Below is an excerpt from a recent government publication. I have read the entire document. I think that even novice cybersecurity participants would be able to read and understand the information presented. I will include it in our CyberPatriot reading list. Here is the link: NIST document on cybersecurity
Draft NIST Roadmap for Improving Critical Infrastructure
Cybersecurity Version 1.1 December 5,
2017
4.3. Cybersecurity Workforce
A
skilled cybersecurity workforce is needed to meet the unique cybersecurity
needs of
critical
infrastructure. There is a well-documented shortage of cybersecurity
practitioners;15; there is an even more serious shortage of qualified
cybersecurity
practitioners
who also have an understanding of the unique challenges facing critical
infrastructure
owners and operators. As threats, vulnerabilities, and technology
environments
evolve, the cybersecurity workforce must continue to adapt to design,
develop,
implement, maintain and continuously improve the necessary cybersecurity
practices
within critical infrastructure environments.
Various
efforts, including the National Initiative for Cybersecurity Education (NICE),
are
fostering
the education and training of a cybersecurity workforce for the future and
establishing
an operational, sustainable and continually improving cybersecurity education
approach
to provide a pipeline of skilled workers for the private sector and government.
Organizations
must understand their current and future cybersecurity workforce needs
and
develop hiring, acquisition, and training resources to raise the level of
technical
competence
of those who build, operate, and defend data, systems, and networks
delivering
critical infrastructure services.
Building
on several years’ work with the Department of Defense (DoD) and the Department
of
Homeland Security (DHS), and via extensive public-private partnerships, NIST
has
published
the NICE Cybersecurity Workforce Framework (NICE Framework).16 The NICE
Framework
provides a fundamental reference resource for describing and sharing
information
about cybersecurity work roles, the discrete tasks performed by staff within
those
roles, and the knowledge, skills, and abilities (KSAs) needed to complete the
tasks
15 [LINK]
http://cyberseek.org/ - Interactive jobs heat map
and career pathways portal
16 [LINK]
https://doi.org/10.6028/NIST.SP.800-181
7 DRAFT
successfully.
The NICE Framework provides a common lexicon to categorize and describe
cybersecurity
work, improving communication about how to identify, recruit, develop, and
retain
cybersecurity staff.
Many
of the outcomes described in the Cybersecurity Framework Core are directly
related
to
the roles, activities, and responsibilities of organizational personnel. The
NICE
Framework
provides a complementary approach, describing the work roles that support
accomplishment
of the Cybersecurity Framework outcomes. In using the Cybersecurity
Framework’s
steps to develop a measurable action plan, organizations can identify the
specific
tasks and KSAs needed by those who will fulfill the functions, categories, and
subcategories
described in the Cybersecurity Framework Core. Appendix D.1 of the NICE
Framework
includes examples of this integration.
Through
NICE, NIST promotes cybersecurity workforce development activities via a public
working
group structure.17 These
activities may include further definition of how NICE
Framework
work roles, tasks, and KSAs help to fulfill Cybersecurity Framework objectives.
Additional
future activities are expected to include:
• Continue to extend and integrate NICE activities across critical
infrastructure
sectors
to raise awareness of workforce development tools;
• Emphasize coordination of K-12, higher education, and local
employers in regions
across
the nation;
• Identify and support applied research opportunities in areas
including
cybersecurity
education, training, and workforce; and
• Convene conferences, workshops, webinars, and other events that
support the
development
of cybersecurity education, training, and workforce resources; and
• Evolve
NICE publications and resources as informed by the above activities.