF s Work Roles; and, Knowledge, Skills, and Abilities (KSAs) Attributes required to perform Tasks, generally demonstrated through relevant experience or performance-based education and training. Audience: Employers Current and Future Cybersecurity Workers Training and Certification Providers Education Providers Technology Providers
NICE Workforce Framework Categories Categories Securely Provision (SP) Descriptions Conceptualizes, designs, and builds secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development. Operate and Maintain (OM) Oversee and Govern (OV) Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security. Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work. Protect and Defend (PR) Analyze (AN) Collect and Operate (CO) Investigate (IN) Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks. Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence. Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence. Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence. 7
NIST SP 800-181 NICE Workforce Framework Relative Specificity Very Broad Very Specific Cybersecurity Category Specialty Area Work Roles KSA Task 8
Securely Provision (7 Specialty Areas, 11 Work Roles) Category Specialty Area Work Role Securely Provision Risk Management Software Development Systems Architecture Technology R&D Systems Requirements Planning Test and Evaluation Systems Development Authorizing Official/Designating Representative Security Control Assessor Software Developer Secure Software Assessor Enterprise Architect Security Architect Research & Development Specialist Systems Requirements Planner Testing and Evaluation Specialist Information Systems Security Developer Systems Developer 9
Operate and Maintain (6 Specialty Areas, 7 Work Roles) Category Specialty Area Work Role Database Administrator Data Administration Data Analyst Operate and Maintain Knowledge Management Customer Service and Technical Support Network Services Systems Administration Systems Analysis Knowledge Manager Technical Support Specialist Network Operations Specialist System Administrator Systems Security Analyst 10
Oversee and Govern (6 Specialty Areas, 14 Work Roles) Category Specialty Area Work Role Legal Advice and Advocacy Cyber Legal Advisor Privacy Officer/Compliance Manager Training, Education, and Awareness Cybersecurity Management Cyber Instructional Curriculum Developer Cyber Instructor Information Systems Security Manager Communication Security Manager Oversee and Govern Strategic Planning and Policy Executive Cyber Leadership Program/Project Management and Acquisition Cyber Workforce Developer and Manager Cyber Policy and Strategy Planner Executive Cyber Leadership Program Manager IT Project Manager Product Support Manager IT Investment/Portfolio Manager IT Program Auditor 11
Protect and Defend (4 Specialty Areas, 4 Work Roles) Category Specialty Area Work Role Cyber Defense Analysis Cyber Defense Analyst Protect and Defend Cyber Defense Infrastructure Support Incident Response Vulnerability Assessment and Management Cyber Defense Infrastructure Support Specialist Cyber Defense Incident Responder Vulnerability Assessment Analyst 12
Analyze (5 Specialty Areas, 7 Work Roles) Category Specialty Area Work Role Threat Analysis Threat/Warning Analyst Exploitation Analysis Exploitation Analyst Analyze All-Source Analysis Targets Language Analysis All-Source Analyst Mission Assessment Specialist Target Developer Target Network Analyst Multi-Disciplined Language Analyst 13
Operate and Collect (3 Specialty Areas, 6 Work Roles) Category Specialty Area Work Role Collection Operations All Source-Collection Manager All Source-Collection Requirements Manager Cyber Intel Planner Collect and Operate Cyber Operational Planning Cyber Ops Planner Partner Integration Planner Cyber Operations Cyber Operator 14
Investigate (2 Specialty Areas, 3 Work Roles) Category Specialty Area Work Role Cyber Investigation Cyber Crime Investigator Investigate Digital Forensics Law Enforcement/Counterintelligence Forensics Analyst Cyber Defense Forensics Analyst 15
Building Blocks for a Capable and Ready Cybersecurity Workforce 16
Federal Department and Agency Support Over 20 Federal Departments and Agencies supported framework development, including: Department of State Department of Education Department of Labor Office of Management and Budget Office of Personnel Management Department of Defense Department of Justice Information Sciences & Technologies Department of Homeland Security (including NPPD, TSA, USSS, Coast Guard, ICE, CBP, CIS, DHS OI&A). Central Intelligence Agency Defense Intelligence Agency Director of National Intelligence Federal Bureau of Investigation National Security Agency National Science Foundation Department of Defense /DC3x National Counterintelligence Executive Federal CIO Council 17
Non-Profit & Government Organizations In addition, NICE has worked very closely with non-profit and governmental organizations to socialize the framework. A nonexhaustive list: FedCIO Council IT Work Force Committee (ITWFC) Committee of National Systems Security (CNSS) FedCIO Council Information Security and Identity Management Committee (ISIMC) National Cybersecurity Alliance (NCSA) Federal Information Systems Security Educators Association (FISSEA) Colloquium for Information Systems Security Educators (CISSE) Colloquium for Advanced Cybersecurity Education (CACE) Washington Cyber Roundtable CyberWatch US Cyber Challenge National Association of State Chief Information Officers (NASCIO) Multi-State Information Sharing and Analysis Center (MS-ISAC) Information Systems Security Association (ISSA) National Board of Information security Examiners (NBISE) Cybersecurity Certification Collaborative (C3) Institute for Information Infrastructure Protection (I3P) Association for Computing machinery (ACM) Institute of Electrical and Electronics Engineers (IEEE) 18
Sources Used to Develop Initial Draft of Framework (as noted in 2012) Department of Defense (DoD) Cybersecurity Workforce Framework is composed of cybersecurity functional roles, associated job tasks, and the knowledges, skills, and abilities (KSAs) required to perform those tasks. This content was compiled by organizational psychology experts and reviewed by subject matter experts (SMEs) through a series of focus groups. The final framework was reviewed and revised by additional SMEs and stakeholders; 118 SMEs across Air Force, Army, Navy, Marines, and NSA participated in the development of this framework. Intelligence Community (IC) Cyber Subdirectory presents a comprehensive list of competencies and knowledges, skills, and abilities (KSAs) needed by IC cybersecurity professionals to fulfill mission requirements. Subdirectory content was gathered through a data call to 16 IC elements and was compiled by organizational psychology experts. A series of focus groups with 11 SMEs from across the IC was conducted with an additional review from other SMEs and senior IC stakeholders. Finally, an electronic questionnaire was completed by 51 cybersecurity professionals from across the IC (including Air Force, Army, CIA, DHS, DIA, DC3, FBI, ODNI, NSA, DoS) to gather confirmatory data for the competencies and KSAs. Office of Personnel Management (OPM) Cybersecurity Model includes core and technical competencies for cybersecurity professionals across four occupational series. This competency model was developed through focus groups and an electronic questionnaire sent to approximately 50,000 employees and supervisors with significant responsibilities for some aspect of cybersecurity. Participation for both of these efforts was across the Federal government. National Security Agency (NSA) Computer Network Operations (CNO) Training Roadmaps establish job tasks and KSAs for CNO work roles and the training available to develop different levels of proficiency within those roles. A series of focus groups with SMEs from each work role were conducted to refine work role definitions and draft lists of tasks and KSAs for the roadmap while National Cryptologic School (NCS) curriculum managers, instructors, and other experts from 34 curricula reviewed the linkages and provided proficiency information. Department of Defense (DoD) 8570: Information Assurance Workforce Improvement Program Manual provides guidance and procedures for training, certification, and workforce management of the DoD Information Assurance (IA) work functions. A series of working groups helped to develop the manual by identifying public and private sector resources relevant to IA and then organizing the resources by function and work level. Department of Homeland Security (DHS) Information Technology (IT) Security Essential Body of Knowledge (EBK) summarizes the IT security skill requirements for the IT security workforce and links competencies and functional perspectives to IT security roles. A working group developed the EBK, and a series of role-specific focus groups were conducted to ensure content across IT security roles was fully represented. Input from the private sector, government, and academia was obtained. In addition, public comment was provided through the Federal Register and incorporated into the final document. 19
National Initiative for Cybersecurity Education (NICE) https://nist.gov/nice The NICE strategic plan https://www.nist.gov/itl/appliedcybersecurity/nice/about/strategic-plan The NICE Cybersecurity Workforce Framework https://www.nist.gov/itl/appliedcybersecurity/nice/resources/nice-cybersecurity-workforce-framework Resources (for industry, gov t, and academia) The NICE Working Group and subgroups (K-12, Collegiate, Competitions, Training and Certifications, and Workforce Management) https://www.nist.gov/itl/appliedcybersecurity/nice/about/working-group Forum to identify and share best practices that help us as a nation make progress towards the NICE Strategic goals and objectives. NICE grants to 5 Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development NICE grant for the creation of Cyberseek http://cyberseek.org/ NICE challenge Project https://www.nice-challenge.com/ cyber challenge labs emphasize real world skills like problem solving, self-learning, and documentation over regurgitating step-by-step instructions and limited simulations. 20