Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
NICE eNewsletter Summer 2022
welcome
Welcome! Our names are Lindsey and Kyle and we are both student interns with NICE this summer. Through the Student High School Internship Program (SHIP) and the Summer Undergraduate Research Fellowship (SURF), we’ve had the opportunity to get hands-on experience in the workforce and have both learned much about cybersecurity. Both of us have also gotten the unique experience of collaborating in-person with another group in NIST’s applied cybersecurity division, the National Cybersecurity Center of Excellence (NCCoE). Lindsey has been working on a variety of projects, such as a video series to answer cybersecurity FAQs and a research project on how to market cybersecurity careers to K12 audiences. Kyle has been working on a research project to evaluate job descriptions found on online hiring platforms and how they align with the NICE Framework.
Internships such as SURF and SHIP are only one method of developing the future of the cybersecurity workforce. Participating in externships, professional development programs, and the annual Cyber Games are other ways to engage and prepare individuals. Read more of this quarter’s newsletter to continue learning about these topics!
Lindsey Walter, Thomas Wootton High School
Kyle Truong, University of Maryland, College Park
FEATURED ARTICLE
Going for Gold!
How the US Cyber Games Paved New Paths into Closing the Cybersecurity Workforce Gap
By Bradley Wolfenden, Director, Cyber Sports, Katzcy PlayCyber
The continued demand for skilled cybersecurity practitioners across the globe highlights a need to shift the paradigm around methods for recruitment, education, and training of cybersecurity professionals. One solution to this: cybersecurity competitions and games.
Founded by Katzcy, a digital marketing agency, in cooperation with the National Initiative for Cybersecurity Education (NICE), the US Cyber Games (USCG) is blazing a new path with a mission to merge athletics, esports, and cybersecurity. After a successful Season I, there are many reasons to be hopeful.
At its outset, the driving vision for the USCG was to recruit and train a team to compete on behalf of the United States at the inaugural International Cybersecurity Challenge (ICC).* To get there, Katzcy designed and executed a USCG program that spanned April 2021–June 2022. Phase one of the USCG program was a two-week Capture the Flag (CTF) competition, the US Cyber Open, which was free to participate in and open to anyone. Phase two of the USCG program was a five-week intensive training and evaluation period, the US Cyber Combine, that invited 65 of the 680+ athletes who competed in the US Cyber Open. Finally, the first-ever US Cyber Team was selected during our live Draft Day on October 5, 2021. The 25 athletes chosen to represent the US at the ICC continued their training, evaluation, and mentorship up to traveling to Athens, Greece, in June 2022.
The Season I US Cyber Team took third place at the ICC, and what we’ve learned along the way has true potential to inform and inspire the broader community on ways to develop tomorrow’s cybersecurity workforce. Below are three main takeaways as we look back at Season I:
- To best support US Cyber Games athletes and their endeavors into cybersecurity careers, we have aligned the overall program with the NICE Workforce Framework for Cybersecurity. The framework provides a valuable, standardized lexicon around work roles in cybersecurity that when aligned with cybersecurity competition challenge content and categories provides tangible, measurable outcomes. The metrics from the games, in turn, provide an excellent reference point for evidencing and validating competencies commonly sought out across the workforce. Moving forward, we strive for the metrics and alignment to empower athletes with helpful data points on skills they’ve gained or honed, work they’ve completed, and results they’ve earned that can now be better communicated to current or potential employers.
- Team-based cybersecurity competitions and games emphasize both technical skills and interpersonal, soft, or “power” skills as we like to call them. These immersive opportunities present relevant skills-based challenges and real-world environments that allow competitors to explore the field of cybersecurity, engage with tools, and develop and demonstrate their skills in a controlled environment.
- From coaches to sponsors, it takes a community to inspire change and create opportunities. The coaching staff was a core aspect of the USCG program. Coaches were US-based volunteers with academic and professional cybersecurity experience. With this approach, the US Cyber Team had the requisite staff to teach and train on core skills, offensive and defensive tactics, and special teams for the full range of competition platforms.
The USCG program would like to thank Dr. TJ O’Connor (Head Coach), Jasmine Jackson (CTF Coach), Dr. Dane Brown (Red vs. Blue Coach), Dr. Bryson Payne (Sr. Technical Mentor), and Dr. Suzanna Schmeelk (Sr. Technical Mentor) for their contributions to the Season I athletes and team.
Successes from Season I have established a solid foundation for the US Cyber Games and paved the way for program improvements that will further position cybersecurity competitions and games as an excellent tool in cybersecurity workforce development. Furthermore, the NICE Strategic Plan outlines five goals that are critical to ensuring the successful implementation of the NICE Framework. Many of these goals are also reflected in the overall strategy behind the US Cyber Games. Katzcy looks forward to Season II, and to hosting the International Cybersecurity Challenge here in the United States in 2023.
Season II Dates:
US Cyber Open Kick-Off Event: Thursday, June 30, 2022
US Cyber Open CTF: July 8–17, 2022
US Cyber Combine: August 5–September 5, 2022
US Cyber Team Draft Day: Monday, October 17, 2022
International Cybersecurity Competition: August 2023, USA
*The ICC, hosted by the European Union Agency for Cybersecurity (ENISA), is a global effort to attract young talent and raise awareness throughout the cybersecurity community regarding the education and skills critical for in the field.
Framework in Focus
A profile of a cybersecurity practitioner to illustrate application of the NICE Framework.
Rod Russeau, Director of Technology & Information Services
This issue’s interview is with Rod Russeau, Director of Technology & Information Services at Community High School District 99 in Downers Grove, Illinois. Mr. Russeau shares his path into cybersecurity, and how he helps people understand that everybody has a responsibility to do things that promote security.
Organization: Community High School District 99 (Downers Grove, Illinois)
NICE Framework Categories: Oversee & Govern
NICE Framework Work Roles: Executive Cyber Leadership
Academic Degrees: B.A.
Certifications: CISSP, CISM, CETL, CDPSE
SPOTLIGHT ARTICLES
Virtual Externships: A Promising Opportunity for Acquiring Experience Through Work-Based Learning
By Olen Anderson, Co-Founder, WorkED, and Ben Crenshaw, Oracle Vulnerability Analyst and Career Technical Education Teacher at Canyon Technical Education Center
The idea that education or training alone leads to employment is an antiquated notion. It turns out that the eternal dilemma about experience vs. education is a constant battle in the minds of both employers and job seekers. It makes sense that more advanced or senior cybersecurity roles require both education and many years of work experience. However, it is common to see job qualifications require a minimum of 3-5 years of work experience for positions that are classified as “entry-level.”
Employers have voiced concern that employees without work experience often lack skills in areas such as organization, problem-solving, leadership, and communication. Disconnects between the skills taught in educational settings and the demands of the work environment lead to the need for new employees to be trained on soft skills they have never been taught.
Changing Lives: Accelerating the Process for Women To Enter Cybersecurity Careers
By Paula Bolton, Chief Marketing and Program Officer, Women In Technology (WIT)
What will it take to get more women into cybersecurity roles? Despite the incredible growth in open jobs and individuals employed in cybersecurity, women continue to be left behind and are under-represented at every level and every category of cybersecurity related work. International Information Systems Security Certification Consortium (ISC2) data shows that (globally) women are only 24% of the highly compensated field.
Some of the contributing factors preventing women from entering cybersecurity: they may find their careers stalled by the time taken to have children and raise their family; or they may lack a required formal degree; or they may simply have never been introduced to these careers as appropriate for them. What is needed is a program designed to help women from all walks of life to qualify to enter the field, no matter their previous work experience or technical skill level.
Evolved Cybersecurity Needs Evolved Training
By Maureen Roskoski, Vice President at Facility Engineering Associates and Contractor to GSA Office of Federal High-Performance Green Buildings
The facilities workforce is constantly evolving to adapt to changing environments. For instance, the increase in energy efficiency demands a facilities workforce with advanced competencies in operations, maintenance, and energy-related technologies. As our buildings have become smarter with more connected technology, there has been an increase in the need for cybersecurity knowledge in the facilities workforce driven by policy initiatives, regulatory requirements, and technology advancements. How can an organization keep up with these emerging workforce needs and maintain a competent facilities workforce?
The Federal Buildings Personnel Training Act (FBPTA) was enacted in 2010 and required the General Services Administration (GSA) to establish core competencies and a curriculum for those that run federal buildings. The FBPTA program developed a competency model that established 44 core competencies related to facility management, building operation, and energy management roles, including a total of 268 specific competencies.
AFFILIATED PROGRAMS UPDATE
Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs with updates on their activities:
The NICE Framework at the NICE Annual Conference and Expo
The 2022 NICE Conference and Expo took place in Atlanta, GA this past June. As to be expected, numerous sessions discussed the NICE Framework and how it is used to support cybersecurity workforce needs. NICE staff led two sessions in particular on the NICE Framework: a pre-conference workshop on “Using NICE Framework Competencies to Build a Better Cybersecurity Workforce” and a Community of Interest meeting of the NICE Framework Users Group. Learn more here.
Learn more: NICE Framework Resource Center
Recent NICE Webinars
Optimizing Your LinkedIn Profile for Your Cybersecurity Career
July 20, 2022
Your LinkedIn profile is key to growing your professional network and establishing credibility with employers and recruiters. LinkedIn is a professional social network whose mission is to connect the world’s professionals to make them more productive and successful. During this webinar, LinkedIn pros will share tips and tricks on how to optimize your LinkedIn profile – “rock your profile” -- so that employers, recruiters and other professionals can easily find you and help you grow your network with the goal of advancing you in your career. Learn more here.
Creating the Infrastructure Needed for Scalable Learning and Employment Records
June 29, 2022
The NICE Strategic Plan has as one of its objectives to ”encourage the use of Learning and Employment Records (LERs) to document and communicate skills between learners, employers, and education and training providers” as part of the overarching goal to “Transform Learning to Build and Sustain a Diverse and Skilled Workforce”. This webinar will provided an overview of LERs, describe several initiatives and pilots, and the technical and policy infrastructure that will be required to create a scalable and sustainable solution that can be leveraged by learners, employers, and education and training providers. Learn more and view the recording here.
Showing Our Appreciation of Military Veterans and Spouses By Supporting Cybersecurity Career Opportunities
May 18, 2022
As we celebrated Military Appreciation Month and Memorial Day during the month of May, it was also a good time to focus on regional and national efforts to help military veterans transition to civilian cybersecurity roles. Additionally, as military spouses often face challenges in securing ongoing or long-term employment, a career in cybersecurity may present a unique opportunity for them if employers are flexible and willing to support a mobile workforce. This webinar focused on current and emerging programs and services designed to meet the growing cybersecurity workforce demand by leveraging the employment of veterans and military spouses through a variety of different pathways that include education, training, apprenticeships, and more. Learn more and view the recording here.
FUNDED PROJECTS UPDATE
CyberSeek
During the NICE Conference & Expo in Atlanta, Georgia, Rodney Petersen, Director of NICE, introduced updates to CyberSeek during his opening remarks.
The updates included new data that show that demand for cybersecurity talent is speeding up as more public and private sector organizations look to strengthen defenses against a multitude of threats. In the US, there were 714,548 job postings for cybersecurity job roles and skills during the 12-month period running through April 2022.
Learn more about these updates in the official press release.
Learn more: CyberSeek
NICE COMMUNITY COORDINATING COUNCIL
Over the past two years the NICE Community Coordinating Council has made great progress in bringing together industry, academia, and government in a collaborative effort to support the NICE Strategic Plan in advancing an integrated ecosystem of cybersecurity education, training, and workforce development. So many achievements have been reached, including:
- Publishing an implementation plan for the NICE Strategic Plan,
- Publishing one pagers and white papers,
- Conducting an ongoing environmental scan of efforts,
- And so much more.
The success of the NICE Community Coordinating Council and these projects could not have been achieved without the voluntary participation of the members and group co-chairs. At this time we wish to thank and acknowledge everyone who has contributed to the success of the NICE Community Coordinating Council.
We would especially like to acknowledge the service of the following outgoing co-chairs:
- Jon Brickey, Industry Co-Chair of the NICE Community Coordinating Council
- Laurin Buchanan, K12 Cybersecurity Education Community of Interest Co-Chair
- Monica Gomez, Promote Career Discovery Working Group Co-Chair
- Jennifer Oddo, Apprenticeships in Cybersecurity Community of Interest Co-Chair
- Amelia Phillips, Cybersecurity Skills Competitions Community of Interest Co-Chair
- Bradley Wolfenden, Cybersecurity Skills Competitions Community of Interest Co-Chair
In addition, we are pleased to announce some new additions to the NICE Community Coordinating Council leadership team. We welcome these new co-chairs, and look forward to their contributions:
- Bridgett Paradise, Industry Co-Chair of the NICE Community Coordinating Council, Tenable
- Lemi-Ola Erinkitola, K12 Cybersecurity Education Community of Interest Co-Chair, Critical Thinking Child
Learn more and join the NICE Community Coordinating Council today!
Key Dates
July 26, 2022
Federal Cybersecurity Workforce Webinar: Employee Development Through Rotational and Exchange Programs
The Federal Cybersecurity Workforce Summit features colleagues who are working first-hand on initiatives geared toward attracting and strengthening vital cybersecurity talent.
Learn more and register here.
September 21, 2022
NICE Webinar: Overcoming the Entry-Level Job in Cybersecurity Conundrum
This webinar will highlight the imperative to change employers’ mindsets, modernize the recruitment and hiring process, update job announcements and position descriptions to align qualification requirements to the NICE Workforce Framework for Cybersecurity, and increase opportunities for Americans to choose a career in cybersecurity.
Learn more and register here
November 15, 2022
FISSEA Fall Forum
The FISSEA Forums are quarterly meetings to provide opportunities for policy and programmatic updates, the exchange of best practices, and discussion and engagement among members of the Federal Information Security Educators (FISSEA) community.
Learn more here.
October 17-22, 2022
Cybersecurity Career Awareness Week
Mark your calendars to celebrate Cybersecurity Career Awareness Week across the country. Join us in promoting awareness & exploration of cybersecurity careers by hosting an event, participating in an event near you, or engaging students with cybersecurity content!
Learn more: nist.gov/nice/ccaw
December 5-6, 2022
NICE K12 Cybersecurity Education Conference
“Expanding the Gateway to the Cybersecurity Workforce of the Future.”
The 8th annual NICE K12 Cybersecurity Education Conference will take place on December 5-6, 2022, in St. Louis, Missouri.
iKeepSafe has announced 2022 keynote speakers. We will hear from Susan Warner serves as Vice President, Talent and Community Engagement for Mastercard, responsible for talent engagement, global employee volunteerism and global disaster response. Arica Wells, 2022 Graduate at Spotsylvania High School, who is currently enrolled as a freshmen at Old Dominion University, where she is studying for her undergraduate degree in Cyber Operations. As a founding member of the Spotsylvania Cyber Knights, Arica was active in many capture the flag competitions, including Girls Go CyberStart, CyberStart America, and Radford University’s RUSecure. Lasty, we will hear from Bastian Freund, Special Agent, Cellular Analysis Survey Team (CAST) at the FBI in St. Louis. Bastian Freund has been a Special Agent for the FBI for approximately 19 years, working on Violent Crimes.
Learn more about the NICE K12 Cybersecurity Conference here.
This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce, under financial assistance award #70NANB20H144
June 5-7, 2023
2023 NICE Conference and Expo
SAVE THE DATE!
NICE Conference & Expo will take place June 5-7, 2022 at the Westin Seattle in Seattle, WA.
If we missed you at the 2022 NICE Conference & Expo, the recordings are now available on the 2022 Conference Past Events page.
Learn more about the NICE Conference and Expo here.
This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce, under financial assistance award #70NANB18H025.