NICE 2017 Spring eNewsletter

Welcome to the 2017 spring edition of the National Initiative for Cybersecurity Education (NICE) eNewsletter. As we continue into another year with a spotlight on cybersecurity, we strive to provide insightful developments within the areas of academia, industry, and government. This edition’s featured article highlights the importance of hiring the right person for the job not only for their knowledge, but also for their ability to learn. Augmentation of knowledge tests with aptitude tests are talked about as well. With a continued focus on building career pathways, the Spotlight on Academia provides potential solutions to addressing the disparity between some 2-year and 4-year degree programs. For example, how can we have a better course alignment for a student to transfer from a 2-year program to a 4-year program? The Spotlight on Industry provides a seven-part formula to attract, hire, and retain talent. The Spotlight on Government illuminates the Federal Information Systems Security Association’s (FISSEA) effort to build effective security programs for cybersecurity awareness, training, and education. Using the expression, “two heads are better than one”, I am excited to see what this year brings through collaborations such as those in our NICE Working Group and subgroups. In the words of Albert Einstein, “we cannot solve problems by using the same kind of thinking we used when we created them.” Therefore, let’s continue stimulating innovation and driving change through such developments and insights put forth by the authors in this eNewsletter.

---

Announcement/Callout:

NICE is seeking timely, topical, and thought-provoking presentations for our 2017 annual conference and expo. This year’s theme, “Challenging the Status Quo: Building a Robust and Sustainable Cybersecurity Ecosystem,” was chosen to inspire presentations that aim to shape the way in which the nation identifies, educates, trains and builds a 21st century cutting-edge Cybersecurity Ecosystem. Submit your proposal today at www.fbcinc.com/e/nice/submissions.aspx

---

Featured Article:

Finding the right person for the right job at the right time is the central problem of cybersecurity personnel selection. Employers want to know that they have selected a person who can succeed in the job. Job-seekers want to know that they are pursuing a job that they can perform and will find fulfilling. Both of those groups would like to get the answer quickly without a lot of trial-and-error. This problem is particularly pressing in military organizations like the United States Air Force (USAF) which need to hire people and then train them for specific occupations that may not have a civilian counterpart. That is why the NICE Strategic Plan includes the objective to “Encourage tools and techniques that effectively measure and validate individual aptitude, knowledge, skills, and abilities.”

Generally, selection for cybersecurity jobs depends on experience in the same kind of job, knowledge of cybersecurity concepts, certifications, and academic credentials. Job applicants are not generally asked to perform the tasks that they would do on the job, and sometimes people are hired who cannot perform the job functions at the level required. This is problematic for both the employer and the employee.

One potential way to improve this situation is to augment the current knowledge and certification tests with assessments of what people can do or could do. The question of what a person could do with the right training is the central point of aptitude testing. Knowledge tests rely on three things: ability to learn, motivation to learn, and access to information. Aptitude tests, by contrast, require only one of those three elements: ability to learn the material. Because they do not depend on access to information, they may be more appropriate for people who have not had prior exposure to cybersecurity concepts. 

Both public and private-sector cybersecurity organizations are interested in assessing aptitude for cybersecurity, including SANS which provides information security training. In addition to their knowledge assessments, they have produced the SANS Information Security Aptitude Assessment, a test of problem solving, reading comprehension, and knowledge application. Their aptitude assessment presents cybersecurity scenarios along with additional information that can be assembled to at least partially solve the problem in the scenario. Additional cybersecurity knowledge should improve performance on this type of aptitude test because it removes some of the requirement to assimilate new knowledge during performance. In practice, that may mean that it is difficult to tell higher levels of knowledge from higher levels of aptitude.

A team at the University of Maryland Center for Advanced Study of Language (CASL) has been working for several years on the problem of assessing aptitude for cybersecurity jobs in people with little to no experience with cybersecurity. The aptitude tests they have produced do not have any explicitly cybersecurity related content and are designed to complement knowledge tests rather than replace them. These aptitude assessments include commonly-assessed STEM aptitude measures like spatial visualization ability, and less-common measures like anomaly detection and tolerance for risk.

The team at CASL has also segmented cybersecurity jobs listed in the NICE Cybersecurity Workforce Framework based on what cognitive abilities seem to support skilled performance – separating jobs that require speed from those that require thoroughness and separating jobs that require initiating actions from those that require being sensitive to complex input that may not match expectations. In the future, these characterizations may help expand the NICE Framework’s “abilities” part of the knowledge, skills, and abilities (KSAs) listed for particular jobs within the cybersecurity workforce. The flexible framework allows tests to be adaptable for different jobs by mixing or reweighting components, rather than requiring a new test for every possible set of skills.

The USAF identified a need to produce more qualified Cyber Warfare Operations personnel faster, and in 2015 the USAF asked CASL to adapt their aptitude test framework to assess who was most likely to succeed. The USAF’s logic was that optimizing the number of people who got through training would increase the number of qualified personnel available since the number of training spots was limited. CASL produced and validated a test that can be used to identify the best candidates for this training pipeline and is working closely with the USAF to keep the test adaptable for a larger number of work roles within cyber and information technology.

CASL’s aptitude approach fits the needs of the USAF because it allows them to identify outstanding candidates earlier and get those candidates into the operational workforce. Candidates benefit, too, because they can get feedback on where to focus their energies, and they are less likely to be assigned to a job in which they cannot succeed. For more information, visit https://www.casl.umd.edu/projects/cyber-u-s-air-force/

The CyberCorps(R) Scholarship for Service (SFS) program has been in existence for over a decade, with leadership from the National Science Foundation (NSF), Department of Homeland Security (DHS), National Security Agency (NSA) and Office of Personnel Management (OPM). The SFS program is designed to increase and strengthen the cadre of federal information assurance professionals that protect the government's critical information infrastructure. Today, sixty-nine colleges and universities from 30 states, Puerto Rico and the District of Columbia participate in the SFS program. As with other scholarship for service programs, recipients receive financial support for two or more years of their college education, in exchange for agreeing to work for the federal, state, local, or tribal government for a period of time equal to the number of semesters that were supported. In the cybersecurity area, this program is available to those seeking a bachelor’s, master’s, or doctoral degree. This past year, ten universities received funding to participate in an extension of the program that partners 4-year institutions with 2-year community colleges to capture rising sophomores and provide a path for them to transfer to complete a bachelor degree. 

Under a grant from NSF to the National CyberWatch Center (NCC), Drs. Toregas and Belón examined the results of this new SFS program variant, looking at the student selection process, bridging programs, and additional preparations necessary to ensure the success of the 2-year college students. Early findings are presented below.

Elephant in the Room: 

While a large number of community colleges offer Associate of Science degrees in computer science (CS), the majority of current 2-year cybersecurity degree programs result in an Associate in Applied Science (A.A.S.). Content is driven by workforce demand. Consequentially, these programs are more in line with the purpose of the CyberCorps(R) SFS program, than the content of a CS degree.  However, an A.A.S is designed to be a terminal degree program that develops individuals for the technical workforce, and is not designed to be a transfer degree. Only two of the fifteen 2-year partner schools in study offer a cybersecurity Associate in Science (A.S.) degree that is designed to lead to a bachelor's degree.

What has become evident early on is that the content of both the A.S. and A.A.S. cybersecurity degree programs is lacking courses that would be needed to transfer to a B.S. program in Computer Science (BSCS). Since seven out of the 10 SFS institutions participating in this 2-year partner program only offer a BSCS degree for students transferring within this program, their partner schools experienced the frustration of seeing that their best students were not qualified to transfer with junior status. Three of the participating SFS schools do offer a degree compatible with this program, including a Bachelor in Information Technology, Bachelor in Information Systems, and a Bachelor in Information Technology Security. The content of the A.A.S and A.S. degrees fit into these receiving programs with few losses of course credits.

Potential Solutions:

A number of solutions have been proposed to address the mismatch between degree programs. The suggestions range in their ease of implementation from simple to extreme and include:

• Transferring SFS program to CS department: Instead of losing the SFS program entirely at their 2-year school, some have transferred the program and selection of candidates to students that enroll in the computer science A.S. program, eliminating the course alignment problem. Unfortunately, cybersecurity is not included in most of the CS courses, so this approach does not necessarily deliver candidates with the cybersecurity skills desired by workforce demands.
• Summer bridge programs: Several of the 2-year school participants are designing bridge programs through which their students can attend math and CS courses that are required by the bachelor’s programs at the receiving colleges. This allows students to acquire credit for transfer purposes, and provides potential employees with candidates with the technical skills they demand.
• Extra year program: To be considered for the SFS program, a student must have completed or be within one semester of completing their Associate degree. If accepted, they commit to enrolling in a third year at the community college during which they take the missing computer science and math courses needed to enter the 4-year school as an incoming junior. This option would add an additional time element.
• Modification of degree programs at receiving college: For two of the 4-year institutions, independent of the SFS program, modifications have been made to the BSCS course content to recognize many of the computer security courses in the AAS degree. While the students may still have to attend a summer bridge program for at least two higher math courses and a required Discrete Structures course, the course mismatch problem decreases significantly.
• Abandoning the effort: Unfortunately a few of the 2-year schools are abandoning the partnerships with schools that only offer a BSCS and are looking to form partnerships with other schools that offer programs that more closely align with the content of their A.A.S. programs.

---

Industry Spotlight:

THE BEST WAYS TO ATTRACT, HIRE AND RETAIN TALENT

by Deidre Diamond, CyberSN.com and brainbabe.org, Founder and CEO

The unemployment rate for cybersecurity professionals—the people protecting us from cyber-attacks—is zero ⁽¹⁾ (some studies say it could be even higher), but most of these professionals (59%)⁽²⁾ are less than satisfied with their current jobs, leaving them receptive to the frequent calls they get from recruiters. This recruiting and retention challenge is a very serious national security issue. It’s no wonder a commonly heard question is: “What are the ‘best ways’ to attract, hire and retain talent?”

First, let’s examine why people leave their jobs. Almost half (45%)⁽³⁾ of those surveyed said they are concerned about the lack of opportunities for advancement. Forty-one percent ⁽⁴⁾ said they are leaving because they are dissatisfied with the leadership of senior management. The behavior of the C-suite reflects on the whole team and impacts morale immediately. Cybersecurity professionals often enter the field from a variety of disciplines and find an undefined career path ahead. It’s difficult to find a mentor with many years of experience or a long-standing set of colleagues to weather cyber storms year in and year out.

Those reasons are followed by dissatisfaction with the work culture, wanting more challenging work, compensation, benefits, and rewards/recognition. These problems are interpersonal problems, not problems specific to the cybersecurity industry, which means we must address these issues in any organization we are in and we must create cultures that energize people and encourage retention.

Secondly, let’s consider what attracts people to technical fields and cybersecurity careers. They may seek challenging and exciting work⁽⁵⁾. Or, they may characterize our industry as a moral battle between good and evil⁽⁶⁾ and see a chance to act as a modern day cyber-warrior. This sort of mission-based career gives us clues to the camaraderie we should seek to build at work.

Peter F. Drucker, the management guru once said, “If you want something new, you have to stop doing something old.” So let’s design a new and better way to attract, hire and retain talent. To create the kind of productive workplace people love, remain loyal to, and that supports their role in a disciplined fight against an ever-changing adversary, you need to create a workplace that includes these seven elements. Get this combination right and innovation goes through the roof as well.

All People Want the Same Things at Work:

1. To be valued and recognized for their contributions
2. To understand and be able to measure roles and responsibilities
3. To be communicated with in a positive, productive manner
4. To have a planned career path
5. To be provided with consistent education, training and opportunities to increase their skills
6. To be paid equitably
7. To work with kind, respectful people with a shared mission

This simple yet sophisticated formula could be key to creating and sustaining a successful workplace culture. In my many years in this industry, I’ve worked in nurturing environments and experienced the impact of exceptional leadership and a workplace where all people are treated with respect. Considering Peter Drucker’s words, we need to purposefully end workplace norms that kill morale or force people to leave. Arm your team with agreed-upon roles and responsibilities and ensure regular work reviews and performance assessments are provided. Make sure pay is equitable between men and women. Identify career paths and create entry-level positions that come with mentoring. Establish programs for ongoing education, certifications and skills development for all employees. Given the nature of the cybersecurity industry and the reasons good, smart and talented people enter the field, give them the tools and the environment to ensure they remain motivated and successful and watch them stay and succeed!

Watch Deidre Diamond’s, “The ‘Best Ways’ to Attract, Hire and Retain Talent,” video for more information on the workplace formula success factors.

The Learning Continuum of Awareness, Training, and Education (cited in NIST Special Publication 800-16:  A Role-Based Model for Federal Information Technology/Cybersecurity Training) is an excellent way for organizations to differentiate the importance and relationship of cybersecurity information and skills required for varying levels of employees or users of information technology.  Security Awareness is essential for all employees or consumers who participate in the digital economy. Training is typically targeted to employees based on their functional role or responsibilities with respect to IT systems. Whereas, Education refers to the higher level development of knowledge, skills, and abilities associated with a cybersecurity work role or preparation for a career in cybersecurity. The draft NICE Cybersecurity Workforce Framework explicitly recognizes Awareness, Training, and Education as a Specialty Area, under the category of Oversee and Govern, for individuals who develop, plan, coordinate, deliver, and evaluate awareness and training courses, methods, and techniques for their organization. Within the federal government, individuals with that job responsibility have been convening for 30 years under the auspice of The Federal Information Systems Security Educators' Association (FISSEA).

FISSEA is an organization founded in 1987 bringing together information systems security professionals from the federal government to share best practices, collaborate on new ideas, and network. Every organization, agency, and/or department aims to grow and develop their security programs. FISSEA members come together collectively to help find solutions to address current concerns in cybersecurity, keep our learners engaged, and guide the direction of effective security training programs. Representatives from industry and academia also participate, often as presenters or exhibitors.

Over the past 30 years the cybersecurity profession has evolved considerably as has the role of those who deliver awareness and training. After all, there were no cell phones or Internet when FISSEA started. FISSEA conference participants have debated many things during annual events such as:

• Should “information system security” be changed to “cybersecurity”?
• Should we approach the development of this new profession from a blue-collar or trade craft perspective instead of from a traditional educational route?
• How to make the world of cybersecurity awareness, training, and education more fun and exciting (so we could attract more people to desire a career in our field)?
• What role should professional certifications have and what value do they add?
• What do the latest laws mean and how do we implement them?

The one main and unchanging constant over the years has been the networking, encouragement, and support FISSEA members give to one another. This group has shared concerns, fears, successes, and awareness and training products with one another. FISSEA recognizes the hard work and dedication of its members through an awards program and has lots of fun in the process.

FISSEA has over 1,600 members. FISSEA members have also participated in the early workshops of NICE, presented at NICE conferences, and contributed to the NICE Cybersecurity Workforce Framework. FISSEA’s purposes are to:

• Elevate the general level of information systems security knowledge for the federal government and federally-related workforce.
• Serve as a professional forum for the exchange of information and improvement of information systems security awareness, training and education programs throughout the federal government.
• Provide for the professional development of its members.

FISSEA conducts an annual fee-based conference held at NIST every year in March. An annual award is presented to a candidate selected as Educator of the Year, honoring distinguished accomplishments in information systems security training programs. The security awareness, training and education contest seeks to award the best work done in support of information system security programs. Categories of entries include websites, newsletters, motivational items, posters, training scenarios, and videos. Members are encouraged to participate in the annual FISSEA conference through attendance, sending in contest entries, networking, presenting current topics or joining discussion panels.

You can join the “FISSEA Community of Interest” on GovLoop, to pose questions and receive feedback from colleagues. Learn more about how to join the association, participate in or contribute to conferences, contests and awards by visiting http://nist.gov/fissea.

Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs.

National Initiative for Cybersecurity Careers and Studies (NICCS)

NICCS is the premier online resource for cybersecurity training. NICCS connects government employees, students, educators, and industry with cybersecurity training providers throughout the Nation. Upgraded in September 2016, this site continues to grow as the Nation’s one-stop shop for Cybersecurity Training, Formal Education, and Workforce Information. 

The NICCS Training Catalog currently lists 129 Providers and 3,110 courses.

Learn more at www.niccs.us-cert.gov

Federal Cybersecurity Workforce Strategy

The Office of Management and Budget and The Office of Personnel Management continue to work toward implementing the Cybersecurity Workforce Strategy and has launched the CyberCareers.gov website. At this time, CyberCareers.gov provides specific federal cybersecurity information and resources to job seekers, as well as managers and supervisors. This website will be a completely new, multi-use platform used to recruit new talent, including students, and assist hiring managers and HR professionals with tools and guides for developing and supporting their current strategies. 

Advanced Technological Education

ADVANCED CYBERFORENSICS EDUCATION (ACE) CONSORTIUM (http://www.cyberace.org/)

The Advanced Cyberforensics Education (ACE) Consortium, in concert with the Florida Cyber Alliance, will hold its 5th Annual Cyber Camp June 12-15, 2017, at Daytona State College. Approximately 50 students in grades 9-12 will participate, exploring topics such as digital forensics, browser security, malware handling, and virtualization. Activities will include talks by industry experts, cyber challenges, and prizes based on performance.

On February 14, 2017, Middle Georgia State University sponsored an Academic Cybersecurity Conference, at which eight experts from academia and industry gave presentations to 300 students.

CATALYZING COMPUTING AND CYBERSECURITY IN COMMUNITY COLLEGES (C5)

(http://www.c5colleges.org/)

During the C5 Project's first 18 months, its mentoring program, which was developed jointly with CyberWatch West, has helped 17 community colleges in 14 states to earn the CAE2Y designation, and five universities in four states to earn the CAE-CD designation. Twenty-one mentors representing 10 community colleges and nine universities participated in that effort.

 For the C5 Project's modular, cybersecurity-themed computer science course, four modules -- Applied Cryptography, Secure Scripting, Responsible Software Development, and Processing/Protecting Digital Information -- have been completed and pilot-tested at 15 community colleges in 13 states, and they will be broadly disseminated and shared during the Community College Cyber Summit (3CS) in June 2017 at Prince George's Community College.  Five more modules are under development and will be pilot-tested in fall 2017.

CYBERWATCH WEST

(http://www.cyberwatchwest.org/)

 CyberWatch West launched a new course, Critical Infrastructure Cybersecurity, in January 2017. Faculty representing 11 schools and colleges attended an online walkthrough. The 12-module course, created in collaboration with George Mason University and designed to meet the needs of community colleges, is available for free download.

In collaboration with the C5 Project, CyberWatch West has hosted another regional workshop to teach college faculty and administrators how to map their curricula to the Knowledge Units (KUs) for the National Centers of Academic Excellence in Cyber Defense (CAE-CD) application. Representatives from 26 colleges and universities attended a workshop in Winston-Salem, NC, on February 16-17, 2017.

In April 2017, CyberWatch West will sponsor two events to bring together students, educators, and the cybersecurity industry. Colorado Springs Cybersecurity Industry Day will be held at Pikes Peak Community College on April 10; and Business and Industry Professionals Day will take place on April 27 as part of CyberCon 2.0 Four Corners at San Juan College in Farmington, NM.

NATIONAL CYBERWATCH CENTER

(https://www.nationalcyberwatch.org/)

The annual Community College Cyber Summit (3CS), which was founded in 2014, meets the need for a national academic conference that focuses on cybersecurity education at the community college level. The 2017 3CS will take place June 28-30, 2017, at Prince George's Community College (Largo, MD) and National Harbor, MD. This year's theme is "Strengthening Our Cyber IQ." This year, a student job fair will be added as a pre-conference event on Wednesday, June 28, from 9:00 to 11:30 AM. The first of its kind at the community college level, the cybersecurity job fair is expected to attract approximately 120 students from the DC metro area and elsewhere in the mid-Atlantic region, as well as some from farther away. Businesses and federal, state, and local government agencies will share career opportunities with the students. As part of the registration process, students will submit resumes to be shared with employers. To make this event a complete educational experience, the agenda for the 3CS on Wednesday afternoon will include a presentation track addressing topics of special interest to students.

The National CyberWatch Center has partnered with Baltimore-based Infosec Learning to develop a hands-on, scalable, and customizable virtual lab platform that supports skill development in any degree, certificate, training, or assessment program. The platform provides a complete, cloud-based lab solution, containing hundreds of virtual labs mapped to many National CyberWatch courses, professional certifications, and frameworks.

Dr. Margaret Leary, Professor at Northern Virginia Community College and Director of Curriculum for the National CyberWatch Center, was recently awarded a State Council of Higher Education for Virginia Outstanding Faculty Award. The Outstanding Faculty Award is Virginia's highest honor for faculty at public and private colleges and universities. It recognizes superior accomplishments in teaching, research, and public service. Dr. Leary has been appointed as cyber faculty-in-residence in the Virginia Governor's Office to assist with increasing the number of cybersecurity programs and Centers of Academic Excellence in Virginia. In February, the Virginia State Legislature passed a House Joint Resolution commending her on her efforts in cybersecurity education.

Learn more at www.atecenters.org/st/ and www.nsf.gov/ate

National Centers of Academic Excellence in Cybersecurity

The CAE Program Office will be presenting designation certificates at the National Cyber Summit, in Huntsville, AL from June 6-8, 2017. On June 6, the CAE Program Office will host its annual Principal’s meeting. Program updates, current news, and information about funding opportunities will be discussed. This is your chance to hear about new opportunities to get involved in the CAE community. The National Cyber Summit opening reception will follow the Principal’s meeting. On June 7, The Executive Leadership Summit will return as the Executive Academic forum in an all-day session that will be geared toward executive leadership from academia, industry, and government. The morning half of the meeting will focus on key national cybersecurity issues.

Learn more at www.caecommunity.org

CyberCorps®: Scholarship for Service

The CyberCorps®: Scholarship for Service (SFS) held a job fair and meeting with SFS site directors in winter 2017. Over 500 students and 90 hiring agencies attended the job fair. The SFS program continues to expand and awarded 7 new SFS awards at the event. There are now currently 69 SFS institutions across 31 states and Puerto Rico.

 Learn more at www.sfs.opm.gov

GenCyber

The National Security Agency's GenCyber program, co-sponsored by the National Science Foundation, sponsors cybersecurity summer camps for students and teachers at the K-12 level. The goals of the GenCyber program are to help increase careers and diversity in the cybersecurity career field; help students understand correct and safe on-line behavior and to improve the teaching methods for delivering cybersecurity content in the K-12 curricula.

Learn more at www.gen-cyber.com

NICE Cybersecurity Workforce Framework

---

Funded Projects Updates:

The U.S. government provides funding to third parties to develop products that will help advance cybersecurity education, training, and workforce development needs. The following are a few of those projects.

NICE Challenge Project 
The NICE Challenge Project continues to see fantastic growth in its user base. The project is just a few institutions away from reaching a milestone 100 registered institutions! With the upcoming 2017 cybersecurity education conference circuit we expect to reach well beyond 100 registered institutions. The project is currently expected to attend the following conferences in some capacity: 3CS, National Cyber Summit, and NICE Conference 2017. While those are the confirmed conferences we do expect to add to the list later this year.

The NICE Challenges also have some big developments just around the corner. Over the next few months we will be releasing a large content package and a massive upgrade to challenge services integration on our WebPortal. Our developments and content decisions are driven not only by our strategic vision but by the extremely valuable feedback we receive from our growing user base whom we are privileged to work with on this journey forward in creating the next generation in hands on cybersecurity content.

Learn more at www.nice-challenge.com

CyberSeek

The CyberSeek team is in the process of updating the data that is represented in the map and pathway tool. This update is scheduled for completion by the end of Q2 and plan to add GIAC certifications to the tool. CyberSeek is also in the process of updating the career pathway to include roles that can feed into careers in cybersecurity. The career pathways was discussed on a recent NICE Webinar. You can view a recording of this webinar at https://nist-nice.adobeconnect.com/p2henh3ta07/

Learn more at www.cyberseek.org

National Integrated Cyber Education Research Center
The emphasis and importance of K-12 Computer Science education is growing across the country. This growth raises an equal emphasis and importance of the role that cybersecurity plays in computer science. The Cyber Innovation Center and its National Integrated Cyber Education Research Center (NICERC) have been participating on many state-wide computer science framework and standard committees. By focusing on a top-down, state-level approach, we begin to systematically change K-12 education and empower educators with the skills, confidence, and resources needed to prepare our students, our future workforce. To complement the top-down approach, NICERC continues to work with individual teachers and school districts to distribute content and curricula in all 50 states and is continually widening and enhancing the "Cyber Interstate", our robust library of K-12 Cyber curricula. Visit our website for more information about K-12 computer science and cyber curricula or professional development opportunities.

Learn more at www.NICERC.org

Consortium for Enabling Cybersecurity Opportunities and Research (CECOR)
CECOR continues the momentum producing well-qualified cybersecurity professionals. At the end of year 2, CECOR partners have established 10 new cybersecurity labs in addition to the development of 8 new programs in Computer Science and Cybersecurity at partner schools that include 47 new and improved courses that focus on cybersecurity topics. Through its signature program, the CECOR Scholar, partners are leveraging the expertise across the consortium to implement and replicate evaluated activities that have emerged as best practices. The CECOR scholar represents students who have participated in standardized activities across the consortium and have displayed cybersecurity competencies. CECOR will use this signature program to affect under-represented groups and influence their decision to continue into STEM disciplines.

Learn more at http://cecork20.org/

Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development

The Partnership to Advance Cybersecurity Education and Training (PACET)

The goal is to streamline the entire cybersecurity workforce ecosystem in the New York Capital District from recruitment of students, education, professional training, internships, to job placement, by evaluating the needs of the local economy. The NICE Cybersecurity Workforce Framework will be used as a common index to map education programs available and industry workforce requirements in an attempt to align the two and to improve the quality and success of local cybersecurity talent entering the workforce.

Learn more at albany.edu/facets

The Hampton Roads Cybersecurity Education, Workforce and Economic Development Alliance (HRCyber)

HRCyber is a collaborative partnership between educational institutions, government agencies, non-profit organizations, and private employers focused on developing educational pathways from high school, through community college, to four year institutions, and continual professional development that provides a capable cybersecurity workforce for the region. Goals of the partnership include coordinating course delivery and internship placements, strengthening the cybersecurity capabilities of the regional workforce, and more.

Learn more at securitybehavior.com/hrcyber

Cincinnati-Dayton Cyber Corridor (Cin-Day Cyber)         

The Southwestern Ohio collaboration will advance the Cin-Day Cyber regional alliance with over 20 partners to stimulate cybersecurity education and workforce development to accelerate the growth of a highly complex cybersecurity workforce for both government and private industry. Cin-Day Cyber will leverage a strong university and K-12 presence in cybersecurity, knowing a well-developed talent pipeline will meet cyber industry demand.

Learn more at soche.org

Cyber Prep Program                                                          

The Pikes Peak regional cybersecurity alliance has engaged more than 18 partners to help teens choose cybersecurity careers by defining cybersecurity career pathways, supporting the development and growth of cybersecurity programs in area high schools and offering teens meaningful work experiences, including internships and apprenticeships.

Learn more at ppcc.edu/cyberprep

The Arizona Statewide Cyber Workforce Consortium                                      

The Consortium is committed to developing a unified approach to meeting the cybersecurity workforce and education needs in Arizona. Connecting a number of ongoing efforts throughout the state, and creating a dynamic and collaborative partnership, are examples of the endeavor. The consortium also works with cross sector partners ranging from K-12, higher education, workforce, and the cyber community as a whole.

The NICE Working Group (NICEWG) continues to work toward identifying and producing deliverables that energize and promote cybersecurity education, training, and workforce development. For example, the Workforce Management: Human Factors Project Team is developing a construct for understanding how business functions and roles in an organization contribute to and mitigate cybersecurity risk, integrating business, cybersecurity, and human capital disciplines.

Discussions on projects like these and more take place monthly in each of the following five subgroup areas: K-12, Collegiate, Competitions, Training and Certifications, and Workforce Management.