There are more than 300,000 open jobs in cybersecurity in the United States according to CyberSeek.org— in other words, it’s a job seeker’s market. Competition among employers for talent often creates significant workforce turnover as employees seek increased pay, better benefits, greater responsibilities, improved workforce culture, or a more desirable location.
This churn in the cybersecurity workforce has become our new normal, and employers and policymakers should embrace more standardized ways of addressing workforce gaps efficiently and effectively.
It would benefit the entire cybersecurity marketplace if employers could more easily understand an employee’s capabilities and if employees could communicate to employers that they have the necessary skills. America’s Cybersecurity Workforce Executive Order, signed by President Donald J. Trump on May 2, 2019, seeks to support an increasingly mobile cybersecurity workforce by establishing programs and policies that will help employers and in-demand employees find one another.
The preferred approach to make these connections is for organizations to use the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. The NICE Framework was created as a standard for cybersecurity workforce management as well as for the delivery of education and training content. The NICE Framework establishes a common lexicon that categorizes and describes cybersecurity work, to be applied broadly in public, private, and academic sectors. NICE is a public-private partnership that is led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.
The NICE Framework identifies the most important distinctive roles that comprise cybersecurity work. In some cases, a single person could perform a single work role (e.g., cybersecurity analyst); in other cases, especially for smaller organizations, a single person may perform multiple work roles. Cybersecurity roles are often technical, but they also involve administrative and policy functions. Each individual work role is described by the key tasks associated with the role, and each task is defined by the knowledge, skills, and abilities that are needed to perform it.
If you are an employer, the NICE Framework can help you identify the expectations and structure of the cybersecurity workforce within your organization. It will help you assess employees’ knowledge and skills and establish a clear professional development plan for increasing their competencies. As employers begin to use the NICE Framework for workforce management, it will facilitate career growth and transitions of employees within their organization, between organizations, or across different sectors of the American economy.
If you are a learner or job seeker, the NICE Framework provides a roadmap for the competencies that you will need to perform cybersecurity work roles. If employers use the Framework to develop position descriptions, you will have the ability to adapt the knowledge and skills that you have acquired to demonstrate your qualifications clearly. As you plan your cybersecurity career pathway, you can develop a personal learning portfolio that will enhance your opportunities for career advancement. The likelihood of a good fit between employers and job candidates is strengthened if the marketplace is standardized around the use of the NICE Framework.
In short, the NICE Framework is a good idea because it’s going to help the market for employers and employees while simultaneously helping improve cybersecurity from the ground up.
As America’s standards leader for government, and close partner with private and public sectors alike, NIST is committed to bringing all communities of interest together to create shared approaches addressing complex technological and economic challenges. As U.S. employers seek the best possible talent to achieve their organizational risk management objectives in a marketplace where employee turnover and change are inevitable, we are confident they will find the NICE Cybersecurity Workforce Framework an invaluable tool. The NICE Framework helps them attract and to retain a qualified cyber workforce to contribute to their effectiveness and their bottom line.
Dr. Walter G. Copan, Director, National Institute of Standards and Technology, [email protected]