Creating a Smart, Skilled Cybersecurity Workforce
Rodney Petersen, Director, National Initiative for Cybersecurity Education
Acronyms. The world, and especially the government, is overflowing with them. You’d be hard-pressed to pick a favorite. People might even look at you funny if you suggested that you had one. I’m lucky enough to have my favorite one on my business card: NICE — the National Initiative for Cybersecurity Education.
While I’d like to think I was one even before I got the card, it’s been fun to be officially known as “the NICE guy” since I arrived at NIST a little less than two years ago. My 25-year career has been devoted to higher education, and for the past 15 years I’ve been focused on cybersecurity, so it’s fitting that I now have the opportunity to lead a program that uses my expertise and passion for cybersecurity and education simultaneously.
NICE has embarked upon an exciting journey to promote cybersecurity education, training, and workforce development. We believe that a knowledgeable and skilled cybersecurity workforce where “cybersecurity is everyone’s responsibility” is the only way we will realize the full potential of our digital economy. That’s why we’re working to raise awareness of cybersecurity from the “Break Room to the Board Room” — the theme of this week’s National Cyber Security Awareness Month.
LEARNING TO BE A RESPONSIBLE EMPLOYEE
If NICE were running for office, one of our campaign slogans would be “Cybersecurity Awareness for All.” Whether you are a consumer, student, parent, employee, or executive, you can’t escape the risks associated with using a digital device or going on the Internet.
That’s why “awareness” has long been a pillar of good cybersecurity practice. In fact, NIST recognized its importance (PDF) way back in 1998 — ancient history!
Today, there are many important efforts to develop and spread the awareness message from the government, such as Stop.Think.Connect and OnGuardOnline, as well the private sector, including StaySafeOnline and iKeepSafe.
However, with the growing importance of cybersecurity to almost everyone in the workplace, we need to go beyond the basics of how to secure your computer or be safe on the Internet. Today, we need employees who have mastered more comprehensive and complex skills.
All organizations should make cybersecurity training a key part of their risk-management strategy, especially those risks associated with human error, insider threats, and other vulnerabilities with a human element. Forthcoming updates to the NICE Workforce Framework will introduce “work roles” recognizing that there are specialized sets of tasks and functions that require specific knowledge, skills and abilities.
Not only do we need to increase the awareness and skills of the present workforce, but we also need to build an ever-expanding pipeline of talent to fill growing numbers of critical cybersecurity jobs. NICE is addressing this need by accelerating learning and skills development, nurturing a diverse learning community, and guiding career development and workforce planning.
The best way to achieve our goals is to begin teaching good cybersecurity habits early on. The National K-12 Cybersecurity Education Conference, which we held last week in Arlington, Virginia, is an exciting development that will increase cybersecurity career awareness for children and improve student learning through engaging curriculum and co-curricular experiences.
Hopefully, these experiences will also lead more students to have a healthy enthusiasm for and interest in creating and maintaining secure systems.
In addition to our efforts, the Centers for Academic Excellence in Cybersecurity are working to strengthen education programs at all levels, and the CyberCorps®: Scholarship for Service program is focused on attracting more students to federal cybersecurity jobs.
IT TAKES A COMMUNITY
The NICE Program also has a number of other strategies for building community at the national level. For instance, the NICE Working Group is working to develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development.
For instance, we publish the quarterly NICE eNewsletter to provide timely information, including original articles written by members of the community.
We produce the monthly NICE Webinar Series to give people the opportunity to learn about an innovative or strategic development presented by experts from the community.
And, we support the annual NICE Conference and Expo to showcase the work of the community, broaden our audience and widen our impact, and provide a forum for like-minded supporters of NICE to get to know each other.
NICE is taking the concept of community building to the regional and local level by introducing a pilot program known as the Regional Alliances and Multi-Stakeholder Partnerships Stimulating Cybersecurity Education and Workforce Development — or RAMPS.
(See? Acronyms are great.)
RAMPS brings together local K-12 schools, community colleges, universities, training organizations, employers, community and economic development organizations, and state and local government officials to create robust local networks and ecosystems. These local communities complement and play an important part in the national community we’re building.
RAMPS fulfills the NICE Strategic Plan objective to foster state and regional consortia to address local cybersecurity workforce needs. It also implements the President’s Job Driven Training Initiative, which helps establish employer-driven education and training programs for in-demand positions such as cybersecurity.
WHERE ARE ALL THE CYBERSECURITY JOBS?
By now you’re probably all fired up about NICE and want to know where to get the t-shirt. Well, we can’t offer you any NICE swag, but what we can do is help you locate cybersecurity job opportunities if you’re a job seeker or help you find the talent you’re looking for if you’re an employer. Next month, we’ll launch the Cybersecurity Jobs Heat Map, which is being developed by CompTIA and Burning Glass through a grant provided by NIST.
The heat map will allow you to see at a glance where there is high demand so you can plan your job search. If you’re an employer, you’ll be able to easily identify geographic areas with the greatest concentration of cybersecurity talent so you can focus your recruitment efforts. We believe that this dynamic and visual map, which aligns available jobs to the NICE Workforce Framework, will be a huge step forward in our understanding of both the present and future of workforce demand.
GETTING THINGS DONE FROM THE BREAK ROOM TO THE BOARD ROOM
We want to be known for getting things done, and that’s why one our stated values in the NICE Strategic Plan is to pursue action. If you’re inspired and want to get involved, we invite you to visit our website or email us at firstname.lastname@example.org. There’s a lot of work to be done to raise the visibility of cybersecurity from the break room to the board room.
We need your help.
This post originally appeared on Taking Measure, the official blog of the National Institute of Standards and Technology (NIST) on October 12, 2016.
To make sure you never miss our blog posts or other news from NIST, sign up for our email alerts.
About the Author
Rodney Petersen is the director of the National Initiative for Cybersecurity Education (NICE) at NIST. He worked previously as the managing director of the EDUCAUSE Washington Office and director of IT Policy and Planning at the University of Maryland. When he is not evangelizing for increasing the cybersecurity talent pipeline, he volunteers as basketball commissioner for Savage Boys & Girls Club and spends time with his wife as #emptynestsurvivors.