breaking out the cybersecurity workforce framework · 2017. 5. 16. · the framework: what is it?...

Breaking Out the Cybersecurity Workforce Framework

Ray TrygstadIndustry Professor of Information Technology & Management; Associate Director, IIT Center for Cyber Security & Forensics Education

The Framework: What Is It?

• NICE Cybersecurity Workforce Framework (NCWF)– NIST Special Publication 800-181 (draft)

• A national resource that categorizes and describes cybersecurity work

• Began as Federal effort and expanded beyond in 2010

The Framework: What Is It?

• The foundation for increasing the size and capability of the U.S. cybersecurity workforce; it provides– A common definition of cybersecurity– A comprehensive list of cybersecurity tasks– The knowledge, skills, and abilities

required to perform those tasks

The Framework: What Is It?

• By using the Framework:– Educators can create programs aligned to jobs– Students will graduate with knowledge and

skills employers need– Employers can recruit from a larger pool of

more qualified candidates– Employees will have portable skills and better

defined career paths and opportunities

– Policy makers can set standards to promote workforce professionalization

The Framework: Structure

• Seven Categories – High-level grouping of common cybersecurity

functions

• Thirty-Three Specialty Areas– Distinct areas of cybersecurity work

• Fifty-Two Work Roles – Most detailed groupings comprised of specific

knowledge, skills, and abilities required to perform specific tasks in a work role

The Framework: Categories

Operate and

Maintain

Securely Provision

Protectand

Defend

Oversee and

Govern

Analyze Investigate

Collect and

Operate

The Framework: Categories

• Securely Provision (SP)– Conceptualize, design and build secure

information technology (IT) systems, with responsibility for aspects of systems and/or networks development

• Operate and Maintain (OM)– Provide support, administration, and

maintenance necessary to ensure effective and efficient information technology (IT) system performance and security

The Framework: Categories

• Oversee and Govern (OV)– Provide leadership, management,

direction, or development and advocacy so the organization may effectively conduct cybersecurity work

• Protect and Defend (PR)– Identify, analyze, and mitigate threats to

internal information technology (IT) systems and/or networks

The Framework: Categories

• Analyze (AN)– Perform highly specialized review and

evaluation of incoming cybersecurity information to determine usefulness for intelligence

• Collect and Operate (CO)– Provide specialized denial and deception

operations and collection of cybersecurity information that may be used to develop intelligence

The Framework: Categories

• Investigate (IN)– Investigate cybersecurity events or crimes

related to information technology (IT) systems, networks, and digital evidence

Area/Work Role Relationships

Tied to and works with…

The Framework: Work Roles

• Comprised of tasks with associated knowledge, skills, and abilities– Tasks drawn from list of 928 tasks– Knowledge drawn from list of 614 items– Skills drawn from 359 items– Specific abilities drawn from list of 119 items

• Several work roles may be included in a single position

The Framework: Tasks

The Framework: Knowledge

The Framework: Skills

The Framework: Abilities

The Framework: Work Roles

Breaking Out the Work Roles

• Not currently in usable state• Probably need additional information

– OPM Cybersecurity Category/Specialty Area Code (drawn from Specialty Areas)

– Job titles associate with this work role

• Expand codes into actual paragraphs– “Expanded work roles” we have titled

Work Role Details

Uses of Expanded Work Roles

• Consistent position/job descriptions– Support HR for staffing the cybersecurity

function in the organization– Mapping against NIST Cybersecurity

Framework implementation will allow determination of proper staffing levels

– Work Roles are not just security roles; many are for straight IT staff with addition of clearly defined security roles & responsibilities

Uses of Expanded Work Roles

• Curricular design to allow educational preparation for specific work roles– Cross map to Knowledge Units in NSA/

DHS Centers of Academic Excellence– Cross map to ACM/IEEE-CS model

curricula in IT and Cybersecurity as well as ABET Accreditation Standards

– Cross-check against course design & course objectives/outcomes

Uses of Expanded Work Roles

• Technology providers can identify cybersecurity Work Roles and specific Tasks and KSAs associated with services and hardware/software products they supply

Flaws in the Draft

• Good thing it’s a draft!• Wanted to create Work Role Details for

disaster recovery/business continuity– No work roles defined in the Framework– Hundreds of job titles in this field

• Lists of Tasks, Knowledge, Skills, & Abilities not in any order– Additions just get tacked on the end

Directions from here…

• Review & Comment period for the Framework ended in January 2017

• First “official” version will be published this spring

• Get it…use it…it’s free and it’s in the public domain so you can adapt it any way you want

Key Bibliography Items

• National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Draft Version 1.1 January 10, 2017 https://www.nist.gov/cyberframework/draft-version-11

• Newhouse, Bill; Keith, Stephanie; Scribner, Benjamin; & Witte, Greg Draft NIST Special Publication 800-181 NICE Cybersecurity Workforce Framework (NCWF) National Institute of Standards and Technology November 2016 http://csrc.nist.gov/publications/drafts/800-181/sp800_181_draft.pdf

• U.S. Department of Homeland Security The National Cybersecurity Workforce Framework https://www.dhs.gov/national-cybersecurity-workforce-framework

• U.S. Department of Defense DoD Cyberspace Workforce Framework (DCWF) Overview February 2016 http://dcips.dtic.mil/documents/Day1_1430-1530hrs,DoDCyberspaceWorkforceFrameworkOverview.pdf

The End…

• Questions?

• Thank you!

• Ray Trygstadtrygstad@iit.eduhttp://trygstad.rice.iit.edu/630-447-9009