Featured Video
This Week in Quality Digest Live
Risk Management Features
Jeffrey Phillips
Three simple rules to distinguish innovation from business as usual
Jon Speer
A proactive approach in a high-risk sector
Mark Whitworth
The path to better performance and profitability
Stefan Geib
You can’t improve what you can’t see
Daniel Blake
Issues around divestiture can have a ripple effect on global trade

More Features

Risk Management News
Mathis will provide business development for HACCP certification in the Americas
Explains basic steps businesses can take to better protect their information systems
ISO 20400 will help companies achieve sustainability goals, improve supplier relations
Regulations will create new opportunities for business and government to use drones
Three new ISO standards support monitoring of exposure in the workplace
Funds help high-risk, vulnerable workers identify, prevent workplace hazards
ISO/PC 303 project committee will provide international benchmarks to reduce purchasing risks

More News

  •  

  •  

  •  

  •  

     

     

  • SUBSCRIBE

Rodney Petersen

Risk Management

Creating a Smart, Skilled Cybersecurity Workforce

1.5 million more cybersecurity professionals will be needed by 2020

Published: Thursday, November 3, 2016 - 15:27

Acronyms. The world, and especially the government, is overflowing with them. You’d be hard-pressed to pick a favorite. People might even look at you funny if you suggested that you had one. I’m lucky enough to have my favorite one on my business card: NICE—the National Initiative for Cybersecurity Education.

While I’d like to think I was one even before I got the card, it’s been fun to be officially known as “the NICE guy” since I arrived at NIST a little less than two years ago. My 25-year career has been devoted to higher education, and for the past 15 years I’ve been focused on cybersecurity, so it’s fitting that I now have the opportunity to lead a program that uses my expertise and passion for cybersecurity and education simultaneously.


Figure 1: Securing the smart grid is just one of thousands of jobs for the next generation of cybersecurity warriors. ©Nicholas McIntosh

NICE has embarked upon an exciting journey to promote cybersecurity education, training, and workforce development. We believe that a knowledgeable and skilled cybersecurity workforce where “cybersecurity is everyone’s responsibility” is the only way we will realize the full potential of our digital economy. That’s why we’re working to raise awareness of cybersecurity from the “Break Room to the Board Room”—the theme of this week’s National Cyber Security Awareness Month.

Learning to be a responsible employee

If NICE were running for office, one of our campaign slogans would be “Cybersecurity Awareness for All.” Whether you are a consumer, student, parent, employee, or executive, you can’t escape the risks associated with using a digital device or going on the internet.

That’s why “awareness” has long been a pillar of good cybersecurity practice. In fact, NIST recognized its importance way back in 1998—ancient history!

Today, there are many important efforts to develop and spread the awareness message from the government, such as Stop.Think.Connect. and OnGuardOnline, as well the private sector, including StaySafeOnline and iKeepSafe.

However, with the growing importance of cybersecurity to almost everyone in the workplace, we need to go beyond the basics of how to secure your computer or be safe on the internet. Today, we need employees who have mastered more comprehensive and complex skills.

All organizations should make cybersecurity training a key part of their risk-management strategy, especially those risks associated with human error, insider threats, and other vulnerabilities with a human element. Forthcoming updates to the NICE Workforce Framework will introduce “work roles” recognizing that there are specialized sets of tasks and functions that require specific knowledge, skills, and abilities.


Figure 2: It’s good to have goals. These are ours. Credit: NIST NICE

Not only do we need to increase the awareness and skills of the present workforce, but we also need to build an ever-expanding pipeline of talent to fill growing numbers of critical cybersecurity jobs. NICE is addressing this need by accelerating learning and skills development, nurturing a diverse learning community, and guiding career development and workforce planning.

The best way to achieve our goals is to begin teaching good cybersecurity habits early on. The National K-12 Cybersecurity Education Conference, which was held Oct. 6–7, 2016, in Arlington, Virginia, is an exciting development that will increase cybersecurity career awareness for children and improve student learning through engaging curriculum and co-curricular experiences.

Hopefully, these experiences will also lead more students to have a healthy enthusiasm for and interest in creating and maintaining secure systems.

In addition to our efforts, the Centers for Academic Excellence in Cybersecurity are working to strengthen education programs at all levels, and the CyberCorps: Scholarship for Service program is focused on attracting more students to federal cybersecurity jobs.

It takes a community

The NICE program also has a number of other strategies for building community at the national level. For instance, the NICE Working Group is working to develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development.

For instance, we publish the quarterly NICE eNewsletter to provide timely information, including original articles written by members of the community.

We produce the monthly NICE webinar series to give people the opportunity to learn about an innovative or strategic development presented by experts from the community.

And we support the annual NICE Conference and Expo, which was held Nov. 1–2, 2016, in Kansas City, Missouri, to showcase the work of the community, broaden our audience, and widen our impact, and provide a forum for like-minded supporters of NICE to get to know each other.

NICE is taking the concept of community building to the regional and local level by introducing a pilot program known as the Regional Alliances and Multi-Stakeholder Partnerships Stimulating Cybersecurity Education and Workforce Development—or RAMPS.

(See? Acronyms are great.)

RAMPS brings together local K-12 schools, community colleges, universities, training organizations, employers, community and economic development organizations, and state and local government officials to create robust local networks and ecosystems. These local communities complement and play an important part in the national community we’re building.

RAMPS fulfills the NICE strategic plan objective to foster state and regional consortia to address local cybersecurity workforce needs. It also implements the President’s Job-Driven Training Initiative, which helps establish employer-driven education and training programs for in-demand positions such as cybersecurity.

Where are all the cybersecurity jobs?

By now you’re probably all fired up about NICE and want to know where to get the t-shirt. Well, we can’t offer you any NICE swag, but what we can do is help you locate cybersecurity job opportunities if you’re a job seeker, or help you find the talent you’re looking for if you’re an employer. Next month, we’ll launch the Cybersecurity Jobs Heat Map, which is being developed by CompTIA and Burning Glass through a grant provided by NIST.


  Figure 3: Where are all the cybersecurity jobs? Everywhere, it turns out. Credit: NIST NICE. Click here for larger image.

The cybersecurity jobs heat map will allow you to see at a glance where there is high demand so you can plan your job search. If you’re an employer, you’ll be able to easily identify geographic areas with the greatest concentration of cybersecurity talent so you can focus your recruitment efforts. We believe that this dynamic and visual map, which aligns available jobs to the NICE Workforce Framework, will be a huge step forward in our understanding of both the present and future of workforce demand.

Getting things done from the break room to the board room

We want to be known for getting things done, and that’s why one of our stated values in the NICE strategic plan is to pursue action. If you’re inspired and want to get involved, we invite you to visit our website or email us at nice.nist@nist.gov. There’s a lot of work to be done to raise the visibility of cybersecurity from the break room to the board room.

We need your help.

First published on NIST's Taking Measure blog.

Discuss

About The Author

Rodney Petersen’s picture

Rodney Petersen

Rodney Petersen is the director of the National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology (NIST). Petersen previously served as the senior policy advisor to EDUCAUSE and he was the managing director of the EDUCAUSE Washington. He founded and directed the EDUCAUSE Cybersecurity Initiative and was the lead staff liaison for the Higher Education Information Security Council. Prior to joining EDUCAUSE, he served as the director of IT policy and planning in the Office of the Vice President and chief information officer at the University of Maryland.