The information security news is not all bad, despite the annual August double-tap of Black Hat and DEF CON. The raft of vulnerabilities revealed at those two events can leave you feeling like everything's hacked and hopeless, but fortunately some folks are busy addressing one of the main reasons that the struggle to protect information systems can seem like an uphill battle: the global shortage of skilled security practitioners, predicted to reach 1.5 million by 2020*. In the United States there are currently more than 209,000 unfilled cybersecurity jobs and the demand for information security professionals is expected to grow by 53 percent through 2018 (according to an independent study cited by CSO Online**).

In the United States, one way in which the federal government has addressed this problem is NICE, the National Initiative For Cybersecurity Education. And one of the ways in which NICE seeks to promote cybersecurity education and workforce development is with a two-day annual conference. In 2015, the NICE conference is being held in November, in San Diego, and you can find the details here. If you or your organization are involved in cybersecurity education and workforce development then you might want to consider not only attending NICE 2015, but also sharing your knowledge, experiences, lessons learned, and so on. The Call for Proposals is still open.

The cybersecurity education and workforce deficit has been discussed several times here on We Live Security, for example during the RSA conference. I certainly believe there is an urgent need to train more people in this field and foster cybersecurity as a career choice for students who are still in school. For example, the annual Cyber Boot Camp that ESET facilitates in San Diego every year is targeted directly at this problem. If you haven't heard of the boot camp before, here's a short video:

NICE Goals

NICE is a public-private partnership between government, academia, and the private sector. The mission of NICE is: "Cultivating an integrated cybersecurity workforce that is globally competitive from hire to retire, with the knowledge, skills, and ability to protect our nation from existing and emerging challenges."

To this end, the organization seeks to expand the talent pool of cybersecurity workers by encouraging successful industry and education programs, facilitating change and innovation where needed, and bringing leadership and vision to this huge challenge. In order to accelerate learning and skills development, NICE works to:

  • Explore programs and techniques that can more rapidly increase the supply
  • Reduce the time and cost for obtaining necessary knowledge, skills, and abilities
  • Target displaced workers or underemployed individuals who are available and motivated

One NICE initiative in this area is the Cyber Education Map which plots schools offering cybersecurity programs across the country. Another way to both expand and improve the cybersecurity workforce is to bring a wide range of students into the educational pipeline that feeds industry and  government needs. To help establish a diverse learning community NICE works to:

  • Seek creative and effective efforts to increase the number of underrepresented populations
  • Drive cybersecurity career awareness, exploration, and preparedness into schools and younger populations
  • Leverage formal education programs, technical training and certifications, and co-curricular experiences

As for workforce Development and Career Planning, NICE has several initiatives underway, such as the interactive National Cybersecurity Workforce Framework which aims to "describe cybersecurity work regardless of organizational structures, job titles, or other potentially idiosyncratic conventions." If you've ever perused cybersecurity job postings, you know many organizations currently struggle just to describe the people they are looking for. This "language barrier" creates friction in the marketplace for skills. Additional NICE work in this area includes these goals:

  • Analyze data sources that project present and future workforce demand and supply of qualified workers
  • Explore tools and techniques that effectively measure and validate knowledge, skills, and abilities
  • Identify effective practices and solutions that enhance recruitment, hiring, promotion, and retention

All of these topics will be discussed at the NICE 2015 Conference and Expo. The cybersecurity education, training, and workforce needs of the nation will be addressed by thought leaders from education, government, industry and non-profits. The two-day event includes:

  • Face-to-face convening of public-private partners
  • An opportunity to signal NICE strategic directions and priorities
  • Forum to showcase best practices

Naturally, ESET will be at NICE 2015 and we hope to see you in San Diego in November. If you are involved in cybersecurity education and workforce projects, leave a comment and let us know. And consider submitting a proposal to present your work at the conference.

* The seventh annual (ISC)2 Global Workforce Survey, conducted by Frost & Sullivan, cited by SC Magazine
** Analysis of numbers from the Bureau of Labor Statistics by Peninsula Press (a project of the Stanford University Journalism Program) cited by CSO Online.