In the last few months of 2013 and leading into 2014, Electrosoft seized the opportunity to partner with the National Initiative for Cybersecurity Education (NICE) in updating the National Cybersecurity Workforce Framework (the “Framework”). This collaborative venture spanning across the Federal, academic, and private industry sectors, intends to further standardize the way our nation educates, recruits, trains, develops, and retains a highly-qualified cybersecurity workforce [1].
The Framework was initially conceived during the mid-2000s in response to the identified inconsistencies of how cybersecurity work was defined within occupational position descriptors, job titles/roles, and qualification skill sets. In 2010, the Obama administration recognized the need for further expansion and reinforcement for a nationally coordinated effort that focuses on cybersecurity awareness. Stemming from Executive-level response, NICE was established to execute this critical task. In a collaborative effort, the National Institute of Standards and Technology (NIST) and Department of Homeland Security (DHS) championed NICE [2] and the initial version of the Framework (v1.0), but it remained a highly collaborative and collective effort across more than 20 Federal agencies including DHS, Department of Defense (DoD), Department of Education (DoED),National Science Foundation (NSF), and Office of the Director of National Intelligence (ODNI), private industry, and academic organizations).
In efforts to maintain applicability within the ever-changing cybersecurity landscape, NICE initiated a process in late 2013 to update the Framework to version 2 (v2.0). Electrosoft’s experience and reputation as an industry leader within cybersecurity and compliance was called upon to assist NICE in analyzing the existing Framework v1.0, validating its applicability against real-world scenarios, and recommending innovative solutions to meet our nation’s cybersecurity workforce needs.
Through this engagement, a granular exploration of the Framework has been conducted within the Knowledge, Skills, and Abilities (KSAs) that cybersecurity professionals need in order to provide capability demonstrations to employers. Holistically, the Framework is organized into seven (7) high-level categories by which various cybersecurity job roles/titles (Specialty Areas; 31 in total), are depicted [3]. Within each Specialty Area, each job role/title is explicitly mapped to individual KSAs. The main goal of the Framework is to map connections from specific cybersecurity workforce roles/titles to applicable competencies that are needed to execute job functions within those roles/titles and road map by which to complete the necessary academic training (e.g., courses, degree options, professional certifications, etc.) that demonstrates objective mastery.
Electrosoft interactively contributed at-large to focus groups that analyzed:
- Emerging skill sets needed by cybercrime investigators (e.g., digital forensics) of information technology (IT) systems and assets;
- Legal advice and advocacy concerns (including intellectual property rights) needed for the successful execution of cybersecurity work;
- How education and training impact needs;
- Gap-bridging solutions for cybersecurity centric acquisition and procurement (including secure supply chain management principles);
- Differentiating cybersecurity professional role overlaps; and
- Linking higher education and professional training entities (e.g., CompTIA, (ISC)², etc.).
This was a strategic opportunity for Electrosoft to gain additional exposure within diverse standardization and authoritative source circles of the Federal, academic, private industry niches. As NICE finalizes the Framework v1.0 – v2.0 update in the early May 2014 timeframe, Electrosoft is excited for more potential opportunities to collaborate with leaders in the cybersecurity Intelligence Community and share our innovative thought leadership.
For more information on the NICE National Cybersecurity Workforce Framework, please visit http://niccs.us-cert.gov/training/tc/framework
About the author: Ryan Devlin is an D.C. Metro based Information Security/Assurance professional within Electrosoft Services, Inc.’s compliance and auditing division.
____________________________________________________________________________
[1] https://www.nist.gov/itl/applied-cybersecurity/nice/resources/nice-cybersecurity-workforce-framework
[3] https://www.nist.gov/itl/applied-cybersecurity/nice/resources/nice-cybersecurity-workforce-framework