SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS
|
|
- Randell Chambers
- 8 years ago
- Views:
Transcription
1 1 SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS
2 Synopsis SPSP Project Overview Phase I Summary Phase II Summary Phase III Overview and Deliverables Guides Job Profiles Behavioral Interview Guidelines Individual and Team Performance Guidelines Phase III Final Report SPSP Summary, Broader Impacts, Next Steps 2
3 UNCLASSIFIED Secure Power Systems Professional (SPSP) DOE Workforce study Purpose: Identify key job skills, education and certification(s) needed for hiring or retraining Power Systems Cybersecurity (SPSP) practitioners. Challenge: Lay the ground work for an SPSP certification. Technical Approach: Through SME interview and industry survey, develop a comprehensive set of job competencies needed for SPSPs to do their job effectively. Major Deliverables: Reports for Phase 1: Job Performance Model Phase 2: Gap/Overlap Analysis Phase 3: Workforce Development SPSP Recruitment Guide SPSP Career Development Guide UNCLASSIFIED U.S. Department of Energy has taken the initiative to establish a Power Systems Cybersecurity workforce project to identify and measure the identified job skills for the purpose of developing a certification. This work has partnered with DHS and others. Performers: PNNL Partners: NBISE, VivoWorks, PsyberAnalytix, Industry experts
4 Focusing on SPSP Talent Pillars of Secure Power Systems Key activities in developing and maintaining effective secure power systems environments Technology Bridging IT and OT Analyze Acquire Capabilities Integrate People as Assets Identify Organize Communicate Cybersecurity Capability Concepts Process Knowledge and Skills Evaluate Analyze Gaps Prioritize and Plan Implement 5 5 SPSP Project Overview
5 6 Interdisciplinary Nature of Secure Power System Professionals Hybrid Skill Set Diverse Work Environment 6 SPSP Project Overview
6 Talent Management Life Cycle 7 Elements of the SPSP Workforce Planning process as aligned with the Pillars of Strategic Human Resource Management (SHRM) Workforce Planning Budgeting Justifying and Budgeting Recruiting Recruiting Career Growth Developing Hiring Promoting Training & Developing Retaining Retaining Workforce Planning Retaining Training & Developing Hiring Promoting Justifying & Budgeting Recruiting Career Growth 7 SPSP Project Overview
7 Project Phasing 8 SPSP Project Overview
8 Project Overview and Outcomes 9 SPSP Project Overview
9 10 Phase I Phase I produced an exploratory job performance model (JPM) based on a factor analysis of responses to a Job Analysis Questionnaire (JAQ), culminating in the Smart Grid Cybersecurity Job Analysis Report. January August 2012
10 Phase I Performance Modeling Methodology Job and Task Definition 1. Content definition 2. Role definition 3. Mission definition 4. Task definition Job Audit Questionnaires 1. Assign tasks to goals 2. Rate importance of task by skill and role 3. Rate frequency of task execution Approval Event 1. Approve mission definition 2. Approve task definition 11
11 12 Phase I: Job Roles Iterative Definitions Using Performance Modeling Methodology 109 Vignettes 44 Job Roles 108 Goals 82 Responsibilities Job Performance Model: Methodology Job Performance Model: Job Roles 516 Job Tasks 12 SPSP Phase I Overview
12 Phase I: Resulting Job Roles 109 Vignettes Secure Power Incident Responder 44 Job Roles 108 Goals 82 Responsibilities Job Performance Model Methodology Secure Power Intrusion Analyst Secure Power Security Operator 516 Job Tasks Secure Power Systems Engineer 13 SPSP Phase I Overview
13 14 Phase II The second phase mapped key workforce frameworks to the major job responsibilities defined in Phase I. August June 2013
14 Phase II: Mapping Overview Job Roles Incident Response Specialist Intrusion Analyst 71 Job Responsibilities Mapping Exercises Phase II Certifications NICE Security Operations Specialist 11 Job Responsibility Areas ES-C2M2 Secure Power Systems Professional Training & Education Phase I 15 SPSP Phase II Overview
15 Target Workforce Program Emphasis 16 Colored cells = major area of emphasis Blank = not a major area of emphasis D = differing opinions about degree of emphasis 16 SPSP Phase II Overview
16 Job Role Coverage by Certification 17 Job Role CEH CISM CISSP GCIA GCIH SOC Cyber Secure Power Eng. 0.0% 11.1% 33.3% 0.0% 0.0% 0.0% Incident Response 0.0% 40.0% 20.0% 0.0% 90.0% 0.0% Intrusion Analysis 10.0% 30.0% 20.0% 10.0% 70.0% 0.0% Security Operations 0.0% 50.0% 37.5% 0.0% 18.8% 0.0% Multiple credentials are required for a comprehensive view of SPSP workforce competency. 17 SPSP Phase II Overview
17 Phase II: Summary Analysis 18 Competency Frameworks Certification and Credentialing Phase II Analysis Education and Training 18 SPSP Phase II Overview
18 19 Phase III This phase defined role-based behavioral assessment criteria that will be essential in the development of tools used in the selection of personnel for specific roles and provided quick guides for staff recruitment and development. June 2013 August 2014
19 Phase III Deliverables Immediately Useable by Industry 4 Job Profiles Recruiting/Development Guides Job Profile Tables Major Responsibilities 1 2 Cybersecurity Workforce Framework Tasks (NICE) Electricity Subsector-Capability Maturity Model (ES-C2M2) Certifications Individual/Team Guidelines 3 Behavioral Interview Guidelines 4 20 SPSP Phase III Overview
20 Guide Development Methodology Based on results of Phases I and II, and validated through three carefully designed reviews to yield feedback from diverse perspectives. Survey of Industry Advisory Panel of SMEs Survey of power industry Onsite deep dive interviews about use and effectiveness with stakeholders at a power entity Outcome: Recruitment of SPSPs Career Development of SPSPs Development Methodology 21 SPSP Phase III Overview
21 Recruitment Guide for HR, Recruiters, and Hiring Managers 22 Project overview describing four SPSP job roles: Power System Incident Response Power System Intrusion Analysis Power System Security Operations Secure Power Systems Professionals Lists qualifications, preferred skills, and desirable professional attributes of the ideal SPSP candidate 22 SPSP Phase III Overview
22 Guide for Developing SPSP Overview of emerging modern power systems Job functions of the SPSP Description of how to develop SPSPs How and where SPSP skills are acquired SPSP-centric certifications and education programs Overview of the SPSP project SPSP Phase III Overview
23 4 Job Profiles Creating Job Profiles Four Job Roles Four Job Profiles Phase I 4 Job Roles Tasks Responsibilities Responsibility Areas Major Responsibilities Cybersecurity Workforce Framework Tasks (NICE) Phase II Competency Frameworks NICE & ES-C2M2 Workforce Development Certifications & Courses Electricity Subsector-Capability Maturity Model (ES-C2M2) Certifications 24 SPSP Phase III Overview
24 Job Profile Excerpt: Major Responsibilities Secure Power Systems Engineer Major Responsibilities Assess and manage power systems risk. Identify and mitigate power systems vulnerabilities. Implement power systems security monitoring. Log power systems security incidents. 25 SPSP Phase III Overview
25 Job Profile Excerpt: NICE Tasks Secure Power Systems Engineer Cybersecurity Workforce Framework Tasks NICE Tasks Major Responsibility: Identify and mitigate power systems vulnerabilities. Assist in the construction of signatures that can be implemented on Computer Network Defense network tools in response to new or observed threats within the enterprise (Task ID: 427). Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources (Task ID: 433). Collect and analyze intrusion artifacts (e.g., source code, malware, and trojans) and use discovered data to enable mitigation of potential Computer Network Defense incidents within the enterprise (Task ID: 438). Conduct authorized penetration testing of enterprise network assets (Task ID 448). Seven more NICE Tasks for this Major Responsibility are found in the report. 26 SPSP Phase III Overview
26 Job Profile Excerpt: ES-C2M2 Secure Power Systems Engineer ES-C2M2 Objectives to Determine Maturity Level Major Responsibility: Identify and mitigate power systems vulnerabilities. Identify and respond to threats. (4.3.4 Threat and Vulnerability Management) Reduce cybersecurity vulnerabilities. (4.3.4 Threat and Vulnerability Management) 27 SPSP Phase III Overview
27 Job Profile Excerpt: Certifications Secure Power Systems Engineer Certifications Major Responsibility: Identify and mitigate power systems vulnerabilities. Attack Techniques Discovery: CEH, GCIH, GPEN, GCIH, GWAP, Security + Penetration Testing: CEH, GPEN, GWAPT Industrial Control Cybersecurity: GICSP 28 SPSP Phase III Overview
28 Individual/Team Guidelines Goal: Analyze log files for signs of an attack or compromise. Responsibility: Ensure that incident response and recovery procedures are tested regularly. 29 SPSP Phase III Overview Appendix F
29 Behavioral Interview Guidelines Structure gap analyses of critical and fundamental employee knowledge skills and abilities. Support individual and team development plans. Help human resources understand the quality/ capabilities of employees & candidates. Immediately useable by hiring manager for skill selection. 30 SPSP Phase III Overview Appendix E
30 SPSP Summary, Implications, and Broader Impact 31
31 Key Accomplishment: SPSP products promote the defensibility of Fair Employment Practices through rigor and process: Process follows standards established by the United States Equal Opportunity Employment Commission (EEOC) and the American National Standards Institute (ANSI). Research indicates following these guidelines improves the legal defensibility of human resource practices. 32 SPSP Project Summary 32
32 SPSP Project Impacts and Outreach Influenced the new GICSP certification offered by SANS, the Global Industrial Cybersecurity Professional Project presented at National Defense University workshop Influenced assessment and assessment-driven learning approach adopted by DISA Mapping methodology used to analyze alignment of NICE Framework KSAs to CAE knowledge units Used by the National Cyber League to examine game balance 33 SPSP Project Summary
33 SME Panel & Advisory Group Members Panel Officers Chair - Tim Conway, SANS, NiSource (Phases 2, 3) Vice Chair - Karl Perman, NATF (Phase 2) Chair - Justin Searle, UtiliSec (Phase 1) Vice Chair - Scott King, Sempra Energy (Phase 1) Panel Member Representation Smart Grid Consultant (29%) Government (3%) Electric Utilities (32%) Research Organizations (11%) Electricity Industry Vendors (25%) 34
34 SPSP Panel is made up of: SPSP Project Summary
35 SPSP Next Steps 36 Gain Awareness Drive Programmatic Change Educate Leadership Assess Workforce
36 Recommendations for Next Steps Validate Selection Instrument Develop Self-Efficacy Instrument Create and Deploy Query Engine and Customized Reporting Design and Deploy Learning Platform Design Convert behavioral guidelines into a selection instrument and interview questions by Job Role Pilot Administer assessment to whole staff of 3 5 utilities Deploy Develop the Virtual Assessment Center 37 Enhance and Maintain Collect and analyze data to evaluate Virtual Assessment Center
37 SPSP Products Immediately Useable by Industry Job Profiles Secure Power Incident Responder Secure Power Intrusion Analyst Secure Power Security Operator Secure Power Systems Engineer Guides Behavioral Interview Guidelines Individual/ Team Guidelines Final report and SPSP products can be found at:
38 Points of Contact Tim Conway, SPSP Panel Chair Lori Ross O Neil, SPSP Project Manager lro@pnnl.gov
SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationAgenda: Secure Power Systems Specialist. Challenges Project description Outcomes & findings. Phase I briefing, August 27, 2012
Secure Power Systems Specialist Phase I briefing, August 27, 2012 By Lori Ross O Neil, PNNL and Michael Assante, NBISE Agenda: Challenges Project description Outcomes & findings 1 Challenge facing the
More informationSecure Power Systems Professional Phase III Final Report: Recruiting, Selecting and Developing Secure Power Systems Professionals
PNNL- 23583 Secure Power Systems Professional Phase III Final Report: Recruiting, Selecting and Developing Secure Power Systems Professionals August 2014 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton
More informationSecure Power Systems Professional Project Phase 2 Closeout Briefing Lori Ross O Neil, PNNL and Michael Assante, NBISE
Secure Power Systems Professional Project Phase 2 Closeout Briefing Lori Ross O Neil, PNNL and Michael Assante, NBISE Background Challenges Project description Outcomes and Findings 1 Challenge facing
More informationAgenda: Workforce Development for ICS Security
Workforce Development for ICS Security Cross cutting challenge shared by asset owner & supplier Item Spans 1 professional training to simple awareness Item 2 No identified pipeline to recruit from and
More informationThe National Cybersecurity Workforce Framework. 2015 Delaware Cyber Security Workshop September 29, 2015
The National Cybersecurity Workforce Framework 2015 Delaware Cyber Security Workshop September 29, 2015 Bill Newhouse NICE Program Office at the National Institute of Standards and Technology NICE is a
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles
PNNL-24140 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton
More informationPNNL- 22653. Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830
PNNL- 22653 Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830 Developing Secure Power Systems Professional Competence: Alignment and Gaps in Workforce Development Programs for
More informationDefine & Assess Skills - Smart Grid Security Specialists
Define & Assess Skills - Smart Grid Security Specialists SANS 2011 North American SCADA & Process Control Summit Michael Assante President & CEO NBISE michae.assante@nbise.org 208-557-8026 Cyber Security:
More informationReport on CAP Cybersecurity November 5, 2015
Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets
More informationAn Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans. NICE Annual Conference November 2015
An Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans NICE Annual Conference November 2015 Panelists David Brown, Director of CyberTalent at the SANS Institute, a new business unit
More informationInformation Security Engineering
Master of Science In Information Security Engineering Course Descriptions November 2014 Master of Science in Information Security Engineering The program of study for the Master of Science in Information
More informationCourse Descriptions November 2014
Master of Science In Information Security Management Course Descriptions November 2014 Master of Science in Information Security Management The Master of Science in Information Security Management (MSISM)
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationHow To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
More informationEnhancing NASA Cyber Security Awareness From the C-Suite to the End-User
Enhancing NASA Cyber Security Awareness From the C-Suite to the End-User Valarie Burks Deputy Chief Information Officer, IT Security Division National Aeronautics and Space Administration (NASA) Agenda
More informationSECURITY 2.0 LUNCHEON
PROTECTING YOUR ORGANIZATION SECURITY 2.0 LUNCHEON AGAINST CYBER THREATS Tommy Montgomery, Principal Consultant Viral Dhimar, Consultant Adam Ferguson, VP October 22, 2014 #SWCEvents Security 2.0: Next
More informationHow to use the National Cybersecurity Workforce Framework. Your Implementation Guide
How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationFedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please
More informationFedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
More informationSmart Grid Cybersecurity Certification Phase 1 Overview Report
Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830 Smart Grid Cybersecurity Certification Phase 1 Overview Report LR O Neil, PNNL MJ Assante, NBISE DH Tobey, NBISE August 2012
More informationNetwork Security Deployment Obligation and Expenditure Report
Network Security Deployment Obligation and Expenditure Report First and Second Quarters, Fiscal Year 2015 June 16, 2015 Fiscal Year 2015 Report to Congress National Protection and Programs Directorate
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE
ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation
More informationHow To Build A Cybersecurity Company
A Service Disabled Veteran Owned Small Business Maryland 2014 The Cybersecurity Industry Window of Opportunity John M. Leitch President & CEO Winquest Engineering Corporation V1.3 1 Agenda Industry Windows
More informationOperationally Focused CYBER Training Framework
Operationally Focused CYBER Training Framework Deputy Director, Field Security Operations 9 May 2012 Agenda DISA Cyber Workforce Training Vision Basic Tenets Role-based Educational/Assessment implementation
More informationIEEE-Northwest Energy Systems Symposium (NWESS)
IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific
More informationDepartment of Homeland Security Federal Government Offerings, Products, and Services
Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity
More informationPreventing and Defending Against Cyber Attacks October 2011
Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their
More informationProfessional Services Overview
Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded
More informationCyberNEXS Global Services
CyberNEXS Global Services CYBERSECURITY A cyber training, exercising, competition and certification product for maximizing the cyber skills of your workforce The Cyber Network EXercise System CyberNEXS
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationAchieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce
Achieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce Benjamin Scribner Department of (DHS) National Cybersecurity Education & Awareness Branch (CE&A) October 2014 Mid-South
More informationSELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:
SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM: 12 Key Questions to Ask Executive Summary Host Intrusion Prevention Systems (HIPS) complement perimeter defenses, and play a vital role in protecting
More informationPreventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationUnderstanding the NIST Cybersecurity Framework September 30, 2014
Understanding the NIST Cybersecurity Framework September 30, 2014 Earlier this year the National Institute of Standard and Technology released the Framework for Improving Critical Infrastructure Cybersecurity
More informationProtecting Energy s Infrastructure and Beyond: Cybersecurity for the Smart Grid
Protecting Energy s Infrastructure and Beyond: Cybersecurity for the Smart Grid Which is it? Cyber Security ~or~ Cybersecurity? Dr. Ernie Lara President Presenters Estrella Mountain Community College Dr.
More informationSuccession Planning Process
Planning Process INTRODUCTION planning is a systematic approach to: Building a leadership pipeline/talent pool to ensure leadership continuity Developing potential successors in ways that best fit their
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationAccess FedVTE online at: fedvte.usalearning.gov
FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk
More informationPROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 1 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V2 Company Name: The Boeing Company December 10, 2012 1 Interim Techlogy Performance Report 1
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationElectricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division James Stevens is a senior member of the technical staff
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationThe fast track to top skills and top jobs in cyber. Guaranteed.
The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS FAST TRACK Four steps to a cybersecurity career QUALIFY Earn Acceptance TRAIN Build Elite Skills CERTIFY Earn
More informationState of South Carolina InfoSec and Privacy Career Path Model
State of South Carolina InfoSec and Privacy Career Path Model Start Introduction This Career Path Model for the State of South Carolina (State) is designed to help define the various career options available
More informationCYBER SECURITY WORKFORCE
Department of the Navy CYBER SECURITY WORKFORCE SCHEDULE A HIRING AUTHORITY FINAL IMPLEMENTING GUIDANCE Prepared by: DONCIO USMC SPAWAR NAVY CYBER FORCES FFC OCHR HRO HRSC 1 Table of Contents I. Introduction
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationAccenture Cyber Security Transformation. October 2015
Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting
More informationCybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness
More informationCyber Watch. Written by Peter Buxbaum
Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationUS-CERT Year in Review. United States Computer Emergency Readiness Team
US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 What s Inside Welcome 1 Vison, Mission, Goals
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationCyberSkills Management Support Initiative
CyberSkills Management Support Initiative GROWING THE PIPELINE FOR CYBERTALENT THROUGH VOLUNTEER OPPORTUNITIES November 6, 2014 November 6, 2014 Background In June 2012, Secretary Napolitano announced
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationNational Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009
National Security & Homeland Security Councils Review of National Cyber Security Policy Submission of the Business Software Alliance March 19, 2009 Question # 1: What is the federal government s role in
More informationNASA OFFICE OF INSPECTOR GENERAL
NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA
More informationThis page was left intentionally blank.
This page was left intentionally blank. Workforce Planning Model Steps What This Step Accomplishes 1. Define the Scope Determines our focus could be long or short term could be a specific business unit
More informationCHIEF INFORMATION OFFICERS COUNCIL
CYBERSECURITY WORKFORCE DEVELOPMENT MATRIX RESOURCE GUIDE October 2011 CIO.GOV Workforce Development Matrix Resource Guide 1 Table of Contents Introduction & Purpose... 2 The Workforce Development Matrix
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationInformation Security Workforce Development Matrix Initiative. FISSEA 23 rd Annual Conference March 23, 2010
Information Security Workforce Development Matrix Initiative FISSEA 23 rd Annual Conference March 23, 2010 Professionalization of the Workforce The CIO Council s IT Workforce Committee partnered with Booz
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationDefending against modern threats Kruger National Park ICCWS 2015
Defending against modern threats Kruger National Park ICCWS 2015 Herman Opperman (CISSP, ncse, MCSE-Sec) - Architect, Cybersecurity Global Practice Microsoft Corporation Trends from the field Perimeter
More informationGIAC Program Overview 2015 Q4 Version
GIAC Program Overview 2015 Q4 Version Program Overview - GIAC Certification 2015 1 What is GIAC? GIAC is the Global Information Assurance Certification program GIAC assesses candidate knowledge in specific
More informationPartnering for Project Success: Project Manager and Business Analyst Collaboration
Partnering for Project Success: Project Manager and Business Analyst Collaboration By Barbara Carkenord, CBAP, Chris Cartwright, PMP, Robin Grace, CBAP, Larry Goldsmith, PMP, Elizabeth Larson, PMP, CBAP,
More informationCyber Security Awareness Workshop
December 5, 2012 War Memorial Building, Balboa Park Participant Guide The San Diego Cyber Security Threat Awareness Response and Recovery Program (C-STARR) is hosted by the City of San Diego and the Securing
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationVirtual Patching: a Proven Cost Savings Strategy
Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More informationIntroduction to NICE Cybersecurity Workforce Framework
Introduction to NICE Cybersecurity Workforce Framework Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy,
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationHR WSQ Qualifications. Certified HR Professional Programmes
Human Resource WSQ HR WSQ Qualifications WSQ ADVANCED CERTIFICATE IN HUMAN RESOURCES 4 core + 4 Elective Units CORE UNITS Analyse and present research information (Level 3) Ensure compliance with relevant
More informationSECURE AND TRUSTWORTHY CYBERSPACE (SaTC)
SECURE AND TRUSTWORTHY CYBERSPACE (SaTC) Overview The Secure and Trustworthy Cyberspace (SaTC) investment is aimed at building a cybersecure society and providing a strong competitive edge in the Nation
More informationEl Camino College Homeland Security Spring 2016 Courses
El Camino College Homeland Security Spring 2016 Courses With over 250,000 federal positions in Homeland Security and associated divisions, students may find good career opportunities in this field. Explore
More informationSANS CyberTalent VetSuccess Immersion Academy. VetSuccess
SANS CyberTalent VetSuccess Immersion Academy P I L O T R E P O R T 2 0 1 5 VetSuccess For more than 25 years, SANS has been the leader in training and developing cybersecurity professionals. Like many
More informationState of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number:
State of Vermont Intrusion Detection and Prevention Policy Date: 11-02-10 Approved by: Tom Pelham Policy Number: 1 Table of Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose... 3 1.3 Scope...
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationWyoming Community College Commission Request for New, Pilot or Revised Degree or Certificate Program
Community Commission Request for New, Pilot or Revised Degree or Certificate Program A. : Laramie County Community B. Date submitted to WCCC: C. Program 1. Request for: X New Program Pilot Program Revised
More informationCyber Defense Operations Graduate Certificate
The SANS Technology Institute makes shorter groups of courses available to students who are unable to commit to a full master s degree program. These certificate programs will augment your skills, provide
More informationCyber Security. Doug Houseman Doug@Enernex.com. Engineering Consulting Research. Modeling Simulation Security. The Practical Grid Visionaries TM
Cyber Security Engineering Consulting Research Modeling Simulation Security Doug Houseman Doug@Enernex.com The Practical Grid Visionaries TM Warnings The costs given are based on prior projects They may
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationLeveraging Regulatory Compliance to Improve Cyber Security
Leveraging Regulatory Compliance to Improve Cyber Security Leveraging Regulatory Compliance to Improve Cyber Security Brian Irish, Cyber Security Assurance Manager Salt River Project LEVERAGING REGULATORY
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationUtility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security
Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The
More informationNetwork Security Deployment (NSD)
Network Security Deployment (NSD) National Cybersecurity Protection System (NCPS) 11 July 2012 What is the NCPS? National Cybersecurity Protection System (NCPS) is the program of record within the Department
More informationPreparing for Performance Building the Cybersecurity Workforce We Need. Maurice Uenuma 13 November 2013
Preparing for Performance Building the Cybersecurity Workforce We Need Maurice Uenuma 13 November 2013 The Challenge Shortage in numbers Jobs +53% by 2018 Only 24% of H.S. students would even consider
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationOver 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls
More information