National Initiative for Cybersecurity Education

NICE celebrates 10 years

The Comprehensive National Cybersecurity Initiative (CNCI), established by President George W. Bush in January 2008, included over twelve Initiatives, one of which, Initiative 8, was aimed at making the Federal cybersecurity workforce better prepared to handle cybersecurity challenges.

In May 2009, the Cyberspace Policy Review, directed by President Barack Obama,  elevated the CNCI Initiative 8, which had initially been focused on improving the Federal cybersecurity workforce's ability to perform cybersecurity work. The scope was expanded beyond the Federal workforce to include the private sector workforce, truly making it a national charge.

In March 2010, the Obama administration declassified limited material regarding the CNCI, making Initiative 8 public: Initiative #8. Expand cyber education. While billions of dollars are being spent on new technologies to secure the U.S. Government in cyberspace, it is the people with the right knowledge, skills, and abilities to implement those technologies who will determine success. However there are not enough cybersecurity experts within the Federal Government or private sector to implement the CNCI, nor is there an adequately established Federal cybersecurity career field. Existing cybersecurity training and personnel development programs, while good, are limited in focus and lack unity of effort. In order to effectively ensure our continued technical advantage and future cybersecurity, we must develop a technologically-skilled and cyber-savvy workforce and an effective pipeline of future employees. It will take a national strategy, similar to the effort to upgrade science and mathematics education in the 1950s, to meet this challenge. Additionally, the CNCI described training, education, and professional development programs as lacking “unity of effort”.

Cybersecurity Enhancement Act of 2014 Title IV established the “National cybersecurity awareness and education program”, which is now known as the National Initiative for Cybersecurity Education (NICE).

The Workforce Framework for Cybersecurity (NICE Framework), has been referenced in legislation and strategic plans.  NICE is currently working on Success Stories that show how organizations across the public, private, and academic sectors have used the NICE Framework to help with performing workforce audits, creating learning outcomes, validating knowledge and skills, and many other ways.

A digital economy enabled by a knowledgeable and skilled cybersecurity workforce.[1]

To energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development.[1]

The Workforce Framework for Cybersecurity (NICE Framework)

NICE Cybersecurity Workforce Framework seven categories in color boxes.

The Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181,[2] is a national focused resource that categorizes and describes cybersecurity work. The publication serves as a fundamental reference to support a workforce capable of meeting an organization's cybersecurity needs by establishing a taxonomy and common lexicon that describes cybersecurity work and workers irrespective of where or for whom the work is performed. The NICE Framework is intended to be applied in the public, private, and academic sectors. Although the NICE Framework was published as a NIST Special Publication in August 2017, working drafts of the document have been in use since 2010. The publication is intended to be a living document that will be updated periodically based on change requests to the NICE Program Office.  A plethora of tools and resources exist for learning about and implementing the NICE Framework.

On November 16, 2020 NICE released NIST Special Publication 800-181 revision 1, the updated Workforce Framework for Cybersecurity (NICE Framework) provides a set of building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work performed by individuals and teams. Through these building blocks, the NICE Framework enables organizations to develop their workforces to perform cybersecurity work, and it helps learners to explore cybersecurity work and to engage in appropriate learning activities to develop their knowledge and skills. Learn more at nist.gov/nice/framework.   

NICE Strategic Plan

The Cybersecurity Enhancement Act of 2014 requires that a strategic plan be developed and implemented every five years. The current NICE Strategic Plan includes a multitude of guiding values and three primary goals: 1) Accelerate Learning and Skills Development, 2) Nurture a Diverse Learning Community, and 3) Guide Career Planning and Workforce Development. See the current and past versions of the NICE Strategic Plan at nist.gov/nice.

On October 27, 2020 NICE released the new NICE Strategic Plan at the annual NICE Conference and Expo 2020.  The plan sets a bold vision to prepare, grow, and sustain a cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity.  This “cybersecurity workforce” includes those whose primary focus is on cybersecurity as well as those in the workforce who need specific cybersecurity-related knowledge and skills in order to perform their work in a way that enables organizations to properly manage the cybersecurity-related risks to the enterprise.  

Strategic goals include:

• Promote the Discovery of Cybersecurity Careers and Multiple Pathways
• Transform Learning to Build and Sustain a Diverse and Skilled Workforce
• Modernize the Talent Management Process to Address Cybersecurity Skills Gaps
• Expand Use of the Workforce Framework for Cybersecurity (NICE Framework)

• Drive Research on Effective Practices for Cybersecurity Workforce Development

The goals and objectives in the strategic plan will be augmented by implementation plans and corresponding metrics developed through a consultative process.  Closing the cybersecurity skills gap necessitates a community effort.  To achieve success, the public and private sectors need to work together and embrace the plan’s values: foster communication, facilitate collaboration, and share and leverage resources to support community-developed approaches and solutions.

Supporting the Growth and Sustainment of the Nation's Cybersecurity Workforce: Building the Foundation for a More Secure American Future

In May 2017, President Donald Trump issued the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. In part, the order states that it is the policy of the United States “to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace.” Consequently, the Secretary of Commerce and Secretary of Homeland Security were directed to provide a report to the President with findings and recommendations regarding how to support the growth and sustainment of the Nation's cybersecurity workforce in both the public and private sectors. The report, Supporting the Growth and Sustainment of the Nation's Cybersecurity Workforce: Building the Foundation for a More Secure American Future, is the response to this charge.

NICE Framework Work Role Capability Indicators: Indicators for Performing Work Roles

The NICE Framework Work Role Capability Indicators: Indicators for Performing Work Roles, draft NIST Interagency Report 8193, was co-authored by representatives from the U.S. Department of Homeland Security, National Institute of Standards and Technology, and Booz Allen Hamilton Inc. The document helps determine what qualities or accomplishments indicate that someone is suitable to perform a particular job or activity. These qualities are defined in this report as “capability indicators.”

NICE is headquartered at NIST facilities in Gaithersburg, Maryland. The NICE Program Office activities are organized into three categories: government engagement, industry engagement, and academic engagement.

Committees

NICE has several committees:

• NICE Interagency Coordinating Council  - The NICE Interagency Coordinating Council convenes Federal Government partners of NICE for consultation, communication, and coordination of policy initiatives and strategic directions related to cybersecurity education, training, and workforce development. The meetings provide an opportunity for the NICE Program Office, to communicate program updates with key partners in the Federal Government to learn about other Federal Government activities in support of NICE. The group will also identify and discuss policy issues and provide input into the strategic directions for NICE.
• NICE Community Coordinating Council - The NICE Working Group provides a mechanism for public and private sector participants to develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development. The meetings provide an opportunity for consultation and information-sharing between the government, academia, and the private sector. The NICE Working Group also identifies new initiatives that support the strategic objectives of NICE.
• NICE Conference Program Committee – The NICE Conference Program Committee serves as expert advisors to the NICE Program office, coordinators, and hosts of the NICE Conference. The Program Committee is responsible for identifying the conference theme and tracks as well as soliciting and selecting speaker proposals for the conference.
• NICE K12 Cybersecurity Education Conference Planning Committee – The NICE K12 Cybersecurity Education Conference Planning Committee assists and supports the NICE Program office, coordinators, and hosts of the NICE K12 Cybersecurity Education Conference.

• The Federal Cybersecurity Workforce Summit   The Federal Cybersecurity Workforce Summit and Webinar Series brings together Federal Government employees to bolster collaboration and information sharing among agencies focused on building and maintaining a robust cybersecurity workforce. This community forum brought together Federal government colleagues who are working first-hand on initiatives geared toward attracting and strengthening vital cybersecurity talent. In a 4-part Webinar Series, experts share information about cybersecurity workforce pay flexibilities, hiring flexibilities, candidate assessment strategies, and classification and titling guidance.
• Cybersecurity Career Awareness Week (CCAW) The Cybersecurity Career Awareness Week focuses local, regional, national, and global interest to inspire, educate and engage children through adults to pursue careers in cybersecurity. Each day of the week-long campaign highlights the contributions, innovations, and opportunities that can be found by exploring cybersecurity as a field of study or career choice.
• NICE Conference EXPO The NICE Conference is the annual convening of community members and thought leaders from education, government, industry, and non-profits to explore ways of developing a skilled cybersecurity workforce ready to meet the challenges of the future. The event provides an opportunity to signal NICE strategic directions and priorities, and a forum to showcase best practices.
• NICE K12 Cybersecurity Education Conference The NICE K12 Cybersecurity Education Conference brings together K12 educators and those interested in K12 cybersecurity education for today’s youth. This annual, two-day event helps attendees learn about increasing cybersecurity career awareness, integrating cybersecurity into educational portfolios, exploring innovative educational approaches, and designing academic and career pathways that are aligned to the NICE Cybersecurity Workforce Framework.

NICE Challenge Project

The NICE Challenge Project, led by California State University, San Bernardino, is designed to create a flexible set of challenge environments and supporting infrastructure with a low barrier of use in which one would be able to perform the tasks outlined in the Workforce Framework for Cybersecurity (NICE Framework). It can be used as a platform for instruction as well as to evaluate those who endeavor to be part of the cybersecurity workforce.

CyberSeek

CyberSeek, an interactive heat map and pathway tool, developed by CompTIA in partnership with Burning Glass Technologies, provides a data visualization of the need for and supply of cybersecurity workers to guide employers, job seekers, policy makers, education and training providers, and guidance counselors. CyberSeek includes a Cybersecurity Jobs Heat Map which shows information on the supply of workers with relevant credentials. This project also shows Career Pathways in cybersecurity that map opportunities for advancement in the field.

Regional Alliances and Multistakeholder Partnerships to Stimulate Cybersecurity Education and Workforce Development (RAMPS)

RAMPS was a program that provides funding opportunities to build multistakeholder workforce partnerships of employers, schools and institutions of higher education, and other community organizations.

• National Cybersecurity Career Awareness Week
• NICE Cybersecurity Workforce Framework
• NICE eNewsletter
• NICE Webinar Series
• NICE Tutorials
• NICE Conference
• NICE K12 Cybersecurity Education Conference
• List of computer security certifications
• Cyber security standards
• NICE One Pagers
• NICE Brochure

• Federal website for NICE
• NICE Public Working Group and subgroups