Content, Security Staff Acquisition & Development

How to Build A Cybersecurity Workforce: NICE Offers Employer Guide, Framework


The National Initiative for Cybersecurity Education (NICE), a partnership led by the National Institute of Standards and Technology (NIST) that emphasizes cybersecurity education, training and workforce development, has published the Cybersecurity Workforce Framework to help employers identify, recruit and develop cybersecurity talent.

The framework features a lexicon that classifies and describes cybersecurity work by category, specialty area and work role, NIST stated. By doing so, the framework allows employers to use consistent language in professional development initiatives, industry certifications, academic credentials and workforce training programs.

Employers can use the framework to define or provide guidance on different aspects of cybersecurity workforce development, planning, training and education, according to NIST.

Inside the Talent Guide

In addition, the framework enables employers to:

  • Inventory and track their cybersecurity workforce.
  • Analyze a workforce's strengths and gaps in terms of knowledge, skills and abilities.
  • Identify training and qualification requirements.
  • Improve position descriptions and job vacancy announcements.
  • Define relevant work roles.
  • Develop career paths for staff.
  • Establish a shared terminology between hiring managers and human resources (HR) staff for recruitment, retention and training.

The framework supports cybersecurity professionals and those who want to enter the cybersecurity field, along with HR staffing specialists and guidance counselors, NIST indicated. It also helps job-seekers and students understand which work roles and associated knowledge, skills and abilities that employers value most.

Most MSPs Struggle to Find Cybersecurity Talent

The guide arrives amid this market reality: Most MSPs are susceptible to a global cybersecurity talent shortage, which is reflected in a survey of 569 MSPs and value-added resellers (VARs) conducted by antivirus solutions company Kaspersky Lab.

The Kaspersky "MSP: Trends, Challenges and the Keys to Success in Managed Security in 2017" report revealed two-thirds of MSPs face a shortage of qualified IT security professionals for hire, and roughly half of MSPs encounter challenges with remote deployment and management of their cybersecurity solutions.

The number of cybersecurity jobs likely will rise over the next few years to keep pace with the increasing rate of cybercrime, according to cybersecurity research firm Cybersecurity Ventures.

Cybercrime is expected to cost $6 trillion globally by 2021, up from $3 trillion in 2015, the firm said in a prepared statement. Comparatively, the research has predicted there will be 3.5 million unfilled cybersecurity positions by 2021.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.