The NIST NICE Framework
On May 2nd, 2019, The White House Administration issued an Executive Order (EO) that stated: “a superior cybersecurity workforce will promote American prosperity and preserve peace.”
The EO encourages widespread adoption of the NIST NICE Cybersecurity Framework, and its integration into education, training, and workforce development efforts. The NIST NICE Framework is a common taxonomy and lexicon that categorizes and describes cybersecurity work and workers regardless of organization or industry. This national resource aims to standardize cybersecurity workforce definitions across the public, private, and academic sectors so that the entire cybersecurity industry speaks a common language and shares common goals.
NIST NICE Framework includes the following components:
- 7 Categories defining high-level cybersecurity functions.
- 33 Specialty Areas defining distinct areas of cybersecurity work.
- 52 Work Roles defining detailed groupings of cybersecurity work comprised of specific knowledge, skills, and abilities (KSA) required to perform tasks in a work role.
Cyberbit Range is a cybersecurity training platform enabling organizations to simulate real-world cyberattacks in a hyper-realistic virtual SOC environment for the purpose of training and educating cybersecurity workforce. Cyberbit Range is aligned with the NICE framework enabling organization to align training, hiring and education programs with NICE standards.
Why Map Your Programs to NICE Framework?
Educators
Ensuring your students are armed with the required knowledge for them to be successful in their careers is one of the key values in the education system. The NICE Framework is a reference to develop curriculum, courses, seminars, and research that cover the KSAs you aim your students to have for the roles that your students may want to play in their future career in cybersecurity. For example: for your student to successful as a Tier-2 analyst the NICE Framework details exactly which skills they will need to have to fill this role. This will make it easier for you to build out your curriculum, classwork, and at home assignments to provide the information that your students need for future success.
Ensuring that the graduates of your program can claim mandatory skills for hiring into government or government influenced organizations gives them a distinct advantage over other competing graduates. Additionally, maintaining an edge over more experienced but non-KSA-aligned practitioners will allow them to get a job quicker with a higher salary.
SOC Managers and CISOs
Preventing a critical attack is one of the primary responsibilities of any SOC. It is imperative that your team possess the required skills to prevent this attack. Given that most SOC Managers or CISOs believe their team to be under-skilled and under-qualified to prevent a critical attack, having a framework in place provides a road map to skill training and qualification. By using the NICE Cybersecurity Framework, you can detail exactly which role the members of your team are taking, which skills are required for the assigned role, and what training needs to take place for them to be successful.
Recruiters and HR Managers
It is becoming increasingly difficult and competitive to hire qualified candidates to work on the cybersecurity team inside your organization. Aligning with NICE KSAs allows you to more easily compare candidates from diverse backgrounds (also ensuring that you comply with the EO if you are a government or government influenced organization). An additional tool in your arsenal is the ability to run prospective candidates through exercises that will test if they have the required skills to fill the specified role. Using NICE Work Roles and Skills will also help you to determine accurate and applicable training programs, leading to better-qualified employees and higher employee retention.