A new reference to support a workforce capable of meeting an organization’s cybersecurity needs just released from the National Initiative for Cybersecurity Education (NICE).
Special Publication 800-181, the NICE Cybersecurity Workforce Framework, provides organizations with a common, consistent lexicon that categorizes and describes cybersecurity work by category, specialty area, and work role.
It is a resource from which organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of workforce development, planning, training, and education.
The NICE Cybersecurity Workforce Framework (NICE Framework) improves communication about how to identify, recruit, develop, and retain cybersecurity talent. It is a resource from which organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of workforce development, planning, training, and education.
It also provides a superset of cybersecurity knowledge, skills, and abilities (KSAs) and tasks for each work role. The NICE Framework supports consistent organizational and sector communication for cybersecurity education, training, and workforce development.
“The first draft of the National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework will help critical infrastructure companies like oil and gas, power, water, manufacturing etc., to accelerate its hiring practices to close the skills gap in cybersecurity,” said Edgard Capdevielle, chief executive at Nozomi Networks. “They will now be able to articulate cybersecurity roles, area of specialty, category of work, and describe the knowledge, skills, and abilities of cybersecurity professionals that are needed. While it will take time to expand the workforce, new technologies are being applied that use Machine Learning (ML) and artificial intelligence (AI) to automate aspects of cybersecurity monitoring and detection. In areas of cybersecurity specialization such as industrial control systems where a cyberattack could have catastrophic effects, the combo of training and automation are speeding efforts to combat and remediate cyberattacks.”
The concept for the NICE Framework began before the establishment of NICE and grew out of the recognition the cybersecurity workforce in the public and private sectors could not be defined and assessed.
To address this challenge, more than 20 departments and agencies, the private sector, and academia came together to provide a common understanding of cybersecurity work. The common understanding developed has been expressed in two previous version of the NICE Framework and has evolved with further engagement between the government, private sector, and academia.
The audience for the framework are:
• Employers — To help define their cybersecurity workforce, identify critical gaps in cybersecurity staffing, and create position descriptions consistent with national language.
• Current and future cybersecurity workers — To help explore tasks and work roles and assist with understanding the KSAs being valued by employers for in-demand cybersecurity jobs and positions. Staffing specialists and guidance counselors are also enabled to use the NICE Framework as a resource to support these employees or job seekers.
• Training and certification providers — To help current and future members of the cybersecurity workforce gain and demonstrate the KSAs.
• Education providers — To help develop curriculum, certificate or degree programs, and research that cover the KSAs and tasks described.
• Technology providers — To identify cybersecurity Work Roles and specific Tasks and KSAs associated with services and hardware or software products they supply.
Click here to view the publication.