How to Align Training With the NIST NICE Framework

The talent gap in the cybersecurity workforce has been widening every year. In 2018, (ISC)2 estimated the shortage at 2.93 million cybersecurity professionals globally, with more than 60 percent of organizations needing more staff. It’s a significant increase from previous (ISC)2 security workforce studies — the 2017 report forecast a 1.8 million gap by 2022, which was a 20 percent increase since 2015.

Despite this growing need, employers are struggling to find qualified candidates and link job candidates’ skills with operational needs. The National Initiative for Cybersecurity Education (NICE) Framework aims to provide a common lexicon to help U.S. employees assess the workforce, while at the same time helping cybersecurity workers understand the knowledge, skills and abilities they need to launch and further their careers.

If you’re seeking cybersecurity training, it’s a good idea to familiarize yourself with NICE and understand how your training aligns with it. While NICE is still new as of 2019, government agencies outside of the federal government have started to adopt this framework. And since the private sector and academia helped develop it, it’s likely that many private employers will also start using it as a workforce recruitment and retention tool.

What Is the NIST NICE Framework?

Developed by the National Institute of Standards and Technology (NIST), the NICE Cybersecurity Workforce Framework was the result of a 2017 presidential executive order on strengthening the cybersecurity of federal networks and critical infrastructure. The massive 2014 breach of the U.S. Office of Personnel Management underscored the need for federal cybersecurity improvements. The idea behind the NICE national initiative, however, is to strengthen security not only within the government but also in the private sector.

The NICE Framework is similar to another set of guidelines whose goal is to help address (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/bVqT7oxdT_0/