The National Initiative for Cybersecurity Education (NICE) The NICE Workforce Framework, NIST SP 800-181, Overview

October 4, 2017

2

Accelerate Learning and Skills Development • Inspire a sense of urgency in both the public and private sectors

to address the shortage of skilled cybersecurity workers Nurture A Diverse Learning Community

• Strengthen education and training across the ecosystem to emphasize learning, measure outcomes, and diversify the cybersecurity workforce

Guide Career Development & Workforce Planning

• Support employers to address market demands and enhance recruitment, hiring, development, and retention of cybersecurity talent

NICE Strategic Goals - http://csrc.nist.gov/nice/about/strategicplan.html

3

Inspire a sense of urgency in both the public and private sectors to address the shortage of skilled cybersecurity workers Objectives:

1.1 Stimulate the development of approaches and techniques that can more rapidly increase the supply of qualified cybersecurity workers 1.2 Advance programs that reduce the time and cost for obtaining knowledge, skills, and abilities for in-demand work roles 1.3 Engage displaced workers or underemployed individuals who are available and motivated to assume cybersecurity work roles 1.4 Experiment with the use of apprenticeships and cooperative education programs to provide an immediate workforce that can earn a salary while they learn the necessary skills 1.5 Explore methods to identify gaps in cybersecurity skills and raise awareness of training that addresses identified workforce needs

NICE Strategic Goal #1: Accelerate Learning and Skills Development

4

Strengthen education and training across the ecosystem to emphasize learning, measure outcomes, and diversify the cybersecurity workforce Objectives:

2.1 Improve education programs, co-curricular experiences, and training and certifications 2.2 Encourage tools and techniques that effectively measure and validate individual aptitude, knowledge, skills, and abilities 2.3 Inspire cybersecurity career awareness with students in elementary school, stimulate cybersecurity career exploration in middle school, and enable cybersecurity career preparedness in high school 2.4 Grow creative and effective efforts to increase the number of women, minorities, veterans, persons with disabilities, and other underrepresented populations in the cybersecurity workforce 2.5 Facilitate the development and dissemination of academic pathways for cybersecurity careers

NICE Strategic Goal #2: Nurture a Diverse Learning Community

5

Support employers to address market demands and enhance recruitment, hiring, development, and retention of cybersecurity talent Objectives:

3.1 Identify and analyze data sources that support projecting present and future demand and supply of qualified cybersecurity workers 3.2 Publish and raise awareness of the NICE Cybersecurity Workforce Framework and encourage adoption 3.3 Facilitate state and regional consortia to identify cybersecurity pathways addressing local workforce needs 3.4 Promote tools that assist human resource professionals and hiring managers with recruitment, hiring, development, and retention of cybersecurity professionals 3.5 Collaborate internationally to share best practices in cybersecurity career development and workforce planning

NICE Strategic Goal #3: Guide Career Development and Workforce Planning

NICE Cybersecurity Workforce Framework – NIST SP 800-181

• Specialty Areas (33) – Distinct areas of cybersecurity work; • Work Roles (52) – The most detailed groupings of cybersecurity work, which include specific

knowledge, skills, and abilities required to perform a set of tasks. • Tasks – Specific work activities that could be assigned to a professional working in one of the

NCWF’s Work Roles; and, • Knowledge, Skills, and Abilities (KSAs) – Attributes required to perform Tasks, generally

demonstrated through relevant experience or performance-based education and training.

• Audience: • Employers • Current and Future Cybersecurity Workers • Training and Certification Providers • Education Providers • Technology Providers

SECURELY PROVISION

PROTECT AND

DEFEND

OPERATE AND

MAINTAIN

OVERSEE AND

GOVERN

COLLECT AND

OPERATE INVESTIGATE ANALYZE

Categories of Cybersecurity Work

NICE Workforce Framework Categories

7

Categories Descriptions

Securely Provision (SP) Conceptualizes, designs, and builds secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development.

Operate and Maintain (OM)

Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security.

Oversee and Govern (OV) Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.

Protect and Defend (PR) Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.

Analyze (AN) Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

Collect and Operate (CO) Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.

Investigate (IN) Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence.

NIST SP 800-181 NICE Workforce Framework Relative Specificity

Very Broad

Very Specific

Cybersecurity Category

Specialty Area

Work Roles KSA Task

8

Securely Provision (7 Specialty Areas, 11 Work Roles)

9

Category Specialty Area Work Role

Securely Provision

Risk Management Authorizing Official/Designating Representative

Security Control Assessor

Software Development Software Developer

Secure Software Assessor

Systems Architecture Enterprise Architect

Security Architect

Technology R&D Research & Development Specialist

Systems Requirements Planning Systems Requirements Planner

Test and Evaluation Testing and Evaluation Specialist

Systems Development Information Systems Security Developer

Systems Developer

Operate and Maintain (6 Specialty Areas, 7 Work Roles)

10

Category Specialty Area Work Role

Operate and Maintain

Data Administration

Database Administrator

Data Analyst

Knowledge Management Knowledge Manager

Customer Service and Technical Support Technical Support Specialist

Network Services Network Operations Specialist

Systems Administration System Administrator

Systems Analysis Systems Security Analyst

Oversee and Govern (6 Specialty Areas, 14 Work Roles)

11

Category Specialty Area Work Role

Oversee and Govern

Legal Advice and Advocacy Cyber Legal Advisor Privacy Officer/Compliance Manager

Training, Education, and

Awareness Cyber Instructional Curriculum Developer

Cyber Instructor

Cybersecurity Management Information Systems Security Manager

Communication Security Manager

Strategic Planning and Policy Cyber Workforce Developer and Manager

Cyber Policy and Strategy Planner

Executive Cyber Leadership Executive Cyber Leadership

Program/Project Management and Acquisition

Program Manager

IT Project Manager

Product Support Manager

IT Investment/Portfolio Manager

IT Program Auditor

Protect and Defend (4 Specialty Areas, 4 Work Roles)

12

Category Specialty Area Work Role

Protect and Defend

Cyber Defense Analysis Cyber Defense Analyst

Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist

Incident Response Cyber Defense Incident Responder

Vulnerability Assessment and Management Vulnerability Assessment Analyst

Analyze (5 Specialty Areas, 7 Work Roles)

13

Category Specialty Area Work Role

Analyze

Threat Analysis Threat/Warning Analyst

Exploitation Analysis Exploitation Analyst

All-Source Analysis

All-Source Analyst

Mission Assessment Specialist

Targets Target Developer

Target Network Analyst

Language Analysis Multi-Disciplined Language Analyst

Operate and Collect (3 Specialty Areas, 6 Work Roles)

14

Category Specialty Area Work Role

Collect and Operate

Collection Operations All Source-Collection Manager

All Source-Collection Requirements Manager

Cyber Operational Planning

Cyber Intel Planner

Cyber Ops Planner

Partner Integration Planner

Cyber Operations Cyber Operator

Investigate (2 Specialty Areas, 3 Work Roles)

15

Category Specialty Area Work Role

Investigate

Cyber Investigation Cyber Crime Investigator

Digital Forensics

Law Enforcement/Counterintelligence Forensics Analyst

Cyber Defense Forensics Analyst

Building Blocks for a Capable and Ready Cybersecurity Workforce

16

Federal Department and Agency Support

Over 20 Federal Departments and Agencies supported framework development, including: Department of State Department of Education Department of Labor Office of Management and Budget Office of Personnel Management Department of Defense Department of Justice Information Sciences & Technologies Department of Homeland Security (including NPPD, TSA, USSS, Coast Guard, ICE, CBP, CIS, DHS OI&A).

Central Intelligence Agency Defense Intelligence Agency Director of National Intelligence Federal Bureau of Investigation National Security Agency National Science Foundation Department of Defense /DC3x National Counterintelligence Executive Federal CIO Council

17

Non-Profit & Government Organizations In addition, NICE has worked very closely with non-profit and governmental organizations to socialize the framework. A non-exhaustive list:

•FedCIO Council IT Work Force Committee (ITWFC) • Committee of National Systems Security (CNSS) • FedCIO Council Information Security and Identity Management Committee (ISIMC) • National Cybersecurity Alliance (NCSA) • Federal Information Systems Security Educators Association (FISSEA) • Colloquium for Information Systems Security Educators (CISSE) • Colloquium for Advanced Cybersecurity Education (CACE) • Washington Cyber Roundtable • CyberWatch

•US Cyber Challenge • National Association of State Chief Information Officers (NASCIO) • Multi-State Information Sharing and Analysis Center (MS-ISAC) •Information Systems Security Association (ISSA) • National Board of Information security Examiners (NBISE) • Cybersecurity Certification Collaborative (C3) • Institute for Information Infrastructure Protection (I3P) • Association for Computing machinery (ACM) • Institute of Electrical and Electronics Engineers (IEEE)

18

• Department of Defense (DoD) Cybersecurity Workforce Framework is composed of cybersecurity functional roles, associated job tasks, and the knowledges, skills, and abilities (KSAs) required to perform those tasks. This content was compiled by organizational psychology experts and reviewed by subject matter experts (SMEs) through a series of focus groups. The final framework was reviewed and revised by additional SMEs and stakeholders; 118 SMEs across Air Force, Army, Navy, Marines, and NSA participated in the development of this framework.

• Intelligence Community (IC) Cyber Subdirectory presents a comprehensive list of competencies and knowledges, skills, and abilities (KSAs) needed by IC cybersecurity professionals to fulfill mission requirements. Subdirectory content was gathered through a data call to 16 IC elements and was compiled by organizational psychology experts. A series of focus groups with 11 SMEs from across the IC was conducted with an additional review from other SMEs and senior IC stakeholders. Finally, an electronic questionnaire was completed by 51 cybersecurity professionals from across the IC (including Air Force, Army, CIA, DHS, DIA, DC3, FBI, ODNI, NSA, DoS) to gather confirmatory data for the competencies and KSAs.

• Office of Personnel Management (OPM) Cybersecurity Model includes core and technical competencies for cybersecurity professionals across four occupational series. This competency model was developed through focus groups and an electronic questionnaire sent to approximately 50,000 employees and supervisors with significant responsibilities for some aspect of cybersecurity. Participation for both of these efforts was across the Federal government.

• National Security Agency (NSA) Computer Network Operations (CNO) Training Roadmaps establish job tasks and KSAs for CNO work roles and the training available to develop different levels of proficiency within those roles. A series of focus groups with SMEs from each work role were conducted to refine work role definitions and draft lists of tasks and KSAs for the roadmap while National Cryptologic School (NCS) curriculum managers, instructors, and other experts from 34 curricula reviewed the linkages and provided proficiency information.

• Department of Defense (DoD) 8570: Information Assurance Workforce Improvement Program Manual provides guidance and procedures for training, certification, and workforce management of the DoD Information Assurance (IA) work functions. A series of working groups helped to develop the manual by identifying public and private sector resources relevant to IA and then organizing the resources by function and work level.

• Department of Homeland Security (DHS) Information Technology (IT) Security Essential Body of Knowledge (EBK) summarizes the IT security skill requirements for the IT security workforce and links competencies and functional perspectives to IT security roles. A working group developed the EBK, and a series of role-specific focus groups were conducted to ensure content across IT security roles was fully represented. Input from the private sector, government, and academia was obtained. In addition, public comment was provided through the Federal Register and incorporated into the final document.

19

Sources Used to Develop Initial Draft of Framework (as noted in 2012)

National Initiative for Cybersecurity Education (NICE) – https://nist.gov/nice • The NICE strategic plan https://www.nist.gov/itl/applied-

cybersecurity/nice/about/strategic-plan • The NICE Cybersecurity Workforce Framework https://www.nist.gov/itl/applied-

cybersecurity/nice/resources/nice-cybersecurity-workforce-framework Resources (for industry, gov’t, and academia) • The NICE Working Group and subgroups (K-12, Collegiate, Competitions, Training

and Certifications, and Workforce Management) https://www.nist.gov/itl/applied-cybersecurity/nice/about/working-group – Forum to identify and share best practices that help us as a nation make progress towards

the NICE Strategic goals and objectives.

• NICE grants to 5 Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development

• NICE grant for the creation of Cyberseek http://cyberseek.org/ • NICE challenge Project https://www.nice-challenge.com/

– cyber challenge labs emphasize real world skills like problem solving, self-learning, and documentation over regurgitating step-by-step instructions and limited simulations.

20