national cybersecurity workforce framework
play

National Cybersecurity Workforce Framework Benjamin Scribner - PowerPoint PPT Presentation

Federal Information Systems Security Educators March 19, 2014 National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security (DHS) National Cybersecurity Education & Awareness Branch (CE&A) T HE CYBER THREAT


  1. Federal Information Systems Security Educators March 19, 2014 National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security (DHS) National Cybersecurity Education & Awareness Branch (CE&A)

  2. T HE CYBER THREAT LANDSCAPE 2

  3. T HE CYBER THREAT LANDSCAPE 3

  4. C YBERSECURITY IS NOT HOMEBUILDING Training Certification Employers 4

  5. W HY CAN ’ T WE ALL JUST BE N.I.C.E.? The National Initiative for Cybersecurity Education (NICE) was established to raise national cybersecurity awareness, broaden the pool of cyber workers through strong education programs, and build a globally competitive cybersecurity workforce.  NICE was launched in March 2010 in response to national directives; born from the Comprehensive National Cybersecurity Initiative (CNCI) (of 2008), recommendation #8  NICE is a nationally-coordinated effort comprising over 20 federal departments and agencies that focuses on cybersecurity awareness, education, training and professional development. 5

  6. T HE S OLUTION NICE developed the National Cybersecurity Workforce Framework (the Framework) to codify cybersecurity work and to identify the specialty areas of cybersecurity professionals. The Framework establishes:  A common taxonomy and lexicon which organizes cybersecurity work into 31 specialty areas within 7 categories.  A baseline of tasks, specialty areas, and knowledge, skills and abilities (KSAs) associated with cybersecurity professionals. The Framework assists with strategic human capital efforts, including:  Workforce Planning  Recruitment and Selection  Training and Development  Succession Planning 6

  7. F RAMEWORK C ATEGORIES AND S PECIALTY A REAS  The Framework’s 31 Specialty Areas (SA), organized into Securely 7 Categories, encompass the entirety of national Provision cybersecurity work. Systems  Requirement Organizations can use the SAs to identify, build, and Operate and Planning customize cybersecurity roles based on mission Maintain requirements. System Systems Oversight and Administration Development Development Software Legal Advice and Assurance and Network Services Protect and Advocacy Security Analyze Defend Engineering Customer Service Technology Cyber Threat Computer Network Education and and Technical Research and Collect and Analysis Defense (CND) Training Support Development Operate Vulnerability Collection All Source Strategic Planning Systems Security Test and Assessment and Operations Intelligence and Policy Analysis Evaluation Management Investigate Information Data Systems Security Cyber Operations Systems Security Digital Forensics Targets Incident Response Administration Architecture Planning Operations Security Program Information Exploitation CND Incident Knowledge Investigation Cyber Operations Management Assurance (IA) Analysis Response Management (CISO) Compliance 7

  8. U.S. IT W ORKFORCE S TATISTICS According to the U.S. Bureau of Labor Statistics, there are approximately 4.0 million people employed in the U.S. IT labor workforce. Percentage of IT Workers by Technology Domain Percentage of IT Workers by Sector 100% 5% 3% Application Development 90% 20% 4% Application Support 5% 80% Data Center 17% 70% 82% End-User Computing 60% 16% 50% IT Service Desk 12% 40% IT Management 9% 30% Data Network 8% 20% P RIVATE S ECTOR 8% Finance and S ELF -E MPLOYED 10% Administration 5% F EDERAL G OV ' T 5% Voice Network 0% 8 *Source: CompTIA Colloquium 2012 - U.S. IT Market Supply and Demand Briefing

  9. B ENEFITS OF U SING THE F RAMEWORK When degrees, jobs, training and certifications are aligned to the Workforce Framework… Colleges can create programs that are aligned to jobs Students will graduate with knowledge and skills that employers need Employers can recruit from a larger pool of more qualified candidates Employees will have a better defined career path and opportunities Policy makers can set standards to promote workforce professionalization 9

  10. A ND IT ’ S REQUIRED 10

  11. T HE N ATIONAL I NITIATIVE FOR C YBERSECURITY C AREERS AND S TUDIES (NICCS™) P ORTAL The Nation’s one-stop-shop for cybersecurity careers and studies  Interactive Workforce Framework  Searchable Training Catalog  Framework implementation how-to guide  Stop-Think-Connect awareness materials  Teaching & workforce development tools  News and events www.niccs.us-cert.gov 11

  12. A F EW B EST P RACTICES  Use 3 digits to capture granularity  Track people as well as positions  Search by task, not title  Leverage NICCS and FedVTE  Develop career paths aligned to Framework  Promote Framework adoption  Get involved! 12

  13. Questions? NICE will continue to share materials with cybersecurity professionals across the nation in the public, private, and academic sectors. For questions about NICE, the Framework, and other initiatives, please contact: Ben Scribner National Cybersecurity Education & Awareness Branch Tel (703) 235-5293, Benjamin.Scribner@hq.dhs.gov Visit the Framework here: http://niccs.us-cert.gov/training/tc/framework Visit NICCS here: www.niccs.us-cert.gov 13

Recommend


More recommend