The Feds Jump Onto CyberSecurity Education and Careers with NICCS

There’s a big, bold, complex and new cybersecurity framework in town, and it comes from a source that seldom gets described using the terms “bold” and “new” — though “big” and “complex” are its stock in trade. Yes, that’s right: I’m talking about the government of the United States, specifically the Computer Emergency Readiness Team (CERT, aka US-CERT) in the Department of Homeland Security. The name of this program is the National Initiative for Cybersecurity Careers and Studies (NICSS), and it’s designed as a massive source of information on cybersecurity for the general public, students and their teachers, cybersecurity professionals and managers, policymakers, veterans, and other folks, too.

While it provides general computer and Internet security information, including an interesting Cybersecurity How-To Guide, its most important aim is to provide information for those interested in studying the topic, and for those interested in pursuing a career in cybersecurity. The organization is in the process of assembling a training catalog that will combine pointers to academic, professional, vocational, and commercial training in cybersecurity, with a massive collection of information about cybersecurity-related work categories, with job roles and titles and KSA (Knowledge, Skills, and Abilities) inventories to go with them, all in the context of a Cybersecurity Workforce Framework. These are divided into the 6 categories shown in the following figure, further organized into 31 distinct specialty areas.

The NICCS framework defines some basic building blocks to establish and maintain a strong security posture.

Ultimately, this mammoth collection of information will be indexed and organized by an “Education and Training Catalog Search” tool that will let interested site visitors find courses by any of the various ways of slicing and dicing coverage and content for various cybersecurity job roles. Right now, there’s only a dummied-up demo catalog to play with that lacks any real data. But even that is interesting to visit and play with, and there’s a lot to learn about how modern IT is organized and practiced by perusing the categories and specialties that the catalog (and other information silos on this website) covers.

To me, of course, the most interesting area in the site is the section on “Professional Certifications,” which currently features 26 different credentials (CISSP and SSCP are each listed twice for some reason but I only counted them once) out of a field of 120-130, as far as my most recent but still incomplete information security certification survey for 2013 goes. Here’s a compacted list of what’s mentioned:

I don’t see too many surprises there (though given the DoD’s recognition of the CompTIA Advanced Security Practitioner, or CASP, just recently I do expect it to show up here sometime soon as well). I’ve had enough trouble getting solid, objective info on the Security Certified Program (SCP) credentials that I’ve kind of written them off; their appearance here with the SCNP and SCNA is surprising, and I’m also a little surprised to see that none of the Cisco security certs made the grade, even though CCNA and CCNP Security are on the same DoD cert list that CASP just joined recently (that DoD Information Assurance or IA registry is documented in the 8570.01-M Manual). But again where government agencies are concerned, I don’t necessarily expect them to be completely in synch with one another: the DHS is not part of the DoD, after all.