Be cyber smart: Train your staff and leaders

Key Takeaways

Week 3 of Cybersecurity Awareness Month is focused on training and educating new cybersecurity workers.

It is no surprise that there is a shortage of such workers. According to recent studies, the United States has less than half the workers that it needs in the cybersecurity field. The reasons for this gap are plentiful, but mainly evolve around the fact that “Emerging jobs like cybersecurity roles are typically tough to deal with. They are new, fast changing, and it takes time to build the right programs to fill the demand.”

With that in mind, the Cybersecurity and Infrastructure Security Agency (CISA) has released a new “Cybersecurity Workforce Training Guide." I was able to review the guide and found it to be a very useful tool for all types of employees, not just those seeking a career focused solely on cybersecurity. The guide itself covers seven Categories, each comprised of Specialty Areas and Work Roles. Those categories are:

1. Analyze - Performs highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence
2. Collect and Operate - Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence
3. Investigate - Investigates cybersecurity events or crimes related to information technology systems, networks, and digital evidence
4. Operate and Maintain - Provides the support, administration and maintenance necessary to ensure effective and efficient information technology system performance and security
5. Oversee and Govern - Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work
6. Protect and Defend - Identifies, analyzes, and mitigates threats to internal information technology systems and/or networks
7. Securely Provision - Conceptualizes, designs, procures, and/or builds secure information technology systems, with responsibility for aspects of system and/or networks development

With those categories in mind, there are also detailed sections on the types of work roles and skills required.

The guide contains additional resources that will raise ones’ skill level to better support cyber security functions. The premier online resource for cybersecurity training courses is the National Initiative for Cybersecurity Careers and Studies (NICCS). This site provides:

• Over 6,000 cybersecurity-related training courses to choose from in the NICCS Education & Training Catalog – both virtual and in-person, no cost and paid.
• A NICE Framework Mapping Tool which allows you to enter information about a cyber position and generate a report to better understand how well you align to the NICE Framework.
• A NEW! Cyber Career Pathways Tool which is an interactive way to explore the key attributes of the NICE Framework Work Roles and plan out your cybersecurity career path.
• Cybersecurity curricula and resources for teachers and students in grades kindergarten through 12th grade (K-12) such as course content, posters, brochures, tip cards and more.
• A Veterans User Guide and Communications Manual which has resources for individuals looking to transition from military service into a career in cybersecurity including scholarship information for those looking to go back to school.

The chart below shows a more visual way to determine an appropriate career path.

You can also use the new online pathways tool to better understand and develop your career path. Cyber Career Pathways Tool | National Initiative for Cybersecurity Careers and Studies (cisa.gov)

Once you know your career path, finding the right trainings and experiences are critical. These can range from professional development training courses offered by CISA to competitions and games that encourage players to practice, hone cybersecurity skills and build confidence in a controlled, real-world environment. Certifications and experiences like internships, job shadowing and mentoring are also available. Finally, there is this fabulous virtual bookshelf near the end of the guide that offers a few suggestions for self-learning. These online publications cover cybersecurity, leadership, communication and professional development and are available at no-cost via download. There’s pretty much something for everyone!

The guide ends with a list of resources that range from K-12 courses and scholarship opportunities to advanced cybersecurity training courses and career advancement. Here are just a few of the additional resources:

• CISA Careers - CISA is committed to hiring a highly talented, dedicated, diverse workforce and offers multiple opportunities for employment. Explore career options and join the CISA workforce.
• Cyber Career Pathways Tool - The Cyber Career Pathways Tool presents a new and interactive way to explore work roles within the Workforce Framework for Cybersecurity (NICE Framework). It depicts the Cyber Workforce according to five distinct, yet complementary, skill communities.
• CyberCorps®: Scholarship for Service (SFS) Program the CyberCorps® - The Scholarship for Service Program is designed to recruit and train the next generation of cybersecurity professionals to meet the needs of federal and SLTT governments. CISA partners with the National Science Foundation and the Office of Personnel Management to provide institutions with funding towards scholarships for cybersecurity-related degree programs at two- and four-year colleges and universities.
• Cybersecurity Publications Library - CISA’s publications library is frequently updated with new resources and includes the latest cybersecurity topics and issues.
• Cybersecurity Training & Exercises - Training is essential to preparing the cybersecurity workforce of tomorrow, and for keeping current cybersecurity workers up to date on skills and evolving threats. CISA is committed to providing the nation with access to cybersecurity training and workforce development efforts to develop a more resilient and capable cyber nation.
• FedVTE - The Federal Virtual Training Environment (FedVTE) provides free online cybersecurity training to federal, state, local, tribal and territorial government employees, federal contractors, U.S. military veterans and the public.
• National Initiative for Cybersecurity Careers and Studies (NICCS) website - NICCS has cybersecurity training/certification prep courses and education resources that connect government employees, students, educators, and industry with training providers throughout the nation.
• NICE Framework Mapping Tool - The NICE Framework Mapping Tool takes the guesswork out of using the NICE Framework - simply answer questions about each cybersecurity related position and the tool will show you how each position aligns to the NICE Framework and what can be done to strengthen your cybersecurity team.

Feel free to share this article and the Cybersecurity Workforce Training Guide with anyone that has an interest in a cybersecurity career or want to add cybersecurity knowledge and skills to their current position. For additional information, you can reach out to Rita Reynolds, NACo CIO at rreynolds@naco.org.