By the (ISC)² U.S. Government Advisory Board Executive Writers Bureau (EWB)
It takes many, many years for a business area of focus to emerge as a recognized profession. Certainly, cybersecurity is moving in that direction. How does one know? When the US government launches an initiative like the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, assuming the arduous task of defining each job function within the cybersecurity profession, the path for professionalization can’t be far behind.
The NICE Framework was driven in large part by the lack of consistency in how cybersecurity work is defined throughout government and (the rest of the world) and in determining what constitutes a ‘cyber security professional’. The initiative attempts to develop a common language regarding the work requirements of cybersecurity professionals but is based primarily on a federal government perspective, given the government’s urgent need to quickly hire adequately trained cybersecurity professionals. Without this Framework, the government lacks a complete understanding of the baseline capabilities required for various cybersecurity positions and cannot accurately identify gaps in the skills necessary to meet the critical demand for qualified cybersecurity personnel. Without a greater understanding of the cybersecurity profession, it will be difficult for agencies to recruit and hire the right talent and to develop a pipeline of future talent.
The intent of the NICE Framework is to provide a working taxonomy and common lexicon for the information security profession (similar to that which characterizes other professions) that can be overlaid onto any organization's existing occupational structure. The first draft of the Framework is available for public comment through January 27, 2012. If you have not seen the Framework, it can be accessed online for review. Comments should be sent via email. While certification bodies like (ISC)² have been providing feedback, the perspective of practitioners is really critical in order to validate the detail of the various job positions.
Everyone who plays a role in the cybersecurity profession is encouraged to review and comment on this document that is being positioned as the standard for both government and industry. Some agencies such as DHS and DoD are getting a head start and are already using the Framework for consideration in their workforce planning.
At first glance, you may notice a preponderance of Department of Defense terminology. The NICE leadership is aware of this and is encouraging those from private sector to comment in an effort to increase the Framework’s relevancy outside of government. Without comments from the private sector, this workforce-defining Framework will remain heavily weighted in government speak which was not the original intent of the NICE organization. The time is now to weigh in on this national priority! Don’t miss your chance.