New Draft of NICE Cybersecurity Workforce Framework Expands on Skills, but Team Approach & Simplicity Are Needed

Reading Time: 3 minutes

A new draft of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) (NIST Special Publication 800-181) was just released and among the many revisions, the framework draft includes most of the tasks and knowledge/skills/activities (KSAs) supporting the 52 work roles previously outlined.

Work role details are nearly 95 percent defined—a significant improvement from approximately 50 percent completion in the previous version—with much of the new content focused on categories that would be considered offensive in nature (penetration testing, for example). Notably, the tasks and KSAs supporting Cyber Protection Team work roles still require additional details. I expect future versions will address this critical area.

The NCWF is a positive step toward defining the tasks and skills needed across cybersecurity in general. It provides traceability to many other standards and brings all of those references together in the framework. However, it stops short, by design, and only defines what needs to be done, not how or by whom. Unfortunately, the omission causes many organizations to struggle in applying the NCWF to real-world situations.

A Team Approach Is Needed

The ultimate challenge in workforce development is not in the adequacy of individual work roles, but rather in the completeness of the set of work roles as applied to a given scenario that the organization or business expects to face. Only by considering a full set of work roles in a scenario can the gaps in a cyber defense strategy be seen.

The Circadence® Project Ares® platform maps cybersecurity training missions and skill building to the tasks and KSAs for all work roles outlined in the NCWF. Within the platform, cybersecurity professionals can work individually or in teams to fulfill both offensive and defensive missions to defeat real-world threats in high-fidelity environments. Missions, security tools and objectives are based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. This gives us at Circadence a unique perspective on the practical application of both the NIST and NICE frameworks.

It seems we continue to define individual work roles without looking at how to practically combine them into teams. The NIST Cybersecurity Framework outlines everything an organization must do (as an integrated team), but most organizations don’t know how to take all the work roles from NICE/NIST 800-181 and map those to build out a workforce.

Circadence wants to postulate different team structures (and sizes) for all of our missions in order to capture what is and is not working. We can then share this data so organizations can adapt their concepts around team approaches to both offense and defense.

Simplicity Is Key to Widespread Adoption

Another challenge with the NCWF is the complexity of work roles. Although the 52 work roles outlined are aligned with job codes for the Office of Personnel Management (government), this is not the case for corporate America, where the tasks and KSAs for a security analyst can vary greatly among organizations.

Because of this, we spend a lot of time trying to create a common lexicon so that different people who use different tools can work together and pass information quickly. I’m advocating for SIMPLICITY built around TEAM requirements to ensure there are no gaps or substantial overlaps (although some overlap of skills makes sense for timeliness in the response). This will allow organizations to make a more practical application of the NIST and NICE frameworks, encouraging a more widespread adoption.

Next Steps

Future versions of the NCWF should offer more of a practical application through team concepts and simplified definitions of work roles. Embracing the TEAM APPROACH and SIMPLICITY will encourage more widespread adoption of the framework from enterprise security organizations, bringing more standardization of work roles and the associated skills. This will also help to define cybersecurity career paths for the next generation, which in turn will address the growing workforce shortage.

Test Your Skills in the Cyber Mission Café during AFCEA TechNet Augusta, Booth #802

Reading Time: 1 minute

Security practitioners of all skill levels are invited to join Circadence® at Booth #802 during the TechNet Augusta Conference August 8-10. Spend some time in our Cyber Mission Café testing your cyber skills or practicing offensive and defensive tactics in the gamified, AI-powered Project Ares® platform.

The focus of this year’s conference is the integration of cyberspace, electronic warfare, and intelligence and many conference sessions will address cyber warfare strategies, preparation and training. In between these hard-hitting conference sessions, visit the Cyber Mission Café to kick back, test your skills and assess your cyber expertise on the Circadence Project Ares platform.

Combining artificial intelligence with virtual machine orchestration, Project Ares offers a completely immersive, interactive, real-world environment for training and assessment. In the café, you can spend time honing your skills in the Battle School or get the true, gamified experience by facing off with peers in realistic, mission-specific virtual environments.

Circadence Project Ares has taken cyber training out of the classroom, and with a full ‘rucksack’ of real-world tools and a large library of mission scenarios it is already a trusted source of continuous cybersecurity training, education and preparedness for many entities in the defense and government sectors.

As you plan your TechNet Augusta experience this week, make time to visit the Circadence Cyber Mission Café at Booth #802 for a unique, immersive cybersecurity training experience.