Breaking Out the Cybersecurity Workforce Framework Ray Trygstad Industry Professor of Information Technology & Management; Associate Director, IIT Center for Cyber Security & Forensics Education
The Framework: What Is It? NICE Cybersecurity Workforce Framework (NCWF) NIST Special Publication 800-181 (draft) A national resource that categorizes and describes cybersecurity work Began as Federal effort and expanded beyond in 2010
The Framework: What Is It? The foundation for increasing the size and capability of the U.S. cybersecurity workforce; it provides A common definition of cybersecurity A comprehensive list of cybersecurity tasks The knowledge, skills, and abilities required to perform those tasks
The Framework: What Is It? By using the Framework: Educators can create programs aligned to jobs Students will graduate with knowledge and skills employers need Employers can recruit from a larger pool of more qualified candidates Employees will have portable skills and better defined career paths and opportunities Policy makers can set standards to promote workforce professionalization
The Framework: Structure Seven Categories High-level grouping of common cybersecurity functions Thirty-Three Specialty Areas Distinct areas of cybersecurity work Fifty-Two Work Roles Most detailed groupings comprised of specific knowledge, skills, and abilities required to perform specific tasks in a work role
The Framework: Categories Operate and Maintain Securely Provision Oversee and Govern Protect and Defend Analyze Collect and Operate Investigate
The Framework: Categories Securely Provision (SP) Conceptualize, design and build secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development Operate and Maintain (OM) Provide support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security
The Framework: Categories Oversee and Govern (OV) Provide leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work Protect and Defend (PR) Identify, analyze, and mitigate threats to internal information technology (IT) systems and/or networks
The Framework: Categories Analyze (AN) Perform highly specialized review and evaluation of incoming cybersecurity information to determine usefulness for intelligence Collect and Operate (CO) Provide specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence
The Framework: Categories Investigate (IN) Investigate cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence
Area/Work Role Relationships
Tied to and works with
The Framework: Work Roles Comprised of tasks with associated knowledge, skills, and abilities Tasks drawn from list of 928 tasks Knowledge drawn from list of 614 items Skills drawn from 359 items Specific abilities drawn from list of 119 items Several work roles may be included in a single position
The Framework: Tasks
The Framework: Knowledge
The Framework: Skills
The Framework: Abilities
The Framework: Work Roles
Breaking Out the Work Roles Not currently in usable state Probably need additional information OPM Cybersecurity Category/Specialty Area Code (drawn from Specialty Areas) Job titles associate with this work role Expand codes into actual paragraphs Expanded work roles we have titled Work Role Details
Uses of Expanded Work Roles Consistent position/job descriptions Support HR for staffing the cybersecurity function in the organization Mapping against NIST Cybersecurity Framework implementation will allow determination of proper staffing levels Work Roles are not just security roles; many are for straight IT staff with addition of clearly defined security roles & responsibilities
Uses of Expanded Work Roles Curricular design to allow educational preparation for specific work roles Cross map to Knowledge Units in NSA/ DHS Centers of Academic Excellence Cross map to ACM/IEEE-CS model curricula in IT and Cybersecurity as well as ABET Accreditation Standards Cross-check against course design & course objectives/outcomes
Uses of Expanded Work Roles Technology providers can identify cybersecurity Work Roles and specific Tasks and KSAs associated with services and hardware/software products they supply
Flaws in the Draft Good thing it s a draft! Wanted to create Work Role Details for disaster recovery/business continuity No work roles defined in the Framework Hundreds of job titles in this field Lists of Tasks, Knowledge, Skills, & Abilities not in any order Additions just get tacked on the end
Directions from here Review & Comment period for the Framework ended in January 2017 First official version will be published this spring Get it use it it s free and it s in the public domain so you can adapt it any way you want
Key Bibliography Items National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Draft Version 1.1 January 10, 2017 https://www.nist.gov/cyberframework/draft-version-11 Newhouse, Bill; Keith, Stephanie; Scribner, Benjamin; & Witte, Greg Draft NIST Special Publication 800-181 NICE Cybersecurity Workforce Framework (NCWF) National Institute of Standards and Technology November 2016 http://csrc.nist.gov/publications/drafts/800-181/sp800_181_draft.pdf U.S. Department of Homeland Security The National Cybersecurity Workforce Framework https://www.dhs.gov/national-cybersecurity-workforce-framework U.S. Department of Defense DoD Cyberspace Workforce Framework (DCWF) Overview February 2016 http://dcips.dtic.mil/documents/day1_1430-1530hrs,dodcyberspaceworkforceframeworkoverview.pdf
The End Questions? Thank you! Ray Trygstad trygstad@iit.edu http://trygstad.rice.iit.edu/ 630-447-9009