Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NICE Summer 2019 eNewsletter

| Featured Article | NICE Framework in Focus | Academic Spotlight | Industry Spotlight | Government Spotlight | Affiliated Program Updates | Funded Project Updates | NICE Working Group Updates | Key Dates |

Subscribe to the NICE eNewsletter


 

NICE Thomas Hayes

Welcome! My name is Thomas Hayes and I am a Summer Undergraduate Research Fellow at NIST. I just completed my sophomore year studying Information Systems at the University of North Georgia. My major tightly binds business fundamentals with cyber technology. Cybersecurity is an interesting element of this union. Today, the business world is driven by an information economy which can only prosper with adequate cybersecurity in place. Information Systems studies, with its business and cyber foundation, is more than capable of answering this challenge.

The featured article in this quarter’s eNewsletter, Happy 20th Anniversary CAE Program–A Look Back Over the Years, highlights the 270 colleges across the nation designated by the National Security Agency and Department of Homeland Security as a National Center of Academic Excellence (CAE) in Cyber Defense Education. I am fortunate that my university is one of them. A university’s CAE certification ensures that students learn vital knowledge and skills necessary to be effective in cybersecurity. The CAE designation also offers a bachelor’s degree in cybersecurity in addition to a graduate certificate in cybersecurity, which I plan to obtain. I encourage everyone to read and learn more about the programs history in addition to reading the other informative articles on cybersecurity!

Thomas Hayes
NIST Summer Undergraduate Research Fellow, NICE
University of North Georgia


Featured Article: 

HAPPY 20th ANNIVERSARY CAE PROGRAM – A LOOK BACK OVER THE YEARS
By Jill Curcio, Events Coordinator, Centers of Academic Excellence in Cyber Defense (CAE-CD) Program Management Office

In 1999, the National Security Agency (NSA) launched a program under which U.S. colleges and universities could be granted a designation known as the Center of Academic Excellence in Information Assurance Education. This program, now known as the Centers of Academic Excellence in Cyber Defense, is celebrating its 20th anniversary!  

In May 1999, NSA designated seven institutions as centers of academic excellence: James Madison University, George Mason University, Idaho State University, Iowa State University, Purdue University, University of California at Davis, and the University of Idaho were instrumental in developing information assurance (now cyber) curriculum in its infancy. Textbooks had yet to be written on the topic, so these first seven schools formed a bond and shared resources to begin building a community that has grown to over 270 schools across the country. Congratulations to these institutions!

Over the years, the CAE Program Management Office (PMO) has undergone many enhancements to keep up with the cyber landscape. Some of the more notable changes include introduction of the Department of Defense (DoD) Information Assurance Scholarship Program, now called the Cyber Scholarship Program (CySP), the addition of the Department of Homeland Security (DHS) as a partner, along with the addition of the Research and Two-Year Education (now the Associates) designations.  

The DoD Information Assurance (now Cyber) Scholarship Program (CySP) was created in 2001. It was intended to provide scholarship grants to CAE-designated schools to encourage qualified students attending those schools to start their careers at DoD. Similar to the National Science Foundation’s CyberCorps scholarship program, CySP entails scholarship-for-service, allowing students to pay back their scholarship with equivalent service. Since its inception in 2001, DoD CySP has provided over $92 million for scholarships and education capacity and supported 686 scholars at 105 CAE-CD institutions. The program continues to be administered by the CAE PMO and overseen by the DoD Chief Information Officer. 

In 2004, DHS joined NSA as a partner to help oversee the program. Since they have joined as a partner, they have added funding, expertise, and other resources to enhance CAE programs.

In 2008, the CAE in Research (CAE-R) designation was added to engage academia in much needed research solutions for securing critical information systems and networks. The CAE-R designation is intended to proactively increase our understanding of robust cyber defense technology, policy, and practices. Institutions designated as a CAE-R must be regionally accredited and highly rated according to the Carnegie Foundation Classification system. As of April 2019, 75 institutions in 36 states hold CAE-R designations.

In 2010, the Two-Year (2Y) Education designation was added. The addition of the CAE-2Y allows regionally accredited two-year community colleges, technical schools, and state or federally endorsed cybersecurity training centers to be designated. Adding this designation answered the growing trend of students starting their academic careers in 2Y institutions, or those wishing to re-train in a cyber-field. As of April 2019, 82 institutions in 33 states hold the CAE-2Y designation. Many of our designees hold multiple designations: 44 hold both CAE- CDE and CAE-R designations; 6 hold both CAE-CDE and CAE in Cyber Operations (CAE- CO); 3 hold CAE-R and CAE-CO. Nine hold 3 designations: CAE-CDE, CAE-R, and CAE-CO. 

Our most recent enhancement was the shift to Cyber Defense Education (CDE) Associates, Bachelors, Masters, and Doctorate designation levels. An update of Knowledge Units (KUs) was needed to maintain robust and rigorous cyber defense academic requirements, while expanding opportunities for schools to develop diverse and unique programs of study. Further, updating KUs allowed for closer alignment with the NICE Cybersecurity Workforce Framework (NIST SP 800-181), making it easier for other institutions, industry, government, and potential employers to share and compare information. With the introduction of non-technical and technical core KUs, schools are now able to align their programs with KUs that best fit their existing curriculum, thereby helping to strengthen the multidisciplinary aspect of the cyber field. Finally, as with any update, the CAE-CD PMO was able to tighten up and strengthen the KUs, eliminating duplicative topics within KUs and adding more content where needed.

As of April 2019, there are 272 designated institutions across 48 states, the District of Columbia, and Puerto Rico.  Though the program has evolved through the years, our focus has always been, and will continue to be, promoting higher education and research in cyber-defense and producing professionals with cyber-defense expertise in order to reduce vulnerabilities within our national infrastructure.  


NICE Framework in Focus

A profile of a cybersecurity practitioner to illustrate application of the NICE Cybersecurity Workforce Framework categories, specialty areas, and work roles.

NICE Framework Category: Securely Provision

Description: Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development.

NICE Framework Specialty Area: Technology Research and Development

Description: Conducts software and systems engineering and software systems research to develop new capabilities, ensuring cybersecurity is fully integrated. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.

Name:  Tim Nordvedt

NICE Tim Nordvedt

Title:  Cyber Tools Delivery Analyst

Organization:  Booz Allen Hamilton

Academic Degrees:  Network Security Administration Certificate, Howard Community College; Enrolled in a bachelors degree program (cloud and system administration), Western Governors University

Certifications:  GIAC Cyber Security Certification (GSEC); GIAC Certified Incident Handler (GCIH); CompTIA A+; CompTIA Network+; CompTIA Security+; CompTIA Cloud Essentials; CompTIA IT Project+; CompTIA Linux+; Certified Internet Web Professional (CIW) Site Development Associate; and Information Technology Infrastructure Library (ITIL) Foundation Certification for IT Service Management

Q: Explain your role and responsibilities as a Cyber Tools Delivery Analyst.

A: I look at the requirements of our client. I look at what is the legitimate capability of the product, the marketing materials. I try to find out what's really going to work best for the client. That way they don't have to search through hundreds of different vendors. They have a very manageable pool to look at. At the same time, it's not always about buying new products or creating new infrastructure. Sometimes we look at their current infrastructure and it's just a matter of being able to use these tools smarter or add some functionality to make it work in a better way without investing new capital. I spend a lot of my time just doing research on that end and develop new solutions for the different kinds of organizations.

Q: How do you envision using the NICE Framework to guide your career?  

A: When I started looking at the NICE Cybersecurity Workforce Framework it does a great job of breaking down all the subsets and the necessary skills, things to look for, and the job description.

To listen to the full audio interview with Tim Nordvedt, Cyber Tools Delivery Analyst, Booz Allen Hamilton, click on the audio below.

Audio file

Download a transcript of the interview


Academic Spotlight:

CYBERPATRIOT COMPETITION: TIPS FROM THE EXPERTS 
By Allen Stubblefield, Cyber Defense Teacher and Coach, and Team Troy Tech Support, Troy High School, Fullerton, CA

What do Science Olympiad, Odyssey of the Mind, First Robotics, and CyberPatriot have in common? All are national STEM competitions that encourage students to think critically, develop problem solving, and teamwork skills. These rigorous competitions expand student knowledge in many fields which they may want to pursue in college or as a career. The grueling path to qualify for the national CyberPatriot competition is long and labor-intensive. To make it to the finals is exciting enough; to have multiple teams qualify, and win, year after year is phenomenal. Troy High School won the All-Service Division in CyberPatriot X. This season, in CyberPatriot XI, Troy won the Open Division and had the runner-up winning All Service team. The coach and several members of the winning team share their insights and how they became interested in CyberPatriot and their path to Nationals.

Coach’s View

Troy Cyber is Troy High School’s cyber-defense after-school competition program. It started in 2010 with a coach inexperienced in cybersecurity and five young students. The first two years were rough, including inability of the school’s network to support the bandwidth needed for the competition. Weekly practices were about 15 minutes long because we didn't know what to study, but the team found CyberPatriot interesting and wanted to get better. The following years showed growth both in size and knowledge.

In CyberPatriot VIII, we started a middle school team with Ladera Vista Middle School, one of our feeder middle schools. What started with five seventh and eighth graders in September, became 25 students by December. We realized that CyberPatriot was something cool for middle school students. We began to actively support other middle school teams with the hope of recruiting those students to attend Troy High School and remain in our cyber program.

Luckily, we have the school’s full cooperation and access to computers to support 300 students last year. Students get to pick their area of interest and expertise (Windows, Linux, Cisco) and they must practice one day per week. We also keep our students’ interest by offering cyber-defense classes during the academic day as part of Troy Tech's academic magnet program. Our students are also energized by www.cyberseek.org. They, and their parents, understand that cybersecurity is a profession worth doing and one that our nation needs.

The Students’ Stories - Getting involved with CyberPatriot

NICE Troy HD CP Winners
                                Troy High School CyberPatriot XI National Champions

Students can explore cybersecurity and engage in activities through courses and summer camps, while others are persuaded to participate through siblings or friends. Joseph Xu learned about the Information Security Team during a freshman orientation for his Junior ROTC program. It appealed to his desire to learn more about computer science and he decided to join. Charissa Kim attended a CyberPatriot Summer Camp. She found it eye-opening to learn the fundamentals of computer components and ways to protect and secure technological devices. 

Some teams are formed through contacts from their cyber classes or afterschool programs, while others choose friends. Many teams have been participating together for several years, some since middle school. Christos Bakis, a senior and team captain, noted the school has an afterschool program for competitions with tryouts for the program based on attendance and willingness to learn. Some teams hold tryouts for each other to determine teammates, but many of the competitive teams seem to just come together, being able to recognize who is passionate and willing to put time in outside of school. Timothy Kim explained that there is a tryout after being taught basic knowledge of the competition. To be able to compete, students must demonstrate they learned something from the workshops or camps. There are additional tryouts for the top teams. 

Individual and Team Preparation for CyberPatriot

The common response for most team members included prioritizing practice sessions with long hours, hard work, frequent individual practice time, teaching others, and numerous team practices. Christos Bakis's team practiced during free time at home and school. Teaching others was a great way to practice because most of the CyberPatriot competition is very resource based. His team has experience in configuring real and virtual servers with more strict environments than the competition provides, making the competition seem easier than it really is. He practices almost every day. For the competition, his school practices three days a week for three hours a day, with most students coming one day a week. Clement Chan's school has cybersecurity classes and cyber-defense afterschool programs that teach security fundamentals. Some students also spend their own time at home researching and practicing with virtual images.

Task Assignments in Competition

Checklists are very useful for keeping people on track and knowing what to do and when but should not be relied on. Over many hours of practice, students learn multiple dimensions but become specialists in areas where they excel. Everyone began to know their role on each system, and each competition further reinforced member roles. During the actual competition, tasks are assigned based upon the operating systems and software that team members are specialized in.

Students can join a team for fun, but if they want to be competitive they must be willing to put in the time. Competing at top levels requires hard work and dedication, not unlike athletics. Success does not happen overnight; instead, it takes years of learning and competing. 


Industry Spotlight

PATIENT SAFETY AND CYBER SAFETY: A SHARED RESPONSIBILITY OF HEALTHCARE PROVIDERS AND SECURITY PROFESSIONALS
By Greg Garcia, Executive Director for Cybersecurity, Healthcare Sector Coordinating Council; and Brandyn Blunt, Sr. Clinical Engineering System Administrator, THCE Medical Equipment Technology and Compliance

It is by now common knowledge that many organizations within every industry sector and government agency are competing among each other to attract and retain the most skilled and experienced cybersecurity talent. There is perhaps no public service whose potential disruption through cyber corruption is felt more viscerally than in healthcare, where hacking the network can put patient safety in jeopardy.

The healthcare sector is acutely aware that its cybersecurity readiness requires an all-hands-on-deck collaboration to address the biggest cybersecurity challenges facing it. That means not just attracting and retaining the best professional cybersecurity talent, but ensuring that the clinical workforce – the doctors, nurses, pharmacists, dentists, lab technicians, researchers, and more – understand their responsibilities as front-line healthcare providers with access to patient data, medical technology, and patients themselves. The question is how to raise that awareness with programs and practices that are coherent and coordinated across the sector.

The Healthcare and Public Health Sector Coordinating Council (HSCC) is a coalition of private-sector critical healthcare infrastructure entities organized under Presidential Policy Directive 21 to partner with government in the identification and mitigation of strategic threats and vulnerabilities facing the sector’s ability to deliver services and assets to the public. The HSCC Joint Cybersecurity Working Group (JCWG) is a standing working group of the HSCC, composed of more than 200 industry and government organizations working together to develop strategies to address emerging and ongoing cybersecurity challenges to the health sector.

In 2017, a task force of industry and government experts appointed by the U.S. Department of Health and Human Services assessed gaps in the cybersecurity of the healthcare system and proposed recommendations for addressing those gaps. Among the six major imperatives recommended by the Health Care Industry Cybersecurity (HCIC) Task Force in June 2017 was Imperative 3, “Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.”

Answering that call, the HSCC Cybersecurity Working Group (CWG) established a Workforce Development Task Group (WDTG) in May 2018, co-chaired by Brandyn Blunt of Trinity Health and newly-appointed co-chair Marian Merritt of NICE/NIST, to consider various approaches to address HCIC Imperative 3.

The first effort published one year later in May 2019 was a white paper offering small to mid-sized health delivery organizations (HDOs) basic tips for developing a cybersecurity workforce development pipeline and training program. This guidance, “Healthcare Industry Cybersecurity Workforce Development: A Reference Guide for Healthcare Providers and Companies”, traces best practices along a continuum, from: 1) Hiring students, to 2) Transitioning IT staff to cybersecurity responsibilities; 3) Developing and managing professional development programs for executive-track cybersecurity personnel; and, 4) Outsourcing critical functions not otherwise resourced within the enterprise. For a copy of the white paper, see https://healthsectorcouncil.org/workforce-guide.

The next two workforce initiatives now in progress are focused on aspects of healthcare cybersecurity workforce development that complement this white paper:

  1. Develop an online cybersecurity curriculum for higher education in healthcare, starting with medical, nursing and pharmacy schools, to give health practitioners the basic cyber-hygiene awareness and skills needed to support the security and resiliency of their health provider’s networks and systems. This initiative is based on the recognized gap that doctors, nurses, and clinicians leaving medical school are entering the medical workforce inadequately equipped with the awareness, knowledge and skills to sufficiently manage their online and networked activities in a way that minimizes risks to the hospital, clinic, lab or other HDO environment.
  2. Align the definition and expression of hybrid healthcare cybersecurity skills and job descriptions to the NICE Cybersecurity Workforce Framework (NIST Special Publication 800-181). This will help cybersecurity hiring managers to consult a common lexicon for recruiting the right skill sets and experience, particularly for job responsibilities that must blend an understanding of cybersecurity and clinical/patient impact.

These initiatives are in process and are expected to be vetted for review and refinement later in 2019 / early 2020.

For more information on the HSCC Joint Cybersecurity Working Group, see https://healthsectorcouncil.org or contact greg.garcia [at] healthsectorcouncil.org (greg[dot]garcia[at]healthsectorcouncil[dot]org).


Government Spotlight

WORKFORCE NEEDS TO ADDRESS THE COMPREHENSIVE RANGE OF RISKS TO INDIVIDUAL PRIVACY
 
By Ellen Nadeau, Deputy Manager, Privacy Framework, NIST 

As organizations increasingly grapple with the challenges of privacy and technology, there’s a growing need for a diverse and well-trained privacy workforce. The National Institute of Standards and Technology (NIST) is currently developing the voluntary Privacy Framework: A Tool for Enterprise Risk Management—and workforce needs are an important part of the discussions.

NIST is engaging in a collaborative development process with cross-sector stakeholders through a series of public workshops and comment periods. Early on, stakeholders expressed two main perspectives on workforce development, explained in a recent Summary Analysis of Responses to the Request for Information:

  • Some saw the Privacy Framework as a tool to improve the development of a knowledgeable and skilled privacy workforce. For instance, one commenter said, “Including information regarding privacy engineering and its importance in implementing privacy by design should help advance recruitment of a knowledgeable and skilled workforce and ensure that more people, including but not limited to students who could pursue relevant education and company executives, are aware of this growing field and its utility.”
  • Others requested the inclusion of workforce best practices and guidance in the Privacy Framework, such as the commenter who recommended “that the Privacy Framework include best practices and encourage companies to not only address overall hiring and retention efforts, but also ways to include diverse voices at all levels — including attorneys specializing in privacy and data security, experts in data ethics, and technologists.”

Privacy Framework Discussion Draft

In the first complete draft, released in April 2019, NIST emphasized the importance of workforce in privacy risk management, noting in part: “…a broad range of perspectives can improve the process of identifying, assessing, and responding to privacy risks. A diverse and cross-functional team can help to identify a more comprehensive range of risks to individuals’ privacy, and to select a wider set of mitigations.” 

NIST also introduced the workforce as an element of “implementation tiers,” which are meant to help organizations determine whether they have adequate processes and resources in place to manage privacy risks in their environment. From a workforce perspective, these resources may range from a single individual holding multiple roles, including privacy, to a diverse and specialized workforce with privacy expertise integrated throughout an organization.

How to Engage

NIST is interested in feedback on how different organizational roles would interact with the Privacy Framework, from legal and business executives to engineers and more. NIST is also collaborating closely with the National Initiative for Cybersecurity Education (NICE), which is also part of NIST, to consider what type of supplemental guidance documents would be helpful from a workforce perspective as NIST expects to develop a suite of guidance similar to the Framework for Improving Critical Infrastructure Cybersecurity.

NIST welcomes feedback at any time on these topics, via email at privacyframework [at] nist.gov (privacyframework[at]nist[dot]gov).

Stakeholders interested in collaborating on the next stage of the Privacy Framework development should attend the upcoming public workshop at Boise State University on July 8-9: Getting to V1.0 of the NIST Privacy Framework: Workshop #3. Registration is open until July 1st, 2019, or capacity has been reached.

For more information about the Privacy Framework and future events, please visit the NIST Privacy Framework website, or sign up for the mailing list to receive regular updates and event announcements.


Affiliated Program Updates

Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs. 

National Initiative for Cybersecurity Careers and Studies (NICCS)

The National Initiative for Cybersecurity Careers & Studies (NICCS) is the nation’s one-stop shop for cybersecurity careers and studies. NICCS connects the public t

NICCS Cyber Framework Mapping Tool

o information on cybersecurity awareness, degree programs, training, careers, and talent management. NICCS accomplishes this through a number of interactive resources such as the NICCS Education and Training Catalog, which provides over 4,000 cybersecurity courses offered by organizations across the nation and is growing every day. 

On April 16, 2019, NICCS released the NICE Cybersecurity Workforce Framework Mapping Tool to the public for general use! The Mapping Tool allows managers and human capital professionals to enter information about a cyber position and generate reports to better understand how well their teams align to the NICE Cybersecurity Workforce Framework

Visit us at: https://niccs.us-cert.gov/ or email us at niccs [at] hq.dhs.gov (NICCS[at]hq[dot]dhs[dot]gov).  

NICE Cybersecurity Workforce Framework

At the 32nd Annual FISSEA Conference, NIST will be announcing an updated draft of NIST Special Publication 800-16 Rev 2, Role-Based Training for Cybersecurity for public comment. This publication will align and connect with the NICE Framework via a mapping of Knowledge, Skills, and Abilities (KSAs) to competency areas which can be found here

Advanced Technological Education Program 

The Center for Systems Security and Information Assurance (CSSIA) provides a range of professional development opportunities for cybersecurity educators. Courses offered in the coming months include: Collection and Use of Intelligence Information; Certified Ethical Hacker (CEH); EMC--Cloud Infrastructure & Services (CIS); Cisco Cybersecurity Essentials; (ISC)2 CISSP; ISACA Certified Information Systems Auditor (CISA); Basic Electricity for IoT; and Governance, Risk Management & Compliance. See the full schedule at http://cssia.org/cssia-training.cfm

The sixth annual Community College Cyber Summit (3CS) will be held at Bossier Parish Community College in Louisiana on July 30-August 1, 2019. This conference provides a forum for higher education faculty and administrators, as well as partners and sponsors, to share new initiatives and model programs and practices. This year's event will feature: 

  • A job fair and career exploration for students (over 400 students from 44 states applied for a National Science Foundation supported travel stipend); 

  • Cybersecurity skills development workshops on Secure Scripting, Cybersecurity Skills Journal Proposal Development, Hands-On Cryptography for IT, and Introduction to IBM's QRadar; 

  • Hundreds of hands-on workshops, presentations, and panels;  

  • Two events aimed at girls: IBM CyberDay4Girls (July 29) and Girl Scout Cyber Badge (July 30); and, 

  • Networking opportunities. 

For more on 3CS, including sponsorship opportunities, see https://www.my3cs.org

The National CyberWatch Center is looking for subject matter experts for its Information Security Fundamentals Curriculum Standards Panel. The role of the Curriculum Standards Panel is to continually verify, validate, and enhance assessments, instructional materials, hands-on tutorials, and interactive challenges. Panel participants will provide input and validation of the competency-based mastery learning designs, developed by the National CyberWatch Center Information Security Fundamentals Course Specific Curriculum Panel, to achieve the learning outcomes for an accelerated or semester-length Information Security Fundamentals course. For more information about the panel and how to apply to become a member visit https://bit.ly/2XmmNZv

Learn more at www.atecenters.org/security-technologies and www.nsf.gov/ate

National Centers of Academic Excellence (CAE) in Cybersecurity 

The National Centers of Academic Excellence (CAE) program celebrates 20 years of educating and developing our nation’s workforce in cybersecurity. Over the last 20 years, the CAE program has grown from its first seven designees to 272 CAE-designated schools across 48 states, the District of Columbia, and Puerto Rico. 

To mark this significant milestone, we are delighted to honor the inaugural seven:  George Mason University, Idaho State University, Iowa State University, James Madison University, Purdue University, University of California at Davis, and the University of Idaho, for their 20 years of participation and advancement in the CAE program.   

To learn more about this accomplishment, check out our current Featured Story:  20 Years of Excellence. Also, check out this quarter’s featured article for more information.  

Learn more at https://www.nsa.gov/resources/students-educators/centers-academic-excellence/

GenCyber 

The GenCyber Program is currently in its sixth year of offering summer cybersecurity experiences for students and teachers at the K-12 level.  This year, the National Security Agency (NSA) and the National Science Foundation (NSF) are happy to sponsor a total of 122 GenCyber summer camps at 76 institutions across 38 states (plus D.C. and Puerto Rico).  A list of the GenCyber summer camps being offered this year can be found on the GenCyber webpage at gen-cyber.com.


Funded Program Updates 

NICE Challenge Project

The NICE Challenge Project develops real-world cybersecurity challenges within virtualized business environments that bring students workforce experience before entering the workforce. The goal is to provide the most realistic experiences to students, at-scale year-round, while generating useful assessment data about their knowledge, skills, and abilities for educators. 

Over the spring quarter, the NICE Challenge Project reached new major milestones. The project now boasts record educational use and has reached triple digits of unique challenge content. The project has also released several new challenges and platform updates over the course of the previous quarter.  

With the last content release in May, the project released four new challenges for Protect & Defend work roles. The NICE Challenge Project now has over 100 unique challenges available for players to attempt. In addition to hitting this major content milestone, the project continues to see growing use across the nation. The project now serves over 350 educational institutions, touts 550 instructor signups, and has delivered over 40,000 challenge workspaces to date. 

The major platform update this quarter is a redesign of the NICE Challenge Webportal’s notification system. This update sought to modernize the platform notification visual design, bringing its location and design language in line with that of popular web applications users would likely be familiar with. Alongside that update was a host of quality of life updates, including more informational tooltips across the platform and autosave functionality for challenge documentation fields. 

The project’s development and content decisions are driven not only by our strategic vision, but by the extremely valuable feedback we receive from our users whom we feel privileged to work with on this journey in creating the next generation in hands-on cybersecurity content. Professors or staff members at educational institutions within the United States may sign up. 

Learn more at www.nice-challenge.com

National Integrated Cyber Education Research Center (NICERC) 

At NICERC, the goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow. In addition to curricular resources and professional development, an important component to this goal is career awareness. By highlighting various cyber careers, we hope to create an exciting menu of options to spark students’ imaginations and ambitions, as well as expand their options past the traditional careers of yesterday.  

Check out the newest resource to the NICERC extensive library of content by clicking here


NICE Working Group Updates

The NICE Working Group (NICEWG) has been established to provide a mechanism in which public and private sector participants can develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development. The Workforce Management Subgroup has recently created a project team to focus on mapping the guidebook they released last year to the NICE Cybersecurity Workforce Framework. The team seeks to deliver information that is relevant to the present as well as the future.   

Learn more about the NICE Working Group and sign up to participate at nist.gov/nice/nicewg.


Key Dates

NICE Webinars 

On July 17, 2019, NICE will hold a webinar on “How Talent Management Systems Help You Manage Your Cybersecurity Human Capital.” This webinar will inform attendees about how talent management systems address four main areas of personnel management: recruitment, performance management, development, and compensation. Learn more and register here

On June 19, 2019, NICE held a webinar on “Tools in the Federal Cybersecurity Workforce Toolbox.” This webinar helped federal employers, job seekers, school counselors, parents, and academic personnel understand the different tools available to help the federal government develop a superior cybersecurity workforce. Learn more and view a recording here

On May 15, 2019, NICE held a webinar on “Presidential Executive Order on America’s Cybersecurity Workforce - Enhancing Workforce Mobility and Supporting the Development of Cybersecurity Skills.” This webinar provided insights into the policy established through the Executive Order on America’s Cybersecurity Workforce and the tasks and deliverables contained within it. Learn more and view a recording here

On April 17, 2019, NICE held a webinar on “Women in Cybersecurity: Finding, Attracting and Cultivating Talent.” This webinar helped participants identify programs most likely to motivate more young women to enter the cybersecurity workforce. Learn more and view a recording here

NICE webinars are free to attend, but registration is required. 

Learn more, view webinar recordings, and more here

FISSEA Conference, June 27-28, 2019
Gaithersburg, Maryland

FISSEA is an annual conference that brings together managers responsible for information systems security training programs in federal agencies, contractors providing awareness and training support, and faculty members or program directors of institutions of higher education who offer certificate or degree programs in cybersecurity to federal government employees. This year’s theme focused on “Innovations in Cybersecurity Awareness and Training: A 360-Degree Perspective” and featured tracks on:

  • Track 1: Building Innovative Approaches to Awareness Programs
  • Track 2: Developing Skills through Innovative Role-Based Training
  • Track 3: Implementing Comprehensive Awareness and Training Programs

Learn more about FISSEA and how to stay updated on FISSEA announcements at https://nist.gov/fissea.

National Cybersecurity Career Awareness Week, November 11-16, 2019 

Mark your calendar for this year’s National Cybersecurity Career Awareness Week! 

National Cybersecurity Career Awareness Week focuses local, regional, and national interest to inspire, educate, and engage children through adults to pursue careers in cybersecurity. National Cybersecurity Career Awareness Week takes place during November’s National Career Development Month. Each day of the week-long campaign provides information about contributions and innovations, and the plethora of job opportunities that can be found by exploring cybersecurity as a field of study or career choice. 

Now is the time to commit to joining in observing National Cybersecurity Career Awareness Week! Commitments are actions taken by the community to promote awareness & exploration of cybersecurity careers. Commitments come in all sizes and do not always require financial investment. You can host an event, distribute career awareness materials, or engage through social media. Be creative!  

Learn more here.  

NICE Conference and Expo, November 18-20 2019
Phoenix, Arizona

The 10th annual NICE Conference and Expo will take place on November 18-20, 2019 in Phoenix, Arizona. The theme for this year’s conference is “Reimagining the Future of the Cybersecurity Workforce: Adapting to a Changing Landscape”. There will be four tracks at the conference: 

  • Partnering for a Stronger Cybersecurity Community
    • This track focuses on creating connections between industry, higher education, government, and others to lead to better alignment between learning systems and employer skill needs, while creating new or evolved systems better adapted to the training and educational needs of cybersecurity work roles.
  • The Impacts of Future Technologies on the Cybersecurity Workforce
    • This track will invite discussion on how future technology--and interactions with that technology--is likely to shape demands on cybersecurity work and workers.
  • Connecting Theory and Practice
    • This track describes methods to teaching cybersecurity through hands-on experiences, including collaborative opportunities between employers and educators, competitions, apprenticeships, hackathons, and gamified learning, in turn reducing the gap between education and real-world experiences.
  • Expanding Skill Development through Lifelong Learning
    • This track explores learning outside of conventional classroom environments and educational disciplines to make cybersecurity more accessible to all learners and creating mechanisms for learning at every stage in life including learners looking to cross disciplines, career changers, employers interested in upskilling their workforce, and many others.

Speakers, registration, and the conference agenda will be announced soon!
Learn more at www.niceconference.org

NICE K12 Cybersecurity Education Conference, December 9-10, 2019 Garden Grove, California 

The 5th annual NICE K12 Conference and Expo will take place on December 9-10, 2019 in Garden Grove, California. The theme for this year’s conference is “Innovation, Vision, Imagination: Harnessing the talent of today to build the cybersecurity workforce of the future”.  There will be five tracks at the conference:  

  1. Increasing Cybersecurity Career Awareness 
  2. Infusing Cybersecurity Across the Education Portfolio 
  3. Integrating Innovative Cybersecurity Educational Approaches 
  4. Designing Cybersecurity Academic and Career Pathways 
  5. Promoting Cyber Awareness 

Speakers, registration, and the conference agenda will be announced soon! 

Learn more at www.k12cybersecurityconference.org.

 

Created June 18, 2019, Updated April 19, 2021