Virginia Adopts Feds’ Cybersecurity Workforce Framework
Last May, Virginia Governor Terry McAuliffe called on Congress to build a bi-partisan national plan for cybersecurity employment that spanned states, cities, counties and the federal government.
In remarks at the VMware Public Sector Innovation Summit, McAuliffe pointed out that neither the House nor the Senate had dedicated committees to combat what he called the “biggest threat that faces the United States of America.” (via StateScoop)
As the tech sector has been saying for years, meeting the cybersecurity menace requires education, training, and, most importantly, a plethora of skilled security professionals. Earlier this month–although not directly related but somewhat tied to the Governor’s clarion call–the feds took a step in that direction, releasing Special Publication 800-801, otherwise known as the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.
Workforce is the operative term here. The publication is the feds’ guidebook for addressing the cybersecurity skills gap by providing organizations with a common, consistent language that classifies such work by three designations: Category, specialty and role. In other words, let’s all start on the same page and from that jumping off point build a cybersecurity workforce through strategic development, planning, training, and education.
On the surface it may not seem like a big deal but it is. While Virginia isn’t the first state to reference the framework, Governor McAuliffe claimed it is the first to formally endorse and fit it into its existing cybersecurity education and hiring efforts as part of its ecosystem.
“Adding this framework to our current efforts led by the Secretaries of Technology, Education, Commerce and Trade, and Administration will strengthen the commonwealth’s ability to address the high demand for skilled cybersecurity professionals and enhance our position as a global leader in cybersecurity,” Governor McAuliffe said. Despite a high concentration of skilled cybersecurity professionals, Virginia still needs to press ahead on its education and training efforts to “thwart compromising cyberattacks,” he said.
The state’s K-12 career technical education programs and community college system have adopted curriculum development models based on the NICE framework, enabling secondary and post-secondary education and training to adhere to the same development guidelines, McAuliffe said.
NICE director Rodney Petersen told StateScoop the organization does not formally track which states have adopted the framework but has received positive anecdotal feedback referencing it.
“The more it is used across government (federal and state), academia, training organizations, and private sector employers, the more we can move as a nation towards a common definition of the problem and solution for addressing our nation’s cybersecurity workforce shortage,” he reportedly said.
Earnest talk of a cybersecurity talent gap began as recently as five years ago with warnings from the IT security community that there weren’t enough skilled pros to ward off the bad guys. According to researcher and consultant Cybersecurity Ventures, the fundamental problem is money: Not enough is spent on cybersecurity to dent the losses that attacks inflict on businesses.
Here’s some data:
- Global spending on cybersecurity products and services to combat cybercrime will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021.
- Cybercrime globally will cost $6 trillion annually by 2021, double that of 2015.
- Some 1.5 million cybersecurity jobs in the U.S. will be open by 2019, 50 percent more than in 2016.
- The U.S. cybersecurity unemployment rate will remain at zero percent over the next five years, from 2017 to 2021.
To the extent that the NICE workforce framework can drive up cybersecurity employment and correspondingly suppress the cost of attacks across all organizations, it will be a welcome tool.