National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec April 12, 2018
1 Introduction to NICE - The National Initiative for Cybersecurity Education 2
NICE Vision & Mission Vision: A digital economy enabled by a knowledgeable and skilled cybersecurity workforce. Mission: To energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. 3
NICE Origin & Purpose Established in 2009 in support of the 2009 Cyberspace Policy Expands on Initiative of the 2008 Comprehensive National Cybersecurity Initiative Cybersecurity Enhancement Act of 2014 (Act) Led by the National Institute of Standards and Technology (NIST) A partnership between government, academia, and the private sector Focused on cybersecurity education, training, and workforce development Intent is to guide action on addressing the critical shortage of a skilled cybersecurity workforce 4
NICE - 3 Primary Cyber Workforce Development Goals Accelerate Learning and Skills Development Nurture a Diverse Learning Community Guide Career Development and Workforce Planning 5
NICE Resources Strategic Plan - https://www.nist.gov/itl/applied-cybersecurity/nice/about/strategic-plan enews Letter - https://www.nist.gov/https%3a/www.nist.gov/news-events/newsupdates/search%3fcombine%3d%26term_node_tid_depth%3dall%26field_campus One Pagers - https://www.nist.gov/itl/applied-cybersecurity/national-initiativecybersecurity-education-nice/nice-one-pagers Get engaged! - https://www.nist.gov/itl/applied-cybersecurity/nice 6
2 Framework The NICE Cybersecurity Workforce (CWF) 7
Who has been asked How do I get started in Cybersecurity? or How do I become a CISO? had to write a job description but you were not sure what to include in the description? had someone on their team say that their job description does not match what they re asked to do? 8
Are You at Risk to Losing Cybersecurity Talent? (ISC) 2 2018 Report: Hiring and Retaining Top Cybersecurity Talent Frequency of Contact by Recruiters A few times a week 11% Many times a day 19% Once a week 22% ~ Once per day 8% Less than once a month 14% A couple times per month 27% 9
What is Important to Cybersecurity Professionals? (ISC) 2 2018 Report: Hiring and Retaining Top Cybersecurity Talent 68% 62% 59% want their opinions to be taken seriously prefer clearly defined cybersecurity responsibilities prioritize employee training and tech investment 10
NICE Cybersecurity Workforce Framework (CWF) Background 2002 2008 National Research Council Identifies Concern Comprehensive National Cybersecurity Initiative (CNCI) established Initiative #8: Expand Cyber Education 2010 NICE formed 2013 2017 Version 1.0 of CWF Published Version 2.0 of CWF Published as NIST Special Publication 800-181 11
CWF Categories and Specialty Areas 7 Categories SECURELY PROVISION OVERSEE & GOVERN OPERATE & MAINTAIN Risk Management INVESTIGATE Cyber Investigation Digital Forensics COLLECT & OPERATE Collection Operations Cyber Operational Planning Cyber Operations PROTECT & DEFEND Cybersecurity Defense Analysis Cybersecurity Defense Infrastructure Support Incident Response Vulnerability Assessment & Management ANALYZE Threat Analysis Exploitation Analysis All Source Analysis Targets Language Analysis Legal Advice & Advocacy Training, Education & Awareness Cybersecurity Management Strategic Planning & Policy Executive Cyber Leadership Program/Project Management & Acquisition Data Administration Knowledge Management Customer Service & Technical Support Network Services Systems Administration Systems Analysis Software Development Systems Architecture Technology R&D Systems Requirements Planning Test & Evaluation Systems Development 33 Specialty Areas 12
CWF Sample Specialty Areas and Work Roles Oversee and Govern (OV) Legal Advice and Advocacy (LGA) Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocates legal and policy changes, and makes a case on behalf of client via a wide range of written and oral work products, including legal briefs and proceedings. Cyber Legal Advisor Privacy Officer/Privacy Compliance Manager Provides legal advice and recommendations on relevant topics related to cyber law. Develops and oversees privacy compliance program and privacy program staff, supporting privacy compliance, governance/policy, and incident response needs of privacy and security executives and their teams. OV OV Training, Education, and Awareness (TEA) Cybersecurity Management (MGT) Conducts training of personnel within pertinent subject domain. Develops, plans, coordinates, delivers and/or evaluates training courses, methods, and techniques as appropriate. Oversees the cybersecurity program of an information system or network, including managing information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources. Cyber Instructional Curriculum Developer Cyber Instructor Information Systems Security Manager Communications Security (COMSEC) Manager Develops, plans, coordinates, and evaluates cyber training/education courses, methods, and techniques based on instructional needs. Develops and conducts training or education of personnel within cyber domain. Responsible for the cybersecurity of a program, organization, system, or enclave. Individual who manages the Communications Security (COMSEC) resources of an organization (CNSSI 4009) or key custodian for a Crypto Key Management System (CKMS). OV OV OV- OV- 13
Knowledge, Skills & Abilities: Example KSA ID K0246 K0250 K0252 K0287 K0313 K0319 K0628 S0281 S0293 S0301 S0356 S0358 A0006 A0011 A0012 A0013 A0014 A0015 KSA Knowledge Knowledge of relevant concepts, procedures, software, equipment, and technology applications. Knowledge of Test & Evaluation processes for learners. Knowledge of training and education principles and methods for curriculum design, teaching and instruction for individuals and groups, and the measurement of training and education effects. Knowledge of an organization's information classification program and procedures for information compromise. Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development). Knowledge of technical delivery capabilities and their limitations. Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations. Skills Skill in technical writing. Skill in using tools, techniques, and procedures to remotely exploit and establish persistence on a target. Skill in writing about facts and ideas in a clear, convincing, and organized manner. Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). Skill to remain aware of evolving technical infrastructures. Abilities Ability to prepare and deliver education and awareness briefings to ensure that systems, network, and data users are aware of and adhere to systems security policies and procedures. Ability to answer questions in a clear and concise manner. Ability to ask clarifying questions. Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. Ability to communicate effectively when writing. Ability to conduct vulnerability scans and recognize vulnerabilities in security systems. 14
Tasks: Example Task ID T0030 T0073 T0101 T0224 T0230 T0247 T0316 T0317 T0318 T0319 Task Conduct interactive training exercises to create an effective learning environment. Develop new or identify existing awareness and training materials that are appropriate for intended audiences. Evaluate the effectiveness and comprehensiveness of existing training programs. Review training documentation (e.g., Course Content Documents [CCD], lesson plans, student texts, examinations, Schedules of Instruction [SOI], and course descriptions). Support the design and execution of exercise scenarios. Write instructional materials (e.g., standard operating procedures, production manual) to provide detailed guidance to relevant portion of the workforce. Develop or assist in the development of computer based training modules or classes. Develop or assist in the development of course assignments. Develop or assist in the development of course evaluations. Develop or assist in the development of grading and proficiency standards. 15
NISTIR 8193: NICE CWF Work Role Capability Indicators Draft published November 2017 Aims to Describe the Qualities or Accomplishments to Perform a Particular Role Describes Recommended Education, Training Topics, Certifications at various levels (Entry, Intermediate, Advanced) 16
NICE CWF Work Role Capability Example 17
Cyberseek.org: Identifying Career Paths 18
Cyberseek.org: Role Drilldown 19
If You Are a Manager Remember: It s a Framework Modify as You See Fit Write Job Descriptions: Utilize the Knowledge, Skills, Abilities, and Tasks Supplement with Organizational-specific Competencies Conduct an Organization Assessment: Identify Core Competencies Identify Key Competencies Conduct Reassessment as Appropriate Establish a Career Path for Employees using Work Role Capability Indicators: Identify Early-, Mid-, and Late-career paths Identify Training and Education 20
If You Are a Job Seeker Understand the Knowledge, Skills, and Abilities as Well as Tasks Required for Roles Utilize the Work Role Capability Indicators to Progress in Your Career Think About Where you Want to Be Use the Cyberseek Web Site Will Help Identify Common Career Paths Shows Where the Jobs Are 21
If You Are a Cybersecurity Trainer Identify Core Competencies Identify Role-Specific Competencies Design Curriculum at the Appropriate Level (Entry, Intermediate, Advanced) Using Work Role Indicators Match Curriculum to KSAs and Tasks 22
NICE CWF Resources NIST Cybersecurity Workforce Framework Main Page: https://www.nist.gov/itl/applied-cybersecurity/nice/resources/nice-cybersecurity-workforce-framework NIST SP 800-181 NICE Cybersecurity Framework: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-181.pdf NICE CWF 2.0 Spreadsheet: https://www.nist.gov/file/359261 NISTIR 8193 (Draft) Work Role Capability Indicators: https://csrc.nist.gov/csrc/media/publications/nistir/8193/draft/documents/nistir8193-draft.pdf CyberSeek: http://cyberseek.org/ 23
Contact Us Dave Zaras CISSP, CRISC, CAHIMS Lead Consultant dzaras@impactmakers.com Eddie McAndrew CISSP, PMP, ITIL, MSIS Lead Consultant emcandrew@impactmakers.com Slide Deck Posted at: http://www.impactmakers.com/insights/cov-presentations/ 24