SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS"

Transcription

1 1 SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS

2 Synopsis SPSP Project Overview Phase I Summary Phase II Summary Phase III Overview and Deliverables Guides Job Profiles Behavioral Interview Guidelines Individual and Team Performance Guidelines Phase III Final Report SPSP Summary, Broader Impacts, Next Steps 2

3 UNCLASSIFIED Secure Power Systems Professional (SPSP) DOE Workforce study Purpose: Identify key job skills, education and certification(s) needed for hiring or retraining Power Systems Cybersecurity (SPSP) practitioners. Challenge: Lay the ground work for an SPSP certification. Technical Approach: Through SME interview and industry survey, develop a comprehensive set of job competencies needed for SPSPs to do their job effectively. Major Deliverables: Reports for Phase 1: Job Performance Model Phase 2: Gap/Overlap Analysis Phase 3: Workforce Development SPSP Recruitment Guide SPSP Career Development Guide UNCLASSIFIED U.S. Department of Energy has taken the initiative to establish a Power Systems Cybersecurity workforce project to identify and measure the identified job skills for the purpose of developing a certification. This work has partnered with DHS and others. Performers: PNNL Partners: NBISE, VivoWorks, PsyberAnalytix, Industry experts

4 Focusing on SPSP Talent Pillars of Secure Power Systems Key activities in developing and maintaining effective secure power systems environments Technology Bridging IT and OT Analyze Acquire Capabilities Integrate People as Assets Identify Organize Communicate Cybersecurity Capability Concepts Process Knowledge and Skills Evaluate Analyze Gaps Prioritize and Plan Implement 5 5 SPSP Project Overview

5 6 Interdisciplinary Nature of Secure Power System Professionals Hybrid Skill Set Diverse Work Environment 6 SPSP Project Overview

6 Talent Management Life Cycle 7 Elements of the SPSP Workforce Planning process as aligned with the Pillars of Strategic Human Resource Management (SHRM) Workforce Planning Budgeting Justifying and Budgeting Recruiting Recruiting Career Growth Developing Hiring Promoting Training & Developing Retaining Retaining Workforce Planning Retaining Training & Developing Hiring Promoting Justifying & Budgeting Recruiting Career Growth 7 SPSP Project Overview

7 Project Phasing 8 SPSP Project Overview

8 Project Overview and Outcomes 9 SPSP Project Overview

9 10 Phase I Phase I produced an exploratory job performance model (JPM) based on a factor analysis of responses to a Job Analysis Questionnaire (JAQ), culminating in the Smart Grid Cybersecurity Job Analysis Report. January August 2012

10 Phase I Performance Modeling Methodology Job and Task Definition 1. Content definition 2. Role definition 3. Mission definition 4. Task definition Job Audit Questionnaires 1. Assign tasks to goals 2. Rate importance of task by skill and role 3. Rate frequency of task execution Approval Event 1. Approve mission definition 2. Approve task definition 11

11 12 Phase I: Job Roles Iterative Definitions Using Performance Modeling Methodology 109 Vignettes 44 Job Roles 108 Goals 82 Responsibilities Job Performance Model: Methodology Job Performance Model: Job Roles 516 Job Tasks 12 SPSP Phase I Overview

12 Phase I: Resulting Job Roles 109 Vignettes Secure Power Incident Responder 44 Job Roles 108 Goals 82 Responsibilities Job Performance Model Methodology Secure Power Intrusion Analyst Secure Power Security Operator 516 Job Tasks Secure Power Systems Engineer 13 SPSP Phase I Overview

13 14 Phase II The second phase mapped key workforce frameworks to the major job responsibilities defined in Phase I. August June 2013

14 Phase II: Mapping Overview Job Roles Incident Response Specialist Intrusion Analyst 71 Job Responsibilities Mapping Exercises Phase II Certifications NICE Security Operations Specialist 11 Job Responsibility Areas ES-C2M2 Secure Power Systems Professional Training & Education Phase I 15 SPSP Phase II Overview

15 Target Workforce Program Emphasis 16 Colored cells = major area of emphasis Blank = not a major area of emphasis D = differing opinions about degree of emphasis 16 SPSP Phase II Overview

16 Job Role Coverage by Certification 17 Job Role CEH CISM CISSP GCIA GCIH SOC Cyber Secure Power Eng. 0.0% 11.1% 33.3% 0.0% 0.0% 0.0% Incident Response 0.0% 40.0% 20.0% 0.0% 90.0% 0.0% Intrusion Analysis 10.0% 30.0% 20.0% 10.0% 70.0% 0.0% Security Operations 0.0% 50.0% 37.5% 0.0% 18.8% 0.0% Multiple credentials are required for a comprehensive view of SPSP workforce competency. 17 SPSP Phase II Overview

17 Phase II: Summary Analysis 18 Competency Frameworks Certification and Credentialing Phase II Analysis Education and Training 18 SPSP Phase II Overview

18 19 Phase III This phase defined role-based behavioral assessment criteria that will be essential in the development of tools used in the selection of personnel for specific roles and provided quick guides for staff recruitment and development. June 2013 August 2014

19 Phase III Deliverables Immediately Useable by Industry 4 Job Profiles Recruiting/Development Guides Job Profile Tables Major Responsibilities 1 2 Cybersecurity Workforce Framework Tasks (NICE) Electricity Subsector-Capability Maturity Model (ES-C2M2) Certifications Individual/Team Guidelines 3 Behavioral Interview Guidelines 4 20 SPSP Phase III Overview

20 Guide Development Methodology Based on results of Phases I and II, and validated through three carefully designed reviews to yield feedback from diverse perspectives. Survey of Industry Advisory Panel of SMEs Survey of power industry Onsite deep dive interviews about use and effectiveness with stakeholders at a power entity Outcome: Recruitment of SPSPs Career Development of SPSPs Development Methodology 21 SPSP Phase III Overview

21 Recruitment Guide for HR, Recruiters, and Hiring Managers 22 Project overview describing four SPSP job roles: Power System Incident Response Power System Intrusion Analysis Power System Security Operations Secure Power Systems Professionals Lists qualifications, preferred skills, and desirable professional attributes of the ideal SPSP candidate 22 SPSP Phase III Overview

22 Guide for Developing SPSP Overview of emerging modern power systems Job functions of the SPSP Description of how to develop SPSPs How and where SPSP skills are acquired SPSP-centric certifications and education programs Overview of the SPSP project SPSP Phase III Overview

23 4 Job Profiles Creating Job Profiles Four Job Roles Four Job Profiles Phase I 4 Job Roles Tasks Responsibilities Responsibility Areas Major Responsibilities Cybersecurity Workforce Framework Tasks (NICE) Phase II Competency Frameworks NICE & ES-C2M2 Workforce Development Certifications & Courses Electricity Subsector-Capability Maturity Model (ES-C2M2) Certifications 24 SPSP Phase III Overview

24 Job Profile Excerpt: Major Responsibilities Secure Power Systems Engineer Major Responsibilities Assess and manage power systems risk. Identify and mitigate power systems vulnerabilities. Implement power systems security monitoring. Log power systems security incidents. 25 SPSP Phase III Overview

25 Job Profile Excerpt: NICE Tasks Secure Power Systems Engineer Cybersecurity Workforce Framework Tasks NICE Tasks Major Responsibility: Identify and mitigate power systems vulnerabilities. Assist in the construction of signatures that can be implemented on Computer Network Defense network tools in response to new or observed threats within the enterprise (Task ID: 427). Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources (Task ID: 433). Collect and analyze intrusion artifacts (e.g., source code, malware, and trojans) and use discovered data to enable mitigation of potential Computer Network Defense incidents within the enterprise (Task ID: 438). Conduct authorized penetration testing of enterprise network assets (Task ID 448). Seven more NICE Tasks for this Major Responsibility are found in the report. 26 SPSP Phase III Overview

26 Job Profile Excerpt: ES-C2M2 Secure Power Systems Engineer ES-C2M2 Objectives to Determine Maturity Level Major Responsibility: Identify and mitigate power systems vulnerabilities. Identify and respond to threats. (4.3.4 Threat and Vulnerability Management) Reduce cybersecurity vulnerabilities. (4.3.4 Threat and Vulnerability Management) 27 SPSP Phase III Overview

27 Job Profile Excerpt: Certifications Secure Power Systems Engineer Certifications Major Responsibility: Identify and mitigate power systems vulnerabilities. Attack Techniques Discovery: CEH, GCIH, GPEN, GCIH, GWAP, Security + Penetration Testing: CEH, GPEN, GWAPT Industrial Control Cybersecurity: GICSP 28 SPSP Phase III Overview

28 Individual/Team Guidelines Goal: Analyze log files for signs of an attack or compromise. Responsibility: Ensure that incident response and recovery procedures are tested regularly. 29 SPSP Phase III Overview Appendix F

29 Behavioral Interview Guidelines Structure gap analyses of critical and fundamental employee knowledge skills and abilities. Support individual and team development plans. Help human resources understand the quality/ capabilities of employees & candidates. Immediately useable by hiring manager for skill selection. 30 SPSP Phase III Overview Appendix E

30 SPSP Summary, Implications, and Broader Impact 31

31 Key Accomplishment: SPSP products promote the defensibility of Fair Employment Practices through rigor and process: Process follows standards established by the United States Equal Opportunity Employment Commission (EEOC) and the American National Standards Institute (ANSI). Research indicates following these guidelines improves the legal defensibility of human resource practices. 32 SPSP Project Summary 32

32 SPSP Project Impacts and Outreach Influenced the new GICSP certification offered by SANS, the Global Industrial Cybersecurity Professional Project presented at National Defense University workshop Influenced assessment and assessment-driven learning approach adopted by DISA Mapping methodology used to analyze alignment of NICE Framework KSAs to CAE knowledge units Used by the National Cyber League to examine game balance 33 SPSP Project Summary

33 SME Panel & Advisory Group Members Panel Officers Chair - Tim Conway, SANS, NiSource (Phases 2, 3) Vice Chair - Karl Perman, NATF (Phase 2) Chair - Justin Searle, UtiliSec (Phase 1) Vice Chair - Scott King, Sempra Energy (Phase 1) Panel Member Representation Smart Grid Consultant (29%) Government (3%) Electric Utilities (32%) Research Organizations (11%) Electricity Industry Vendors (25%) 34

34 SPSP Panel is made up of: SPSP Project Summary

35 SPSP Next Steps 36 Gain Awareness Drive Programmatic Change Educate Leadership Assess Workforce

36 Recommendations for Next Steps Validate Selection Instrument Develop Self-Efficacy Instrument Create and Deploy Query Engine and Customized Reporting Design and Deploy Learning Platform Design Convert behavioral guidelines into a selection instrument and interview questions by Job Role Pilot Administer assessment to whole staff of 3 5 utilities Deploy Develop the Virtual Assessment Center 37 Enhance and Maintain Collect and analyze data to evaluate Virtual Assessment Center

37 SPSP Products Immediately Useable by Industry Job Profiles Secure Power Incident Responder Secure Power Intrusion Analyst Secure Power Security Operator Secure Power Systems Engineer Guides Behavioral Interview Guidelines Individual/ Team Guidelines Final report and SPSP products can be found at:

38 Points of Contact Tim Conway, SPSP Panel Chair Lori Ross O Neil, SPSP Project Manager

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the

More information

Agenda: Secure Power Systems Specialist. Challenges Project description Outcomes & findings. Phase I briefing, August 27, 2012

Agenda: Secure Power Systems Specialist. Challenges Project description Outcomes & findings. Phase I briefing, August 27, 2012 Secure Power Systems Specialist Phase I briefing, August 27, 2012 By Lori Ross O Neil, PNNL and Michael Assante, NBISE Agenda: Challenges Project description Outcomes & findings 1 Challenge facing the

More information

Secure Power Systems Professional Phase III Final Report: Recruiting, Selecting and Developing Secure Power Systems Professionals

Secure Power Systems Professional Phase III Final Report: Recruiting, Selecting and Developing Secure Power Systems Professionals PNNL- 23583 Secure Power Systems Professional Phase III Final Report: Recruiting, Selecting and Developing Secure Power Systems Professionals August 2014 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton

More information

Secure Power Systems Professional Project Phase 2 Closeout Briefing Lori Ross O Neil, PNNL and Michael Assante, NBISE

Secure Power Systems Professional Project Phase 2 Closeout Briefing Lori Ross O Neil, PNNL and Michael Assante, NBISE Secure Power Systems Professional Project Phase 2 Closeout Briefing Lori Ross O Neil, PNNL and Michael Assante, NBISE Background Challenges Project description Outcomes and Findings 1 Challenge facing

More information

Agenda: Workforce Development for ICS Security

Agenda: Workforce Development for ICS Security Workforce Development for ICS Security Cross cutting challenge shared by asset owner & supplier Item Spans 1 professional training to simple awareness Item 2 No identified pipeline to recruit from and

More information

The National Cybersecurity Workforce Framework. 2015 Delaware Cyber Security Workshop September 29, 2015

The National Cybersecurity Workforce Framework. 2015 Delaware Cyber Security Workshop September 29, 2015 The National Cybersecurity Workforce Framework 2015 Delaware Cyber Security Workshop September 29, 2015 Bill Newhouse NICE Program Office at the National Institute of Standards and Technology NICE is a

More information

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles PNNL-24140 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton

More information

PNNL- 22653. Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830

PNNL- 22653. Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830 PNNL- 22653 Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830 Developing Secure Power Systems Professional Competence: Alignment and Gaps in Workforce Development Programs for

More information

Define & Assess Skills - Smart Grid Security Specialists

Define & Assess Skills - Smart Grid Security Specialists Define & Assess Skills - Smart Grid Security Specialists SANS 2011 North American SCADA & Process Control Summit Michael Assante President & CEO NBISE michae.assante@nbise.org 208-557-8026 Cyber Security:

More information

An Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans. NICE Annual Conference November 2015

An Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans. NICE Annual Conference November 2015 An Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans NICE Annual Conference November 2015 Panelists David Brown, Director of CyberTalent at the SANS Institute, a new business unit

More information

Report on CAP Cybersecurity November 5, 2015

Report on CAP Cybersecurity November 5, 2015 Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information

Information Security Engineering

Information Security Engineering Master of Science In Information Security Engineering Course Descriptions November 2014 Master of Science in Information Security Engineering The program of study for the Master of Science in Information

More information

Course Descriptions November 2014

Course Descriptions November 2014 Master of Science In Information Security Management Course Descriptions November 2014 Master of Science in Information Security Management The Master of Science in Information Security Management (MSISM)

More information

NIST Cybersecurity Framework Overview

NIST Cybersecurity Framework Overview NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order

More information

Enhancing NASA Cyber Security Awareness From the C-Suite to the End-User

Enhancing NASA Cyber Security Awareness From the C-Suite to the End-User Enhancing NASA Cyber Security Awareness From the C-Suite to the End-User Valarie Burks Deputy Chief Information Officer, IT Security Division National Aeronautics and Space Administration (NASA) Agenda

More information

SECURITY 2.0 LUNCHEON

SECURITY 2.0 LUNCHEON PROTECTING YOUR ORGANIZATION SECURITY 2.0 LUNCHEON AGAINST CYBER THREATS Tommy Montgomery, Principal Consultant Viral Dhimar, Consultant Adam Ferguson, VP October 22, 2014 #SWCEvents Security 2.0: Next

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

Department of Homeland Security Federal Government Offerings, Products, and Services

Department of Homeland Security Federal Government Offerings, Products, and Services Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity

More information

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to

More information

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation

More information

Maryland 2014. The Cybersecurity Industry Window of Opportunity

Maryland 2014. The Cybersecurity Industry Window of Opportunity A Service Disabled Veteran Owned Small Business Maryland 2014 The Cybersecurity Industry Window of Opportunity John M. Leitch President & CEO Winquest Engineering Corporation V1.3 1 Agenda Industry Windows

More information

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many

More information

Attachment A. Identification of Risks/Cybersecurity Governance

Attachment A. Identification of Risks/Cybersecurity Governance Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year

More information

Succession Planning Process

Succession Planning Process Planning Process INTRODUCTION planning is a systematic approach to: Building a leadership pipeline/talent pool to ensure leadership continuity Developing potential successors in ways that best fit their

More information

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please

More information

CyberSkills Management Support Initiative

CyberSkills Management Support Initiative CyberSkills Management Support Initiative GROWING THE PIPELINE FOR CYBERTALENT THROUGH VOLUNTEER OPPORTUNITIES November 6, 2014 November 6, 2014 Background In June 2012, Secretary Napolitano announced

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the

More information

Smart Grid Cybersecurity Certification Phase 1 Overview Report

Smart Grid Cybersecurity Certification Phase 1 Overview Report Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830 Smart Grid Cybersecurity Certification Phase 1 Overview Report LR O Neil, PNNL MJ Assante, NBISE DH Tobey, NBISE August 2012

More information

Network Security Deployment Obligation and Expenditure Report

Network Security Deployment Obligation and Expenditure Report Network Security Deployment Obligation and Expenditure Report First and Second Quarters, Fiscal Year 2015 June 16, 2015 Fiscal Year 2015 Report to Congress National Protection and Programs Directorate

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

Professional Services Overview

Professional Services Overview Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded

More information

SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:

SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM: SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM: 12 Key Questions to Ask Executive Summary Host Intrusion Prevention Systems (HIPS) complement perimeter defenses, and play a vital role in protecting

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

OCIE CYBERSECURITY INITIATIVE

OCIE CYBERSECURITY INITIATIVE Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.

More information

IEEE-Northwest Energy Systems Symposium (NWESS)

IEEE-Northwest Energy Systems Symposium (NWESS) IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense : Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced

More information

Operationally Focused CYBER Training Framework

Operationally Focused CYBER Training Framework Operationally Focused CYBER Training Framework Deputy Director, Field Security Operations 9 May 2012 Agenda DISA Cyber Workforce Training Vision Basic Tenets Role-based Educational/Assessment implementation

More information

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult

More information

Obtaining Enterprise Cybersituational

Obtaining Enterprise Cybersituational SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational

More information

Protecting Energy s Infrastructure and Beyond: Cybersecurity for the Smart Grid

Protecting Energy s Infrastructure and Beyond: Cybersecurity for the Smart Grid Protecting Energy s Infrastructure and Beyond: Cybersecurity for the Smart Grid Which is it? Cyber Security ~or~ Cybersecurity? Dr. Ernie Lara President Presenters Estrella Mountain Community College Dr.

More information

The fast track to top skills and top jobs in cyber. Guaranteed.

The fast track to top skills and top jobs in cyber. Guaranteed. The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS FAST TRACK Four steps to a cybersecurity career QUALIFY Earn Acceptance TRAIN Build Elite Skills CERTIFY Earn

More information

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

CyberNEXS Global Services

CyberNEXS Global Services CyberNEXS Global Services CYBERSECURITY A cyber training, exercising, competition and certification product for maximizing the cyber skills of your workforce The Cyber Network EXercise System CyberNEXS

More information

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division James Stevens is a senior member of the technical staff

More information

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness

More information

State of South Carolina InfoSec and Privacy Career Path Model

State of South Carolina InfoSec and Privacy Career Path Model State of South Carolina InfoSec and Privacy Career Path Model Start Introduction This Career Path Model for the State of South Carolina (State) is designed to help define the various career options available

More information

Achieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce

Achieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce Achieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce Benjamin Scribner Department of (DHS) National Cybersecurity Education & Awareness Branch (CE&A) October 2014 Mid-South

More information

Accenture Cyber Security Transformation. October 2015

Accenture Cyber Security Transformation. October 2015 Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

US-CERT Year in Review. United States Computer Emergency Readiness Team

US-CERT Year in Review. United States Computer Emergency Readiness Team US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 What s Inside Welcome 1 Vison, Mission, Goals

More information

Understanding the NIST Cybersecurity Framework September 30, 2014

Understanding the NIST Cybersecurity Framework September 30, 2014 Understanding the NIST Cybersecurity Framework September 30, 2014 Earlier this year the National Institute of Standard and Technology released the Framework for Improving Critical Infrastructure Cybersecurity

More information

Tools and Resources to Build Your Cybersecurity Workforce

Tools and Resources to Build Your Cybersecurity Workforce Tools and Resources to Build Your Cybersecurity Workforce Benjamin Scribner Department of Homeland Security (DHS) National Cybersecurity Education & Awareness Branch (CE&A) November 2015 NICE Conference

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009 National Security & Homeland Security Councils Review of National Cyber Security Policy Submission of the Business Software Alliance March 19, 2009 Question # 1: What is the federal government s role in

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

SANS CyberTalent VetSuccess Immersion Academy. VetSuccess

SANS CyberTalent VetSuccess Immersion Academy. VetSuccess SANS CyberTalent VetSuccess Immersion Academy P I L O T R E P O R T 2 0 1 5 VetSuccess For more than 25 years, SANS has been the leader in training and developing cybersecurity professionals. Like many

More information

SECURE AND TRUSTWORTHY CYBERSPACE (SaTC)

SECURE AND TRUSTWORTHY CYBERSPACE (SaTC) SECURE AND TRUSTWORTHY CYBERSPACE (SaTC) Overview The Secure and Trustworthy Cyberspace (SaTC) investment is aimed at building a cybersecure society and providing a strong competitive edge in the Nation

More information

PROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE0000191

PROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE0000191 Interim Techlogy Performance Report 1 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V2 Company Name: The Boeing Company December 10, 2012 1 Interim Techlogy Performance Report 1

More information

Wyoming Community College Commission Request for New, Pilot or Revised Degree or Certificate Program

Wyoming Community College Commission Request for New, Pilot or Revised Degree or Certificate Program Community Commission Request for New, Pilot or Revised Degree or Certificate Program A. : Laramie County Community B. Date submitted to WCCC: C. Program 1. Request for: X New Program Pilot Program Revised

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

NIST Cybersecurity Framework & A Tale of Two Criticalities

NIST Cybersecurity Framework & A Tale of Two Criticalities NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented

More information

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure

More information

Access FedVTE online at: fedvte.usalearning.gov

Access FedVTE online at: fedvte.usalearning.gov FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk

More information

PREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY

PREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA Application of SOUTHERN CALIFORNIA GAS COMPANY (U 0 G) for Review of its Safety Model Assessment Proceeding Pursuant to Decision 1-1-0.

More information

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191 Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3

More information

This page was left intentionally blank.

This page was left intentionally blank. This page was left intentionally blank. Workforce Planning Model Steps What This Step Accomplishes 1. Define the Scope Determines our focus could be long or short term could be a specific business unit

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool 6/9/2016 Tim Segerson, Deputy Director Office of Examination & Insurance FFIEC Cybersecurity Assessment Tool LSCU Cyber Breakout June 17, 2016 Continuing saga of lost sensitive data Every event enhances

More information

CYBER SECURITY WORKFORCE

CYBER SECURITY WORKFORCE Department of the Navy CYBER SECURITY WORKFORCE SCHEDULE A HIRING AUTHORITY FINAL IMPLEMENTING GUIDANCE Prepared by: DONCIO USMC SPAWAR NAVY CYBER FORCES FFC OCHR HRO HRSC 1 Table of Contents I. Introduction

More information

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

CHIEF INFORMATION OFFICERS COUNCIL

CHIEF INFORMATION OFFICERS COUNCIL CYBERSECURITY WORKFORCE DEVELOPMENT MATRIX RESOURCE GUIDE October 2011 CIO.GOV Workforce Development Matrix Resource Guide 1 Table of Contents Introduction & Purpose... 2 The Workforce Development Matrix

More information

GIAC Program Overview 2015 Q4 Version

GIAC Program Overview 2015 Q4 Version GIAC Program Overview 2015 Q4 Version Program Overview - GIAC Certification 2015 1 What is GIAC? GIAC is the Global Information Assurance Certification program GIAC assesses candidate knowledge in specific

More information

Cyber Watch. Written by Peter Buxbaum

Cyber Watch. Written by Peter Buxbaum Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Virtual Patching: a Proven Cost Savings Strategy

Virtual Patching: a Proven Cost Savings Strategy Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Partnering for Project Success: Project Manager and Business Analyst Collaboration

Partnering for Project Success: Project Manager and Business Analyst Collaboration Partnering for Project Success: Project Manager and Business Analyst Collaboration By Barbara Carkenord, CBAP, Chris Cartwright, PMP, Robin Grace, CBAP, Larry Goldsmith, PMP, Elizabeth Larson, PMP, CBAP,

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

Strategic Plan On-Demand Services April 2, 2015

Strategic Plan On-Demand Services April 2, 2015 Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on

More information

Cyber Workforce Training

Cyber Workforce Training Cyber Workforce Training Mr Steve Jurinko DISA/PEO-MA 13 May 2014 1 DISA Cybersecurity Workforce Initiatives Cyber Workforce Coding DOD CIO initiative To identify the Cyber Workforce (CWF) across DISA

More information

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

National Initiative for Cybersecurity Education

National Initiative for Cybersecurity Education THE NICE VISION National Initiative for Cybersecurity Education a national campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms, and to build a digital

More information

DoD Directive (DoDD) 8570 & GIAC Certification

DoD Directive (DoDD) 8570 & GIAC Certification DoD Directive (DoDD) 8570 & GIAC Certification Date Updated: January 2014 National Account Manager 678-714-5712 Director 703-968-0103 What is DoDD 8570? Department of Defense Directive 8570 provides guidance

More information

Symantec Consulting Services

Symantec Consulting Services GET MORE FROM YOUR SECURITY SOLUTIONS Symantec Consulting 2015 Symantec Corporation. All rights reserved. Access outstanding talent and expertise with Symantec Consulting Symantec s Security Consultants

More information

N-Dimension Solutions Cyber Security for Utilities

N-Dimension Solutions Cyber Security for Utilities AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY WHITE PAPER GRC Simplified... Finally. A Guide to Successfully Implementing the NIST Cybersecurity Framework Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY

More information

Military Recruiting Consulting & Training Services Proposal

Military Recruiting Consulting & Training Services Proposal In Partnership with Military Recruiting Consulting & Training Services Proposal Prepared For: March 9, 2015 Our Understanding of Your Needs XYZ is a rapidly growing organization with... An evolving military

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness

More information

COUNTERINTELLIGENCE VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA

COUNTERINTELLIGENCE VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA COUNTERINTELLIGENCE VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA 09/1 8/2009 version UNCLASSIFIED//FOR OFFICIAL USE ONLY Cl VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA DEFINING COUNTERINTELLIGENCE

More information

NASA OFFICE OF INSPECTOR GENERAL

NASA OFFICE OF INSPECTOR GENERAL NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA

More information

Defending against modern threats Kruger National Park ICCWS 2015

Defending against modern threats Kruger National Park ICCWS 2015 Defending against modern threats Kruger National Park ICCWS 2015 Herman Opperman (CISSP, ncse, MCSE-Sec) - Architect, Cybersecurity Global Practice Microsoft Corporation Trends from the field Perimeter

More information

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information