The National Initiative for Cybersecurity Education (NICE) The NICE Workforce Framework, NIST SP 800-181, Overview
October 4, 2017
2
Accelerate Learning and Skills Development • Inspire a sense of urgency in both the public and private sectors
to address the shortage of skilled cybersecurity workers Nurture A Diverse Learning Community
• Strengthen education and training across the ecosystem to emphasize learning, measure outcomes, and diversify the cybersecurity workforce
Guide Career Development & Workforce Planning
• Support employers to address market demands and enhance recruitment, hiring, development, and retention of cybersecurity talent
NICE Strategic Goals - http://csrc.nist.gov/nice/about/strategicplan.html
3
Inspire a sense of urgency in both the public and private sectors to address the shortage of skilled cybersecurity workers Objectives:
1.1 Stimulate the development of approaches and techniques that can more rapidly increase the supply of qualified cybersecurity workers 1.2 Advance programs that reduce the time and cost for obtaining knowledge, skills, and abilities for in-demand work roles 1.3 Engage displaced workers or underemployed individuals who are available and motivated to assume cybersecurity work roles 1.4 Experiment with the use of apprenticeships and cooperative education programs to provide an immediate workforce that can earn a salary while they learn the necessary skills 1.5 Explore methods to identify gaps in cybersecurity skills and raise awareness of training that addresses identified workforce needs
NICE Strategic Goal #1: Accelerate Learning and Skills Development
4
Strengthen education and training across the ecosystem to emphasize learning, measure outcomes, and diversify the cybersecurity workforce Objectives:
2.1 Improve education programs, co-curricular experiences, and training and certifications 2.2 Encourage tools and techniques that effectively measure and validate individual aptitude, knowledge, skills, and abilities 2.3 Inspire cybersecurity career awareness with students in elementary school, stimulate cybersecurity career exploration in middle school, and enable cybersecurity career preparedness in high school 2.4 Grow creative and effective efforts to increase the number of women, minorities, veterans, persons with disabilities, and other underrepresented populations in the cybersecurity workforce 2.5 Facilitate the development and dissemination of academic pathways for cybersecurity careers
NICE Strategic Goal #2: Nurture a Diverse Learning Community
5
Support employers to address market demands and enhance recruitment, hiring, development, and retention of cybersecurity talent Objectives:
3.1 Identify and analyze data sources that support projecting present and future demand and supply of qualified cybersecurity workers 3.2 Publish and raise awareness of the NICE Cybersecurity Workforce Framework and encourage adoption 3.3 Facilitate state and regional consortia to identify cybersecurity pathways addressing local workforce needs 3.4 Promote tools that assist human resource professionals and hiring managers with recruitment, hiring, development, and retention of cybersecurity professionals 3.5 Collaborate internationally to share best practices in cybersecurity career development and workforce planning
NICE Strategic Goal #3: Guide Career Development and Workforce Planning
NICE Cybersecurity Workforce Framework – NIST SP 800-181
• Specialty Areas (33) – Distinct areas of cybersecurity work; • Work Roles (52) – The most detailed groupings of cybersecurity work, which include specific
knowledge, skills, and abilities required to perform a set of tasks. • Tasks – Specific work activities that could be assigned to a professional working in one of the
NCWF’s Work Roles; and, • Knowledge, Skills, and Abilities (KSAs) – Attributes required to perform Tasks, generally
demonstrated through relevant experience or performance-based education and training.
• Audience: • Employers • Current and Future Cybersecurity Workers • Training and Certification Providers • Education Providers • Technology Providers
SECURELY PROVISION
PROTECT AND
DEFEND
OPERATE AND
MAINTAIN
OVERSEE AND
GOVERN
COLLECT AND
OPERATE INVESTIGATE ANALYZE
Categories of Cybersecurity Work
NICE Workforce Framework Categories
7
Categories Descriptions
Securely Provision (SP) Conceptualizes, designs, and builds secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development.
Operate and Maintain (OM)
Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security.
Oversee and Govern (OV) Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.
Protect and Defend (PR) Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.
Analyze (AN) Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
Collect and Operate (CO) Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
Investigate (IN) Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence.
NIST SP 800-181 NICE Workforce Framework Relative Specificity
Very Broad
Very Specific
Cybersecurity Category
Specialty Area
Work Roles KSA Task
8
Securely Provision (7 Specialty Areas, 11 Work Roles)
9
Category Specialty Area Work Role
Securely Provision
Risk Management Authorizing Official/Designating Representative
Security Control Assessor
Software Development Software Developer
Secure Software Assessor
Systems Architecture Enterprise Architect
Security Architect
Technology R&D Research & Development Specialist
Systems Requirements Planning Systems Requirements Planner
Test and Evaluation Testing and Evaluation Specialist
Systems Development Information Systems Security Developer
Systems Developer
Operate and Maintain (6 Specialty Areas, 7 Work Roles)
10
Category Specialty Area Work Role
Operate and Maintain
Data Administration
Database Administrator
Data Analyst
Knowledge Management Knowledge Manager
Customer Service and Technical Support Technical Support Specialist
Network Services Network Operations Specialist
Systems Administration System Administrator
Systems Analysis Systems Security Analyst
Oversee and Govern (6 Specialty Areas, 14 Work Roles)
11
Category Specialty Area Work Role
Oversee and Govern
Legal Advice and Advocacy Cyber Legal Advisor Privacy Officer/Compliance Manager
Training, Education, and
Awareness Cyber Instructional Curriculum Developer
Cyber Instructor
Cybersecurity Management Information Systems Security Manager
Communication Security Manager
Strategic Planning and Policy Cyber Workforce Developer and Manager
Cyber Policy and Strategy Planner
Executive Cyber Leadership Executive Cyber Leadership
Program/Project Management and Acquisition
Program Manager
IT Project Manager
Product Support Manager
IT Investment/Portfolio Manager
IT Program Auditor
Protect and Defend (4 Specialty Areas, 4 Work Roles)
12
Category Specialty Area Work Role
Protect and Defend
Cyber Defense Analysis Cyber Defense Analyst
Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Incident Response Cyber Defense Incident Responder
Vulnerability Assessment and Management Vulnerability Assessment Analyst
Analyze (5 Specialty Areas, 7 Work Roles)
13
Category Specialty Area Work Role
Analyze
Threat Analysis Threat/Warning Analyst
Exploitation Analysis Exploitation Analyst
All-Source Analysis
All-Source Analyst
Mission Assessment Specialist
Targets Target Developer
Target Network Analyst
Language Analysis Multi-Disciplined Language Analyst
Operate and Collect (3 Specialty Areas, 6 Work Roles)
14
Category Specialty Area Work Role
Collect and Operate
Collection Operations All Source-Collection Manager
All Source-Collection Requirements Manager
Cyber Operational Planning
Cyber Intel Planner
Cyber Ops Planner
Partner Integration Planner
Cyber Operations Cyber Operator
Investigate (2 Specialty Areas, 3 Work Roles)
15
Category Specialty Area Work Role
Investigate
Cyber Investigation Cyber Crime Investigator
Digital Forensics
Law Enforcement/Counterintelligence Forensics Analyst
Cyber Defense Forensics Analyst
Building Blocks for a Capable and Ready Cybersecurity Workforce
16
Federal Department and Agency Support
Over 20 Federal Departments and Agencies supported framework development, including: Department of State Department of Education Department of Labor Office of Management and Budget Office of Personnel Management Department of Defense Department of Justice Information Sciences & Technologies Department of Homeland Security (including NPPD, TSA, USSS, Coast Guard, ICE, CBP, CIS, DHS OI&A).
Central Intelligence Agency Defense Intelligence Agency Director of National Intelligence Federal Bureau of Investigation National Security Agency National Science Foundation Department of Defense /DC3x National Counterintelligence Executive Federal CIO Council
17
Non-Profit & Government Organizations In addition, NICE has worked very closely with non-profit and governmental organizations to socialize the framework. A non-exhaustive list:
•FedCIO Council IT Work Force Committee (ITWFC) • Committee of National Systems Security (CNSS) • FedCIO Council Information Security and Identity Management Committee (ISIMC) • National Cybersecurity Alliance (NCSA) • Federal Information Systems Security Educators Association (FISSEA) • Colloquium for Information Systems Security Educators (CISSE) • Colloquium for Advanced Cybersecurity Education (CACE) • Washington Cyber Roundtable • CyberWatch
•US Cyber Challenge • National Association of State Chief Information Officers (NASCIO) • Multi-State Information Sharing and Analysis Center (MS-ISAC) •Information Systems Security Association (ISSA) • National Board of Information security Examiners (NBISE) • Cybersecurity Certification Collaborative (C3) • Institute for Information Infrastructure Protection (I3P) • Association for Computing machinery (ACM) • Institute of Electrical and Electronics Engineers (IEEE)
18
• Department of Defense (DoD) Cybersecurity Workforce Framework is composed of cybersecurity functional roles, associated job tasks, and the knowledges, skills, and abilities (KSAs) required to perform those tasks. This content was compiled by organizational psychology experts and reviewed by subject matter experts (SMEs) through a series of focus groups. The final framework was reviewed and revised by additional SMEs and stakeholders; 118 SMEs across Air Force, Army, Navy, Marines, and NSA participated in the development of this framework.
• Intelligence Community (IC) Cyber Subdirectory presents a comprehensive list of competencies and knowledges, skills, and abilities (KSAs) needed by IC cybersecurity professionals to fulfill mission requirements. Subdirectory content was gathered through a data call to 16 IC elements and was compiled by organizational psychology experts. A series of focus groups with 11 SMEs from across the IC was conducted with an additional review from other SMEs and senior IC stakeholders. Finally, an electronic questionnaire was completed by 51 cybersecurity professionals from across the IC (including Air Force, Army, CIA, DHS, DIA, DC3, FBI, ODNI, NSA, DoS) to gather confirmatory data for the competencies and KSAs.
• Office of Personnel Management (OPM) Cybersecurity Model includes core and technical competencies for cybersecurity professionals across four occupational series. This competency model was developed through focus groups and an electronic questionnaire sent to approximately 50,000 employees and supervisors with significant responsibilities for some aspect of cybersecurity. Participation for both of these efforts was across the Federal government.
• National Security Agency (NSA) Computer Network Operations (CNO) Training Roadmaps establish job tasks and KSAs for CNO work roles and the training available to develop different levels of proficiency within those roles. A series of focus groups with SMEs from each work role were conducted to refine work role definitions and draft lists of tasks and KSAs for the roadmap while National Cryptologic School (NCS) curriculum managers, instructors, and other experts from 34 curricula reviewed the linkages and provided proficiency information.
• Department of Defense (DoD) 8570: Information Assurance Workforce Improvement Program Manual provides guidance and procedures for training, certification, and workforce management of the DoD Information Assurance (IA) work functions. A series of working groups helped to develop the manual by identifying public and private sector resources relevant to IA and then organizing the resources by function and work level.
• Department of Homeland Security (DHS) Information Technology (IT) Security Essential Body of Knowledge (EBK) summarizes the IT security skill requirements for the IT security workforce and links competencies and functional perspectives to IT security roles. A working group developed the EBK, and a series of role-specific focus groups were conducted to ensure content across IT security roles was fully represented. Input from the private sector, government, and academia was obtained. In addition, public comment was provided through the Federal Register and incorporated into the final document.
19
Sources Used to Develop Initial Draft of Framework (as noted in 2012)
National Initiative for Cybersecurity Education (NICE) – https://nist.gov/nice • The NICE strategic plan https://www.nist.gov/itl/applied-
cybersecurity/nice/about/strategic-plan • The NICE Cybersecurity Workforce Framework https://www.nist.gov/itl/applied-
cybersecurity/nice/resources/nice-cybersecurity-workforce-framework Resources (for industry, gov’t, and academia) • The NICE Working Group and subgroups (K-12, Collegiate, Competitions, Training
and Certifications, and Workforce Management) https://www.nist.gov/itl/applied-cybersecurity/nice/about/working-group – Forum to identify and share best practices that help us as a nation make progress towards
the NICE Strategic goals and objectives.
• NICE grants to 5 Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development
• NICE grant for the creation of Cyberseek http://cyberseek.org/ • NICE challenge Project https://www.nice-challenge.com/
– cyber challenge labs emphasize real world skills like problem solving, self-learning, and documentation over regurgitating step-by-step instructions and limited simulations.
20