ISACA National Capital Area Chapter March 25, 2014 National Initiative for Cybersecurity Education Montana Williams, Branch Chief Benjamin Scribner, Program Director Department of Homeland Security (DHS) National Cybersecurity Education & Awareness Branch (CE&A)
Overview NICE 2.0 NICE Lead Transition Leadership transition Jan 14 Oct 14 Ernest Detailed to DHS Rebranding of NICE Enhance Public Awareness Expand the Pipeline Evolve the Field Key Initiatives FY 14-20 Discussion 2
NICE 2.0 Transition 1. Period through Oct 2014 a. OSTP, NIST, DHS Transition Strategy Mtg Jan 14 b. White House Cyber IPC Transition Briefing Apr 14 c. Quarterly updates 2. Ernest will continue role through his retirement, office will move to DHS/NPPD/CS&C/SECIR 3. NICE Strategic Plan updated Q1 FY15 4. Annual NICE workshop Sept 14 3
NICE 2.0 Leadership NICE Lead R. Montana Williams, DHS Senior NICE Advisor Dr. Ernest McDuffie, NIST Component 1: Enhance Awareness Kristina Dorville, DHS Component 2: Expand the Pipeline Douglas Maughan, DHS Victor Piotrowski, NSF Camsie McAdams, DoED Component 3: Evolve the Field Roy Burgess, DHS Pamela Frugoli, DOL Stephanie Keith, DoD 4
NICE Rebranding (Exec Summary) 1. Enhance Public Awareness DHS a. Increase Awareness of Critical Infrastructure & Key Resources (CIKR) b. Increase key stakeholder support to national awareness programs 2. Expand the Pipeline (NSF/DoEd/DHS) a. Promote cybersecurity-related STEM efforts focused on teacher professional development, student interaction, & cyber competitions b. Target key populations (e.g., minorities, women, veterans) c. Promote performance-based education & certification 3. Evolve the Field (DoD, DHS, DoL) a. Institutionalize the NCWF in federal gov t; expand to SLTT b. Determine national workforce development and training gaps c. Coordinate development of a performance-base training & assessment environment (e.g., cyber range) 5
Key Initiatives Expand White House participation in NICE Incorporate media/social media to expand awareness Incorporate CIKR messaging and outreach in NSCAM Promote strategies to increase entry of target groups (Vets, minorities, and women) into cybersecurity workforce pipeline Evaluate feasibility of a national cybersecurity accreditation body Expose 1.7M high school students to cybersecurity opportunities through teacher professional development, academic consortiums, competitions, & mentoring programs Expand FedVTE and FedCTE to SLTT & Critical Infrastructure partners Complete a national cybersecurity workforce assessment Partner w/dol, OPM, BLS to create standard occupational classification Establish an interagency on-demand cyber range 6
The cyber threat landscape 7
Why can t we all just be N.I.C.E.? The National Initiative for Cybersecurity Education (NICE) was established to raise national cybersecurity awareness, broaden the pool of cyber workers through strong education programs, and build a globally competitive cybersecurity workforce. NICE was launched in March 2010 in response to national directives; born from the Comprehensive National Cybersecurity Initiative (CNCI) (of 2008), recommendation #8 NICE is a nationally-coordinated effort comprising over 20 federal departments and agencies that focuses on cybersecurity awareness, education, training and professional development. 8
Structure Three components R. Montana Williams, DHS Dr. Ernest McDuffie, NIST Kristina Dorville, DHS Douglas Maughan, DHS Victor Piotrowski, NSF Camsie McAdams, DoED Roy Burgess, DHS Pamela Frugoli, DOL Stephanie Keith, DoD 9
Cybersecurity is not homebuilding Training Certification Employers 10
The cyber threat landscape 11
U.S. IT Workforce Statistics According to the U.S. Bureau of Labor Statistics, there are approximately 4.0 million people employed in the U.S. IT labor workforce. Percentage of IT Workers by Sector Percentage of IT Workers by Technology Domain 5% 5% 3% 4% 100% 90% 80% 20% Application Development Application Support 82% 70% 17% Data Center 60% End-User Computing 16% 50% IT Service Desk 40% 12% IT Management PRIVATE SECTOR SELF-EMPLOYED FEDERAL GOV'T 30% 20% 10% 0% 9% 8% 8% 5% 5% Data Network Finance and Administration Voice Network *Source: CompTIA Colloquium 2012 - U.S. IT Market Supply and Demand Briefing 12
The Solution NICE developed the National Cybersecurity Workforce Framework (the Framework) to codify cybersecurity work and to identify the specialty areas of cybersecurity professionals. The Framework establishes: A common taxonomy and lexicon which organizes cybersecurity work into 31 specialty areas within 7 categories. A baseline of tasks, specialty areas, and knowledge, skills and abilities (KSAs) associated with cybersecurity professionals. The Framework assists with strategic human capital efforts, including: Workforce Planning Recruitment and Selection Training and Development Succession Planning 13
Framework Categories and Specialty Areas The Framework s 31 Specialty Areas (SA), organized into 7 Categories, encompass the entirety of national cybersecurity work. Organizations can use the SAs to identify, build, and customize cybersecurity roles based on mission requirements. Investigate Digital Forensics Collect and Operate Collection Operations Cyber Operations Planning Analyze Cyber Threat Analysis All Source Intelligence Targets Protect and Defend Computer Network Defense (CND) Vulnerability Assessment and Management Incident Response Oversight and Development Legal Advice and Advocacy Education and Training Strategic Planning and Policy Information Systems Security Operations Operate and Maintain System Administration Network Services Customer Service and Technical Support Systems Security Analysis Data Administration Securely Provision Systems Requirement Planning Systems Development Software Assurance and Security Engineering Technology Research and Development Test and Evaluation Systems Security Architecture Investigation Cyber Operations Exploitation Analysis CND Incident Response Security Program Management (CISO) Knowledge Management Information Assurance (IA) Compliance 14
Benefits of Using the Framework When degrees, jobs, training and certifications are aligned to the Workforce Framework Colleges can create programs that are aligned to jobs Students will graduate with knowledge and skills that employers need Employers can recruit from a larger pool of more qualified candidates Employees will have a better defined career path and opportunities Policy makers can set standards to promote workforce professionalization 15
And it s required 16
The National Initiative for Cybersecurity Careers and Studies (NICCS ) Portal The Nation s one-stop-shop for cybersecurity careers and studies Interactive Workforce Framework Searchable Training Catalog Framework implementation how-to guide Stop-Think-Connect awareness materials Teaching & workforce development tools News and events www.niccs.us-cert.gov 17
A few best practices Use 3 digits to capture granularity Track people as well as positions Search by task, not title Leverage NICCS and FedVTE Develop career paths aligned to Framework Promote Framework adoption Get involved! 18
Questions? NICE will continue to share materials with cybersecurity professionals across the nation in the public, private, and academic sectors. For questions about NICE, the Framework, and other initiatives, please contact: The NICCS Supervisory Office (SO): NICCS@hq.dhs.gov Visit the Framework here: http://niccs.us-cert.gov/training/tc/framework Visit NICCS here: www.niccs.us-cert.gov 19