Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
NICE eNewsletter Winter 2020-21
Subscribe to the NICE eNewsletter
welcome
Happy New Year! My name is Susana Barraza and I’m the new NICE Program Manager. I bring to NICE a background in Hispanic Serving Institution-STEM success programs, Social and Behavioral Sciences, and Economics. In my new role at NICE, I will be serving as staff liaison for the NICE Community Coordinating Council, Working Groups, Communities of Interest, and the NICE Interagency Coordinating Council. I am eager to dive into my role as we start the new year!
In this winter’s newsletter, the featured article describes the pathway created to address the cybersecurity workforce demand through the NICE Strategic Plan and the Revised NICE Framework. In addition, the Government Spotlight lays out the Presidential Management Fellows Program – a great opportunity designed to respond to the needs of an evolving cybersecurity workforce. In our Industry Spotlight, the Aspen Cybersecurity Group highlights steps that the private sector can take to strengthen the cybersecurity talent pipeline in 2021. Our Academic Spotlight focuses on cybersecurity education through technological and engineering literacy standards. I hope you enjoy these articles, and I look forward to working with all of you in our vibrant NICE community in the year ahead.
Susana Barraza
Program Manager, NICE
Featured Article
Setting a Path for Community Efforts: NICE Strategic Plan and Revised NICE Framework
By Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE), and Karen A. Wetzel, Manager of the NICE Framework
The challenges and opportunities before us to address the cybersecurity workforce needs of employers will require a whole nation approach and the active engagement of an entire ecosystem devoted to cybersecurity education, training, and workforce development. That is why the National Initiative for Cybersecurity Education (NICE) is seeking to continuously improve and update its strategies and guidance to ensure that we are contributing to both the present and future needs of organizations to manage cybersecurity risks.
The playbook by which the community prioritizes its actions is the NICE Strategic Plan, which is updated every five years, as required by Congress in the Cybersecurity Enhancement Act of 2014. At the annual NICE Conference in the fall of 2020, we announced the latest strategic plan, which includes a new vision to “Prepare, grow, and sustain a cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity.” Recent events have underscored the urgency of cybersecurity to our national security, and our growing dependence on information and communication technology reinforces the role that the security of cyberspace will play in advancing a digital economy.
There is no shortage of will or determination to address the cybersecurity skills gap through a variety of existing public and private sector programs and initiatives, but it is imperative for us to advance together as a community. Accordingly, the NICE mission, with a few new enhancements indicated in bold and italics, is more important than ever “To energize, promote, and coordinate a robust community working together to advance an integrated ecosystem of cybersecurity education, training, and workforce.” The role of the NICE Program Office to coordinate and facilitate programs, both within the federal government and across the entire ecosystem, is authorized by law. The mission’s emphasis on community is reinforced by the recent introduction of the NICE Community Coordinating Council (formerly NICE Working Group) to continue to build community and align efforts. While the values of the NICE Strategic Plan remain largely unchanged and encourage us to challenge assumptions and stimulate innovation, it is important that we not introduce change or improvements in isolation—which is why the values also underscore the importance of communication, collaboration, and resource sharing.
The NICE Strategic Plan is supported by five new goals:
- Promote the Discovery of Cybersecurity Careers and Multiple Pathways
- Transform Learning to Build and Sustain a Diverse and Skilled Workforce
- Modernize the Talent Management Process to Address Cybersecurity Skills Gaps
- Expand Use of the Workforce Framework for Cybersecurity (NICE Framework)
- Drive Research on Effective Practices for Cybersecurity Workforce Development
The goals and corresponding objectives are intended to inform and influence community priorities and actions. In an effort to guide implementation, the NICE Community Coordinating Council will be forming three new Working Groups beginning in January 2021 that will develop implementation plans through an ongoing environmental scan of programs, projects, and initiatives in order to assess the scope and sufficiency of efforts; identify gaps where more attention is needed; develop strategies and tactics to implement the goals and objectives; and develop metrics to measure progress and success.
Finally, the recently revised NIST Special Publication 800-181, Workforce Framework for Cybersecurity (NICE Framework) was released in November 2020. The changes implemented in this revision help ensure that the NICE Framework is agile, flexible, interoperable, and modular by streamlining existing content and introducing Competencies. Importantly, it retains at its core Task, Knowledge, and Skill (TKS) statements and shares how those building blocks can be applied via defined Work Roles, Teams, and Competencies. Competencies offer an employer-driven, high-level perspective on cybersecurity work, allowing organizations to broadly define need. They are also flexible, allowing the inclusion or removal of specific TKS statements in response to shifting needs in the ever-changing cybersecurity ecosystem.
The TKS statements, Work Roles, and Competencies have been separated from the NICE Framework publication itself so they can be regularly reviewed and updated. In the coming year we’ll be working with the NICE community via stakeholder meetings, a new NICE Framework Users Group, workshops, shared drafts, and other mechanisms to make sure that these important assets are aligned with the revision, as well as to establish a change plan for ongoing, regular improvements in the years ahead. All of this will be done in the context of our strategic plan and our goal to expand usability and use of the NICE Framework – which can only be done if it meets your needs.
Framework in Focus
A profile of a cybersecurity practitioner to illustrate application of the NICE Framework.
Leeza Garber, Esq.
Title/Organization: Privacy & Cybersecurity Attorney; Co-Founder of Can. Trust. Will., LLC; Adjunct Professor at Drexel University's Thomas R. Kline School of Law (Information Privacy Law) and Guest Lecturer at The University of Pennsylvania's The Wharton School (Internet Law)
NICE Framework Category: Oversee and Govern
NICE Framework Work Roles: Cyber Legal Advisor, Executive Cyber Leadership, Privacy Compliance
Academic Degrees: Bryn Mawr College, cum laude, B.A. 2008, University of Pennsylvania Law School, J.D., 2011, The Wharton School, Certificate in Business and Public Policy, 2011
Certifications: None
This issue’s interview is with Leeza Garber, an attorney who specializes in privacy and cybersecurity law, a cybersecurity consultant, and co-founder of Can. Trust. Will., a best hiring practices LLC focused on cybersecurity hiring. Just some of the topics Ms. Garber touches on in this conversation are her career; finding, hiring, and keeping employees; and advice for new learners entering into cybersecurity.
Read More and Listen to the Interview
spotlight articles
Cybersecurity Education through Technological and Engineering Literacy Standards
By Philip A. Reed, President, and Steven A. Barbato, Executive Director and CEO, of the International Technology and Engineering Educators Association
A new set of standards for technological and engineering literacy is available to better define a level of literacy expected of learners from pre-K through 12th grade. Focusing on essential knowledge, skills, and dispositions, the set spells out eight core disciplinary standards and eight practices that are widely applicable across a range of technology and engineering contexts, including cybersecurity.
Technology and engineering are pervasive in all aspects of our lives. As the world grows more complex, it is increasingly important for everyone to understand more about technology and engineering.
Steps for Strengthening the Cybersecurity Talent Pipeline in 2021
By David Forscey, Managing Director, Aspen Cybersecurity Group
In the United States, cybersecurity workforce demand continues to outpace supply despite steady growth in the workforce. From 2018 to 2020, the number of employees in cybersecurity roles grew 29 percent, from 715,715 to 922,720, while unfilled positions grew by 62 percent.
As the country enters a period of significant transition, the time is ripe for industry and government to rethink our approach. The United States boasts over 212 million citizens of working age. It would take just over 0.2 percent of our workforce to supply the 520,000 open cybersecurity roles we have today. But outdated concepts of what constitutes “cybersecurity talent” are preventing thousands of employers from taking advantage of this enormous talent pool.
Presidential Management Fellows Program Helps Identify Cybersecurity Leaders
By Arianne Jolene Gallagher, Director, Presidential Management Fellows Program, OPM’s Center for Leadership Development
About one out of three cybersecurity jobs in the Federal Government is going unfulfilled, according to a whitepaper released by the Cyberspace Solarium Commission in September 2020. To help respond to this evolving need in the workforce, the Presidential Management Fellows (PMF) Program sought to evaluate the level of cybersecurity aptitude and attitude among its finalists. Working with the CYBRScore® Solutions Group, the program conducted a pilot project in 2020 to determine whether PMF Finalists’ scores were comparable to those of Federal employees assessed as part of the Federal Cyber Reskilling Academy, using the World of Work Inventory (WOWI) assessment.
affiliated programs update
Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs with updates on their activities:
Workforce Framework for Cybersecurity (NICE Framework)
Following a year-long review cycle, on November 16, 2020, NICE announced the release of final updates to the NICE Framework. NIST Special Publication 800-181 Revision 1, gives the NICE Framework a new name - the Workforce Framework for Cybersecurity - and focuses in on the building blocks of a workforce framework. In 2021, efforts will focus on reviewing and updating the artifacts that support the NICE Framework, including the Competencies, Work Roles, and Tasks, Knowledge, and Skill (TKS) statements. For more information, read the press release or check out the current version online.
Learn more: NICE Cybersecurity Workforce Framework Resource Center
National Initiative for Cybersecurity Careers and Studies (NICCS)
The National Initiative for Cybersecurity Careers and Studies (NICCS), managed and maintained by the Cybersecurity and Infrastructure Security Agency (CISA), continues to strive to be a national hub for cybersecurity education, training, and careers.
In early February, NICCS will be releasing an update to the Cyber Career Pathways Tool. This includes changes to make the tool mobile-friendly and improve the presentation of the tool data on all devices and screens.o learn more about NICCS or the Cyber Career Pathways Tool, visit the Career Pathways Tool page or email us at NICCS [at] hq.dhs.gov (NICCS[at]hq[dot]dhs[dot]gov).
To learn more about NICCS and its resources, email niccs [at] hq.dhs.gov (NICCS[at]hq[dot]dhs[dot]gov)
Recent NICE Webinars
Competencies - The Next Frontier for Closing the Cybersecurity Skills Gap
December 16, 2020
This webinar describes a learner-centered approach to Competencies that is employer-driven and how assessments can be used to observe and measure learner capabilities. Learn more and view the recording here.
Addressing the Cybersecurity Talent Gap at Scale - Introducing Learning and Employment Records
October 21, 2020
This webinar introduces the emergence of LERs and describes the cybersecurity pilot project. The National Student Clearinghouse, IBM, Western Governor’s University, and iQ4 have joined together to establish this pilot program to provide a test bed for a Cybersecurity Learning and Employment Record. Learn more and view the recording here.
Learn more and view recordings: NICE Webinar Series
funded projects update
CYBER.ORG
Free, virtual professional development workshops that include topics from cybersecurity, computational thinking, and media literacy are now available for K-12 educators at https://cyber.org/events.
Learn more: CYBER.ORG
GenCyber
The GenCyber Program Office will release a new Call for Proposals on the GenCyber website in February. Look for public webinars throughout February and early March. Program participants do not have to be designated NCAE-C institutions to apply to host a GenCyber program.
For additional information about the program, please see gen-cyber.com, sign up for the GenCyber mailing list (found at gen-cyber.com), or email gencyber [at] nsa.gov (gencyber[at]nsa[dot]gov).
Learn more: www.gen-cyber.com/host
CyberSeek
In November 2020, CyberSeek released new data and features on their heat map and career pathway tools. The new information on the supply and demand of cybersecurity workers is among the updates and enhancements made. Comprehensive career information, aligned to the NICE Framework Work Roles, has also been added. See the full press release.
Learn more: CyberSeek.org
NICE community coordinating council
During the 2020 NICE Conference we officially announced the restructuring of the NICE Community groups. The new structure renames the NICE Working Group to NICE Community Coordinating Council, increases alignment to the new NICE Strategic Plan, and introduces three new NICE Working Groups that correspond to goals in the strategic plan: Promote Career Discovery; Transform Learning Process; and Modernize Talent Management. We are committed to ensuring that the work of the NICE Community benefits from the active engagement across stakeholder groups including academia, industry, and government.
We also announced the conversion of “subgroups” to NICE Communities of Interest to better reflect their purpose and membership. The four NICE Communities of Interest are: Apprenticeships in Cybersecurity, Cybersecurity Skills Competitions, K12 Cybersecurity Education, and the NICE Framework Users.
Learn more from the NICE Community Coordinating Council
Key dates
January 19, 2021
NICE Webinar: The Credentialing Economy and What It Means for Cybersecurity Skills
This webinar will explore The State of Credentialing and how competencies evidenced by credentials are the New Currency for a Digital Economy. The traditional credentials of academic diplomas or degrees, industry-recognized certifications, and workplace experience have been the gold standard for entering into and advancing in the cybersecurity workforce. However, there are a variety of different learning approaches, alternative ways to document achievements, and multiple career pathways that lead to a job or successful career in cybersecurity. NICE webinars are free to attend, but registration is required.
Learn more and register today here.
October 18-23, 2021
Cybersecurity Career Awareness Week
This year we are introducing a new name and new dates. We’re dropping the “National” from National Cybersecurity Career Awareness Week to encourage the broader community to get involved in raising cybersecurity career awareness on a global scale. We are also adjusting the dates to better align with cybersecurity awareness activities during Cybersecurity Awareness Month (October). Save the date and join us during the third week of October – October 18-23, 2021!
Learn more: nist.gov/nice/nccaw
December 6-7, 2021
2021 NICE K12 Cybersecurity Education Conference
Save the date! The 7th annual NICE K12 Cybersecurity Education Conference will take place on December 6-7, 2021, in St. Louis, Missouri.
More details will be announced soon.
This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce, under financial assistance award #70NANB20H144.
Learn more: k12cybersecurityconference.org