Building the cybersecurity workforce pipeline requires constant feedback among industry sectors and a common language for aligning education, skills and jobs, according to Noel Kyle, Department of Homeland Security Cyber Education and Awareness Branch program manager.
Visiting Colorado Springs, Kyle delivered the keynote address to 205 attendees during the Information Systems Security Association’s 4th Annual Cyber Focus Day, which took place at UCCS March 30.
She told industry professionals that building the cybersecurity workforce is a priority for the DHS, and the Cyber Education and Awareness Branch is urging all sectors of the cyber industry to partner in filling the “huge demand” for cybersecurity professionals.
The only way to make sure everyone entering the cybersecurity field is equipped with the right knowledge and current skill sets for real world jobs is for educators, employers, students and policymakers to work together, Kyle said.
“We’re asking educators to teach the skills that employers need and we’re asking employers to … give the feedback that schools need to develop curricula and programs to offer their students,” she said.
“We’re asking employees to continue looking for opportunities to build up their own skills. We’re working very closely with policymakers to be sure they continue working on legislation and policy that sets the stage for our work and provides all the resources we need.”
A critical tool for these efforts, Kyle said, is the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework.
“The NICE framework is a dictionary, a lexicon, a common set of terminology to describe cybersecurity work,” she said. “The intention here was to look for all the different types of cybersecurity work and categorize them in such a way that people can start using them in their programs.”
The framework’s categories are: analyze, securely provision, oversee and govern, collect and operate, operate and maintain, protect and defend, and investigate. Within the seven high-level categories are 33 specialty areas, 52 work roles, and defined tasks, knowledge, skills and abilities.
The organizing structure “groups together work and workers that share common major functions, regardless of job titles or other occupational terms,” according to the NICE Framework website.
“What we’re proposing … is for educators to tie the framework into their curricula, for employers to tie their job descriptions to this terminology, and for employees to use the framework to get a better idea of where they’d like to pick up more skills,” Kyle said.
The categories provide “a way for everyone to connect and to work on learning skills using the same language,” she said after the address.
“So if I go take a class at a school, I know I can directly translate what I’ve learned in that class to a job, and I’ll see exactly that type of description when I go look at a job description.”
When the people educating, hiring, job-hunting and working in the cybersecurity field are all speaking the same language, building the pipeline becomes more straightforward, Kyle said.
“Our idea is everyone works together on this. We know cybersecurity demand is huge, so we all work together to build up the workforce and protect our nation from these threats and attacks going forward,” she said.
“The more cybersecurity workers we have, the more networks will be protected, and the safer it’s going to be for all of us. It’s not a static demand; it’s constantly changing.”
“If somebody finds a new threat, the second they figure out how to protect against it… somebody else has started a more sophisticated version of the attack or already gone down a different path. So it’s important not only to get the training you need but also, once you’re working, to stay up to date on the latest trends and to constantly be getting those new skills.”
Kyle said it was critical for each sector of the cybersecurity industry to share new information and threats so that “educators can start training for it, so employers can start hiring for it, people working can learn about fixing it.
“We know that Colorado is taking this seriously with the development of a new National Cybersecurity Center that’s providing resources and a place for people to partner,” Kyle said. “So we are definitely looking to Colorado to continue these efforts as well.”
Employers are also encouraged to use the NICE framework to build career roadmaps for their staff, to encourage engagement and boost retention by showing professionals the skills they need to advance, she said.
The NICE framework was developed by the National Institute of Standards and Technology, a partnership of government, academia and the private sector focused on cybersecurity education, training and workforce development.
“It’s not only cross-government but also cross-sector. We’re working very closely with academia and the private sector to continue to develop this and to make sure that people are using it.”
Kyle also encouraged businesses, educational institutions and students to take advantage of the full range of workforce development programs, free classes and other resources including the National Initiative for Cybersecurity Careers and Studies, the interactive Cybersecurity Workforce Development Toolkit, Federal Virtual Training Environment, and National Centers of Academic Excellence.