Workforce

Professionalizing cyber means new workforce standards

Cybersecurity professionals have the skills and companies have the job openings, but without a common language to populate resumes and job listings, key roles will go unfilled.

The National Initiative for Cybersecurity Education (NICE) is trying to shape the profession’s lexicon with its National Cybersecurity Workforce Framework. It will release a draft for public comment soon.

"This is an exciting time," Ben Scribner, program director for national cybersecurity professionalization and workforce development at the Department of Homeland Security, told the audience at ISACA's CSX North America cybersecurity conference Oct. 19. "We are at the very beginning of establishing cybersecurity as a profession."

But with new territory come new challenges.

"We have a very hard time getting the right people into the right jobs," Scribner said. "It's very hard to match people with the skills that are required for a job."

Government's role as a market-shaper should be decisive, he added. "We don't have the time to let market forces create that profession and make it more formalized," Scribner said. "[Hackers] are in our networks now."

To get educators and employers "singing off the same sheet of music," the National Cybersecurity Workforce Framework lists seven categories of cybersecurity activity:

  • Securely provision
  • Operate and maintain
  • Analyze
  • Oversight and development
  • Collect and operate
  • Protect and defend
  • Investigate

Those categories are divided into 32 specialties aimed at creating an industrywide common language so qualified applicants can advertise their skills and employers can advertise openings in a way that gets jobs filled, said Bill Newhouse, NICE program leader at the National Institute of Standards and Technology.

And there's no question jobs need filling.

Newhouse added that it's important for the industry to define career paths for future cybersecurity professionals to follow. And NICE plans to enlist the help of educators in determining standards and certifications for cybersecurity training.

On the employer side, some companies -- including John Deere and PricewaterhouseCoopers -- have already offered input on the framework, Scribner and Newhouse said, adding that they plan to solicit comments on an official draft of the framework before next spring.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.