IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Trends in Developing a New Cyber Workforce Strategy

White House efforts to strengthen the cybersecurity workforce nationwide took several new steps forward over the past few months.

A silhouette of business people.
Back on July 19, 2022, National Cyber Director Chris Inglis hosted the National Cyber Workforce and Education Summit at the White House.

According to whitehouse.gov, the event focused on the following topics:
  • “The need to create and prioritize new skills-based pathways to cybersecurity jobs, including at community colleges, through Registered Apprenticeships, and via non-traditional training opportunities for Americans who can help defend our country and make a good living for themselves and their families. Training models such as Registered Apprenticeships can allow career seekers to earn and learn at the same time while often obtaining college credit, degrees, and a nationally recognized credential.
  • How in filling these open cybersecurity positions, the United States has an opportunity to build pipelines for historically untapped talent, including underserved and diverse communities, to reach jobs that often pay well and do not require a four-year degree.
  • How investing in cyber training and education will (1) enable Americans who comprise the lifeblood of our economy — including those building the next generation of our nation’s infrastructure — to be successful in our digital economy; and (2) empower society to harness cyber capabilities to achieve our individual and collective aspirations.”

This article fromHelp Net Securitylists numerous substantial announcements, commitments or pledges in connection with the July summit. Here are a few examples:

Auburn University’s Ginn College of Engineering commits to incorporate the U.S. Department of Energy’s National Cyber-Informed Engineering (CIE) Strategy throughout its engineering and computer science programs.

Cisco is committing to training an additional 200,000 students in the U.S. over the next three years and will continue to increase the reach and impact of its efforts. …

The Cyber Readiness Institute (CRI) has released a new guide to raise awareness and implementation of MFA among SMBs.

Dakota State University highlighted their $90 million investment for a cyber-research initiative supported by a multi-party, public-private partnership. These funds will be used to double the annual number of graduates of The Beacom College of Computer and Cyber Sciences over the next 5 years, launch a statewide Governor’s Cyber Academy accessible to all high school students, and build and operate an applied research laboratory facility in Sioux Falls, South Dakota.

Fortinet is furthering its commitment to close the cyber skills gap by making its information security awareness and training service available for free for all K-12 school districts across the U.S.”

NEW CYBER WORKFORCE STRATEGY ANNOUNCEMENTS


Fast-forward to this month, and Federal News Networkreported on several new White House announcements:

“The White House’s Office of the National Cyber Director is now drafting a National Cyber Workforce and Education Strategy, according to Camille Stewart Gloster, deputy national cyber director for technology and ecosystem security. …

“The workforce plan will cut across both the public and private sectors, and include a big focus on training and education. But for federal agencies, the effort should help bring more ‘cohesion’ to what have often been disparate attempts to address cyber talent gaps, Gloster said Thursday.”

Federal Computer Weekreported on more details and also some numbers related to the huge challenges ahead in this area:

“Mark Gorak, principal director for resources and analysis in the DOD’s CIO Office, said during a Thursday panel that the DOD’s Cyber Excepted Service, which has been live since at least 2019, has 15,000 people across the department, with an end goal of around 200,000 people across military and civilian sides.

“Other issues ONCD will likely have to consider are diversity, something the cybersecurity field has historically struggled with.”

NICE FRAMEWORK ON WORKFORCE DEVELOPMENT


This excellent National Initiative for Cybersecurity Careers and Studies (NICCS) website was updated earlier this year, offering tools to help people explore career options and terminology in cybersecurity:

“The NICE Framework is comprised of the following components:
  • Categories (7) – A high-level grouping of common cybersecurity functions
  • Specialty Areas (33) – Distinct areas of cybersecurity work
  • Work Roles (52) – The most detailed groupings of cybersecurity work comprised of specific knowledge, skills, and abilities (KSAs) required to perform tasks in a Work Role.”

You can visit the site to take a deeper dive into specialty areas under many categories such as collect and operate, investigate, oversee and govern, and more.

This tool is based on the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NIST Special Publication 800-181, August 2017) and revisions published in late 2020 renaming the framework as the Workforce Framework for Cybersecurity (NIST Special Publication 800-181 Rev. 1, November 2020). Please visit the NICE Framework Resource Centerfor more information.

KANSAS UNIVERSITY RECEIVES $750K FOR CYBER WORKFORCE TRAINING


U.S. Sen. Jerry Moran announced the $750,000 educational grant for the Friends University cybersecurity program last week. The grant funding will go toward scholarships, technology and equipment:

“U.S. Sen. Jerry Moran announced a $750,000 educational grant Friday at Friends University.

“The dollars will go toward scholarships, technology and equipment within the cybersecurity program at Friends University. Butler Community College students will also be eligible for cybersecurity scholarships to get their associate’s degree. Those degrees can then transfer over to Friends for students to pursue a bachelor’s degree.

“Moran, a Kansas Republican, called the cybersecurity field a noble cause.”

FINAL THOUGHTS


As I have covered in many blogs over the past few years, hiring and maintaining talent continues to be a huge challenge for CISOs and CIOs nationwide. This is especially hard in the public sector.

These efforts offer meaningful steps to strengthen our cybersecurity workforce.

If you are looking to better understand the NICE Framework and how to use it to manage your cybersecurity workforce, I like this video from an RSA Conference webinar:
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.