The National Initiative for Cybersecurity Education (NICE) The NICE Workforce Framework, NIST SP , Overview October 4, 2017

Similar documents
Build Your Cybersecurity Team: Create a Strong Cybersecurity Workforce Using Best Practices in Development

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Breaking Out the Cybersecurity Workforce Framework

Developing the Next Generation Cyber Army VINCENT NESTLER, PH. D., CALIFORNIA STATE UNIVERSITY, SAN BERNARDINO

THE NATIONAL CYBERSECURITY WORKFORCE FRAMEWORK INTERACTIVE HOW-TO AND IMPLEMENTATION GUIDE

National Initiative for Cybersecurity Education

Cybersecurity Workshop: Critical Cybersecurity Education & Professional Development

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Which Side Are You On?

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

National Policy and Guiding Principles

Department of Homeland Security Updates

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Workshop IT Star IT Security Professional Positioning and Monitoring: e-cfplus support

WINNING THE WAR FOR CYBER TALENT

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

UNITED STATES OFFICE OF PERSONNEL MANAGEMENT

Cybersecurity Overview

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Blending Information Systems Security and Forensics Curricula

Solutions Technology, Inc. (STI) Corporate Capability Brief

Opening Doors to Cyber and Homeland Security Careers

Shaping the Future of Cybersecurity Education

CYBERSECURITY: Scholarship and Job Opportunities

Developing Career-Relevant Academic Programs

SOC Summit June 6, Strengthening Capacity in Cyber Talent sans.org/cybertalent

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

securely provision analyze

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

Strengthening Capacity in Cyber Talent sans.org/cybertalent

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Keeping Your SOCs Full. May 26, Strengthening Capacity in Cyber Talent sans.org/cybertalent

PIPELINE SECURITY An Overview of TSA Programs

NCSF Foundation Certification

State of South Carolina Interim Security Assessment

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

Homeland Security 1 1

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure:

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Immersion Academy Annual Report 2018

POSITION DESCRIPTION

CALIFORNIA CYBERSECURITY TASK FORCE

Legal, Ethical, and Professional Issues in Information Security

Iowa Cyber Alliance Protecting the nation through cyber education Doug Jacobson Information Assurance Center Iowa State University

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

CYBER APPRENTICESHIP. Dr. Leigh Armistead, President

New CEPIS Mission

The National Network of Fusion Center: Where We Have Been and Where We are Going

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

AMERICAN CHAMBER OF COMMERCE IN THAILAND DIGITAL ECONOMY POSITION PAPER

IS305 Managing Risk in Information Systems [Onsite and Online]

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Security and Privacy Governance Program Guidelines

Understanding Cybersecurity Talent Needs Findings From Surveys of Business Executives and College Presidents

Election Infrastructure Security: The How and Why of It

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

Provisional Translation

Competency Definition

Department of Defense MANUAL

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

CyberSecurity Internships The Path to Meeting Industry Need

BRING EXPERT TRAINING TO YOUR WORKPLACE.

THE POWER OF TECH-SAVVY BOARDS:

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection Hearing:

UK Permanent Salary Index November 2013 Based on registered vacancies and actual placements

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Cybersecurity & Privacy Enhancements

Defense Engineering Excellence

NZTECH ADVANCE SECURITY SUMMIT: ADDRESSING A CRITICAL

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

AB1-3 Keeping People Safe and Secure in Federal Facilities

Career Paths In Cybersecurity

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

ITT Technical Institute. IT360 Networking Security I Onsite Course SYLLABUS

TRIAEM LLC Corporate Capabilities Briefing

A United States Cyber Academy Program

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

National Strategy for CBRNE Standards

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

MNsure Privacy Program Strategic Plan FY

Bachelor of Applied Science Degree IT NETWORKING

The Office of Infrastructure Protection

Section One of the Order: The Cybersecurity of Federal Networks.

DHS INTELLIGENCE ANALYSIS. Additional Actions Needed to Address Analytic Priorities and Workforce Challenges

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

Building the Cybersecurity Workforce. November 2017

National Open Source Strategy

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Security in Today s Insecure World for SecureTokyo

The fast track to top skills and top jobs in cyber. Guaranteed.

Transcription:

The National Initiative for Cybersecurity Education (NICE) The NICE Workforce Framework, NIST SP 800-181, Overview October 4, 2017

NICE Strategic Goals - http://csrc.nist.gov/nice/about/strategicplan.html Accelerate Learning and Skills Development Inspire a sense of urgency in both the public and private sectors to address the shortage of skilled cybersecurity workers Nurture A Diverse Learning Community Strengthen education and training across the ecosystem to emphasize learning, measure outcomes, and diversify the cybersecurity workforce Guide Career Development & Workforce Planning Support employers to address market demands and enhance recruitment, hiring, development, and retention of cybersecurity talent 2

NICE Strategic Goal #1: Accelerate Learning and Skills Development Inspire a sense of urgency in both the public and private sectors to address the shortage of skilled cybersecurity workers Objectives: 1.1 Stimulate the development of approaches and techniques that can more rapidly increase the supply of qualified cybersecurity workers 1.2 Advance programs that reduce the time and cost for obtaining knowledge, skills, and abilities for in-demand work roles 1.3 Engage displaced workers or underemployed individuals who are available and motivated to assume cybersecurity work roles 1.4 Experiment with the use of apprenticeships and cooperative education programs to provide an immediate workforce that can earn a salary while they learn the necessary skills 1.5 Explore methods to identify gaps in cybersecurity skills and raise awareness of training that addresses identified workforce needs 3

NICE Strategic Goal #2: Nurture a Diverse Learning Community Strengthen education and training across the ecosystem to emphasize learning, measure outcomes, and diversify the cybersecurity workforce Objectives: 2.1 Improve education programs, co-curricular experiences, and training and certifications 2.2 Encourage tools and techniques that effectively measure and validate individual aptitude, knowledge, skills, and abilities 2.3 Inspire cybersecurity career awareness with students in elementary school, stimulate cybersecurity career exploration in middle school, and enable cybersecurity career preparedness in high school 2.4 Grow creative and effective efforts to increase the number of women, minorities, veterans, persons with disabilities, and other underrepresented populations in the cybersecurity workforce 2.5 Facilitate the development and dissemination of academic pathways for cybersecurity careers 4

NICE Strategic Goal #3: Guide Career Development and Workforce Planning Support employers to address market demands and enhance recruitment, hiring, development, and retention of cybersecurity talent Objectives: 3.1 Identify and analyze data sources that support projecting present and future demand and supply of qualified cybersecurity workers 3.2 Publish and raise awareness of the NICE Cybersecurity Workforce Framework and encourage adoption 3.3 Facilitate state and regional consortia to identify cybersecurity pathways addressing local workforce needs 3.4 Promote tools that assist human resource professionals and hiring managers with recruitment, hiring, development, and retention of cybersecurity professionals 3.5 Collaborate internationally to share best practices in cybersecurity career development and workforce planning 5

NICE Cybersecurity Workforce Framework NIST SP 800-181 Categories of Cybersecurity Work SECURELY PROVISION OPERATE AND MAINTAIN OVERSEE AND GOVERN PROTECT AND DEFEND ANALYZE COLLECT AND OPERATE INVESTIGATE Specialty Areas (33) Distinct areas of cybersecurity work; Work Roles (52) The most detailed groupings of cybersecurity work, which include specific knowledge, skills, and abilities required to perform a set of tasks. Tasks Specific work activities that could be assigned to a professional working in one of the NCWF s Work Roles; and, Knowledge, Skills, and Abilities (KSAs) Attributes required to perform Tasks, generally demonstrated through relevant experience or performance-based education and training. Audience: Employers Current and Future Cybersecurity Workers Training and Certification Providers Education Providers Technology Providers

NICE Workforce Framework Categories Categories Securely Provision (SP) Descriptions Conceptualizes, designs, and builds secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development. Operate and Maintain (OM) Oversee and Govern (OV) Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security. Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work. Protect and Defend (PR) Analyze (AN) Collect and Operate (CO) Investigate (IN) Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks. Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence. Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence. Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence. 7

NIST SP 800-181 NICE Workforce Framework Relative Specificity Very Broad Very Specific Cybersecurity Category Specialty Area Work Roles KSA Task 8

Securely Provision (7 Specialty Areas, 11 Work Roles) Category Specialty Area Work Role Securely Provision Risk Management Software Development Systems Architecture Technology R&D Systems Requirements Planning Test and Evaluation Systems Development Authorizing Official/Designating Representative Security Control Assessor Software Developer Secure Software Assessor Enterprise Architect Security Architect Research & Development Specialist Systems Requirements Planner Testing and Evaluation Specialist Information Systems Security Developer Systems Developer 9

Operate and Maintain (6 Specialty Areas, 7 Work Roles) Category Specialty Area Work Role Database Administrator Data Administration Data Analyst Operate and Maintain Knowledge Management Customer Service and Technical Support Network Services Systems Administration Systems Analysis Knowledge Manager Technical Support Specialist Network Operations Specialist System Administrator Systems Security Analyst 10

Oversee and Govern (6 Specialty Areas, 14 Work Roles) Category Specialty Area Work Role Legal Advice and Advocacy Cyber Legal Advisor Privacy Officer/Compliance Manager Training, Education, and Awareness Cybersecurity Management Cyber Instructional Curriculum Developer Cyber Instructor Information Systems Security Manager Communication Security Manager Oversee and Govern Strategic Planning and Policy Executive Cyber Leadership Program/Project Management and Acquisition Cyber Workforce Developer and Manager Cyber Policy and Strategy Planner Executive Cyber Leadership Program Manager IT Project Manager Product Support Manager IT Investment/Portfolio Manager IT Program Auditor 11

Protect and Defend (4 Specialty Areas, 4 Work Roles) Category Specialty Area Work Role Cyber Defense Analysis Cyber Defense Analyst Protect and Defend Cyber Defense Infrastructure Support Incident Response Vulnerability Assessment and Management Cyber Defense Infrastructure Support Specialist Cyber Defense Incident Responder Vulnerability Assessment Analyst 12

Analyze (5 Specialty Areas, 7 Work Roles) Category Specialty Area Work Role Threat Analysis Threat/Warning Analyst Exploitation Analysis Exploitation Analyst Analyze All-Source Analysis Targets Language Analysis All-Source Analyst Mission Assessment Specialist Target Developer Target Network Analyst Multi-Disciplined Language Analyst 13

Operate and Collect (3 Specialty Areas, 6 Work Roles) Category Specialty Area Work Role Collection Operations All Source-Collection Manager All Source-Collection Requirements Manager Cyber Intel Planner Collect and Operate Cyber Operational Planning Cyber Ops Planner Partner Integration Planner Cyber Operations Cyber Operator 14

Investigate (2 Specialty Areas, 3 Work Roles) Category Specialty Area Work Role Cyber Investigation Cyber Crime Investigator Investigate Digital Forensics Law Enforcement/Counterintelligence Forensics Analyst Cyber Defense Forensics Analyst 15

Building Blocks for a Capable and Ready Cybersecurity Workforce 16

Federal Department and Agency Support Over 20 Federal Departments and Agencies supported framework development, including: Department of State Department of Education Department of Labor Office of Management and Budget Office of Personnel Management Department of Defense Department of Justice Information Sciences & Technologies Department of Homeland Security (including NPPD, TSA, USSS, Coast Guard, ICE, CBP, CIS, DHS OI&A). Central Intelligence Agency Defense Intelligence Agency Director of National Intelligence Federal Bureau of Investigation National Security Agency National Science Foundation Department of Defense /DC3x National Counterintelligence Executive Federal CIO Council 17

Non-Profit & Government Organizations In addition, NICE has worked very closely with non-profit and governmental organizations to socialize the framework. A nonexhaustive list: FedCIO Council IT Work Force Committee (ITWFC) Committee of National Systems Security (CNSS) FedCIO Council Information Security and Identity Management Committee (ISIMC) National Cybersecurity Alliance (NCSA) Federal Information Systems Security Educators Association (FISSEA) Colloquium for Information Systems Security Educators (CISSE) Colloquium for Advanced Cybersecurity Education (CACE) Washington Cyber Roundtable CyberWatch US Cyber Challenge National Association of State Chief Information Officers (NASCIO) Multi-State Information Sharing and Analysis Center (MS-ISAC) Information Systems Security Association (ISSA) National Board of Information security Examiners (NBISE) Cybersecurity Certification Collaborative (C3) Institute for Information Infrastructure Protection (I3P) Association for Computing machinery (ACM) Institute of Electrical and Electronics Engineers (IEEE) 18

Sources Used to Develop Initial Draft of Framework (as noted in 2012) Department of Defense (DoD) Cybersecurity Workforce Framework is composed of cybersecurity functional roles, associated job tasks, and the knowledges, skills, and abilities (KSAs) required to perform those tasks. This content was compiled by organizational psychology experts and reviewed by subject matter experts (SMEs) through a series of focus groups. The final framework was reviewed and revised by additional SMEs and stakeholders; 118 SMEs across Air Force, Army, Navy, Marines, and NSA participated in the development of this framework. Intelligence Community (IC) Cyber Subdirectory presents a comprehensive list of competencies and knowledges, skills, and abilities (KSAs) needed by IC cybersecurity professionals to fulfill mission requirements. Subdirectory content was gathered through a data call to 16 IC elements and was compiled by organizational psychology experts. A series of focus groups with 11 SMEs from across the IC was conducted with an additional review from other SMEs and senior IC stakeholders. Finally, an electronic questionnaire was completed by 51 cybersecurity professionals from across the IC (including Air Force, Army, CIA, DHS, DIA, DC3, FBI, ODNI, NSA, DoS) to gather confirmatory data for the competencies and KSAs. Office of Personnel Management (OPM) Cybersecurity Model includes core and technical competencies for cybersecurity professionals across four occupational series. This competency model was developed through focus groups and an electronic questionnaire sent to approximately 50,000 employees and supervisors with significant responsibilities for some aspect of cybersecurity. Participation for both of these efforts was across the Federal government. National Security Agency (NSA) Computer Network Operations (CNO) Training Roadmaps establish job tasks and KSAs for CNO work roles and the training available to develop different levels of proficiency within those roles. A series of focus groups with SMEs from each work role were conducted to refine work role definitions and draft lists of tasks and KSAs for the roadmap while National Cryptologic School (NCS) curriculum managers, instructors, and other experts from 34 curricula reviewed the linkages and provided proficiency information. Department of Defense (DoD) 8570: Information Assurance Workforce Improvement Program Manual provides guidance and procedures for training, certification, and workforce management of the DoD Information Assurance (IA) work functions. A series of working groups helped to develop the manual by identifying public and private sector resources relevant to IA and then organizing the resources by function and work level. Department of Homeland Security (DHS) Information Technology (IT) Security Essential Body of Knowledge (EBK) summarizes the IT security skill requirements for the IT security workforce and links competencies and functional perspectives to IT security roles. A working group developed the EBK, and a series of role-specific focus groups were conducted to ensure content across IT security roles was fully represented. Input from the private sector, government, and academia was obtained. In addition, public comment was provided through the Federal Register and incorporated into the final document. 19

National Initiative for Cybersecurity Education (NICE) https://nist.gov/nice The NICE strategic plan https://www.nist.gov/itl/appliedcybersecurity/nice/about/strategic-plan The NICE Cybersecurity Workforce Framework https://www.nist.gov/itl/appliedcybersecurity/nice/resources/nice-cybersecurity-workforce-framework Resources (for industry, gov t, and academia) The NICE Working Group and subgroups (K-12, Collegiate, Competitions, Training and Certifications, and Workforce Management) https://www.nist.gov/itl/appliedcybersecurity/nice/about/working-group Forum to identify and share best practices that help us as a nation make progress towards the NICE Strategic goals and objectives. NICE grants to 5 Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development NICE grant for the creation of Cyberseek http://cyberseek.org/ NICE challenge Project https://www.nice-challenge.com/ cyber challenge labs emphasize real world skills like problem solving, self-learning, and documentation over regurgitating step-by-step instructions and limited simulations. 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback