NIST aims to remove 'technical talk' from cyber workforce framework
Leaders at the National Institute of Standards and Technology are already making progress toward strengthening the federal government's cyber workforce after recent changes to the framework that defines cyber roles across the government.
of National Initiative for Cybersecurity Education (NICE) Frameworkdefines specific cyber workforce roles and adds several new competency areas and updates skills and tasks to help agencies better understand and meet their cyber workforce needs. Did. But for Karen Wetzel, manager of his NICE framework at NIST, that's just the beginning.
“I want to really focus on where we're going. And that continues to evolve,” Wetzel said during his talk. hybrid conference NIST hosted on Tuesday. “We want to meet not only today's needs, but tomorrow's needs, and we want to support you as you begin to do that.”
As a result, many more changes will be made, including updates to the current 52 roles included in the framework and the addition of many more roles on top of that. Roles in this framework will eventually include positions in risk analysis, product security, procurement security, and program management.
“This is not a field that will change, and many of these job roles haven't reviewed them in that context since 2017, even though the underlying content has been updated,” Wetzel said. he said. “What we're looking at is reviewing existing workflows.”
As an example, NIST is currently updating its investigative role by working with the Department of Justice and the FBI to examine digital evidence forensics and ensure it remains appropriate and useful, Wetzel said. Stated.
NIST also plans to incorporate AI when updating skill definitions.
“We understand that AI will impact many existing job roles. We understand what that impact will be and how to ensure we train people to be prepared for it. We need to,” Wetzel said. “It's really about understanding this constant evolution and understanding that when we release this, it's not going to be something static, it's going to be something that engages with the community. We approach what the needs are from a customer perspective and work with experts in the field to ensure the content is current and useful.”
The planned changes come after a March update to the NICE framework, which added 11 new competency areas, including AI security, cloud security and cyber resilience, and more than 2,000 tasks, knowledge and skill statements. Ta.
“So, we… [tried] “To eliminate the 'technical talk' and make it easier to understand what the core job is, what the responsibilities are, and what people need to know,” Wetzel said. Told. “Not only that, but we also have the knowledge and skills to understand what needs to be done.”
After launching a new working group on cyber resiliency, Wetzel said her team will begin launching more open groups over the coming months as NIST further develops its cyber role framework and capabilities. He said he looks forward to working with stakeholders and cyber workforce experts.
For many years, government and industry stakeholders have been grappling with this issue. deficit A big part of the challenge for qualified cyber talent is ensuring that we have a “next generation” cyber workforce, not just to fill cyber-related roles.
Currently, federal cyber employees are bias towards old things That's more than all federal employees. At the same time, according to the organization Cyberseek, which receives funding from NIST, There are thousands of vacant cyber positions. across government.
However, according to research by the SANS Institute, only 14% of organizations currently say they use the NICE framework for job postings. Widespread adoption of the framework could improve the way cybersecurity leaders work with HR managers to close skills gaps, SANS said in a recent paper. report.
It's not just about recruiting talent, it's also about retaining cyber talent, which Wetzel says is a struggle for many agencies.
“It can be a stressful job,” she said. “How do we retain talent? And how do we ensure that people who want to come into this industry have a career path and don't lose them? It's not just about burnout, it's about having a career path for them. There is no way to continue.”
The NICE framework can help agencies understand and address many of these challenges, Wetzel said. The idea is to focus on specific skills that help set more realistic expectations and more effective results in recruitment and retention. Agencies can use the NICE framework, for example, when writing position descriptions or selecting candidates for open cyber roles.
To address retention challenges, cyber professionals select candidates based on the skills the agency needs in the short term and provide upskilling and training to build that workforce's skills in the future. We also recommend investing in training opportunities. Over the next year, the Biden administration will also schedule Shift key government IT jobs from relying on university degree requirements to skill-based hiring instead.
“Everyone wants a purple unicorn, someone with 3-5 years of experience, all the right qualifications, who just walks into the field without any training or organizational knowledge. Someone who can start working,” Wetzel said. “But that's not realistic.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not directed to users within the European Economic Area.
Summarize this content to 100 words
Leaders at the National Institute of Standards and Technology are already making progress toward strengthening the federal government's cyber workforce after recent changes to the framework that defines cyber roles across the government.
of National Initiative for Cybersecurity Education (NICE) Frameworkdefines specific cyber workforce roles and adds several new competency areas and updates skills and tasks to help agencies better understand and meet their cyber workforce needs. Did. But for Karen Wetzel, manager of his NICE framework at NIST, that's just the beginning.
“I want to really focus on where we're going. And that continues to evolve,” Wetzel said during his talk. hybrid conference NIST hosted on Tuesday. “We want to meet not only today's needs, but tomorrow's needs, and we want to support you as you begin to do that.”
As a result, many more changes will be made, including updates to the current 52 roles included in the framework and the addition of many more roles on top of that. Roles in this framework will eventually include positions in risk analysis, product security, procurement security, and program management.
“This is not a field that will change, and many of these job roles haven't reviewed them in that context since 2017, even though the underlying content has been updated,” Wetzel said. he said. “What we're looking at is reviewing existing workflows.”
As an example, NIST is currently updating its investigative role by working with the Department of Justice and the FBI to examine digital evidence forensics and ensure it remains appropriate and useful, Wetzel said. Stated.
NIST also plans to incorporate AI when updating skill definitions.
“We understand that AI will impact many existing job roles. We understand what that impact will be and how to ensure we train people to be prepared for it. We need to,” Wetzel said. “It's really about understanding this constant evolution and understanding that when we release this, it's not going to be something static, it's going to be something that engages with the community. We approach what the needs are from a customer perspective and work with experts in the field to ensure the content is current and useful.”
The planned changes come after a March update to the NICE framework, which added 11 new competency areas, including AI security, cloud security and cyber resilience, and more than 2,000 tasks, knowledge and skill statements. Ta.
“So, we… [tried] “To eliminate the 'technical talk' and make it easier to understand what the core job is, what the responsibilities are, and what people need to know,” Wetzel said. Told. “Not only that, but we also have the knowledge and skills to understand what needs to be done.”
After launching a new working group on cyber resiliency, Wetzel said her team will begin launching more open groups over the coming months as NIST further develops its cyber role framework and capabilities. He said he looks forward to working with stakeholders and cyber workforce experts.
For many years, government and industry stakeholders have been grappling with this issue. deficit A big part of the challenge for qualified cyber talent is ensuring that we have a “next generation” cyber workforce, not just to fill cyber-related roles.
Currently, federal cyber employees are bias towards old things That's more than all federal employees. At the same time, according to the organization Cyberseek, which receives funding from NIST, There are thousands of vacant cyber positions. across government.
However, according to research by the SANS Institute, only 14% of organizations currently say they use the NICE framework for job postings. Widespread adoption of the framework could improve the way cybersecurity leaders work with HR managers to close skills gaps, SANS said in a recent paper. report.
It's not just about recruiting talent, it's also about retaining cyber talent, which Wetzel says is a struggle for many agencies.
“It can be a stressful job,” she said. “How do we retain talent? And how do we ensure that people who want to come into this industry have a career path and don't lose them? It's not just about burnout, it's about having a career path for them. There is no way to continue.”
The NICE framework can help agencies understand and address many of these challenges, Wetzel said. The idea is to focus on specific skills that help set more realistic expectations and more effective results in recruitment and retention. Agencies can use the NICE framework, for example, when writing position descriptions or selecting candidates for open cyber roles.
To address retention challenges, cyber professionals select candidates based on the skills the agency needs in the short term and provide upskilling and training to build that workforce's skills in the future. We also recommend investing in training opportunities. Over the next year, the Biden administration will also schedule Shift key government IT jobs from relying on university degree requirements to skill-based hiring instead.
“Everyone wants a purple unicorn, someone with 3-5 years of experience, all the right qualifications, who just walks into the field without any training or organizational knowledge. Someone who can start working,” Wetzel said. “But that's not realistic.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not directed to users within the European Economic Area.
https://federalnewsnetwork.com/technology-main/2024/05/nist-aims-to-cut-tech-speak-from-cyber-workforce-framework/ NIST aims to remove 'technical talk' from cyber workforce framework