IT Career JumpStart

Mar 1 2013   8:03PM GMT

The Feds Jump Onto CyberSecurity Education and Careers with NICCS

Ed Tittel Ed Tittel Profile: Ed Tittel

There’s a big, bold, complex and new cybersecurity framework in town, and it comes from a source that seldom gets described using the terms “bold” and “new” — though “big” and “complex” are its stock in trade. Yes, that’s right: I’m talking about the government of the United States, specifically the Computer Emergency Readiness Team (CERT, aka US-CERT) in the Department of Homeland Security. The name of this program is the National Initiative for Cybersecurity Careers and Studies (NICSS), and it’s designed as a massive source of information on cybersecurity for the general public, students and their teachers, cybersecurity professionals and managers, policymakers, veterans, and other folks, too.

While it provides general computer and Internet security information, including an interesting Cybersecurity How-To Guide, its most important aim is to provide information for those interested in studying the topic, and for those interested in pursuing a career in cybersecurity. The organization is in the process of assembling a training catalog that will combine pointers to academic, professional, vocational, and commercial training in cybersecurity, with a massive collection of information about cybersecurity-related work categories, with job roles and titles and KSA (Knowledge, Skills, and Abilities) inventories to go with them, all in the context of a Cybersecurity Workforce Framework. These are divided into the 6 categories shown in the following figure, further organized into 31 distinct specialty areas.

The NICCS framework defines some basic building blocks to establish and maintain a strong security posture.

The NICCS framework defines some basic building blocks to establish and maintain a strong security posture.

Ultimately, this mammoth collection of information will be indexed and organized by an “Education and Training Catalog Search” tool that will let interested site visitors find courses by any of the various ways of slicing and dicing coverage and content for various cybersecurity job roles. Right now, there’s only a dummied-up demo catalog to play with that lacks any real data. But even that is interesting to visit and play with, and there’s a lot to learn about how modern IT is organized and practiced by perusing the categories and specialties that the catalog (and other information silos on this website) covers.

To me, of course, the most interesting area in the site is the section on “Professional Certifications,” which currently features 26 different credentials (CISSP and SSCP are each listed twice for some reason but I only counted them once) out of a field of 120-130, as far as my most recent but still incomplete information security certification survey for 2013 goes. Here’s a compacted list of what’s mentioned:

NICSS Table of Recognized Cybersecurity Certs
(ISC)² Certified Information Systems Security Professional DRI Master Business Continuity Professional
(ISC)² Systems Security Certified Practitioner Electronic Commerce (EC) Council Certified Ethical Hacker
(ISC)² Certification and Accreditation Professional GIAC Certified Incident Handler
CERT Certified Computer Security Incident Handler GIAC Information Security Fundamentals
Certified Hacking Forensic Investigator GIAC Security Essentials Certification
Certified Expert Penetration Tester GIAC Security Leadership Certification
Certified Wireless Security Professional GIAC Systems and Network Auditor
CompTIA A+ ISACA Certified Information Security Manager
CompTIA Network+ ISACA Certified Information Systems Auditor
CompTIA Security+ Security Certified Program (SCP) Security Certified Network Professional
DRI Associate Business Continuity Professional Security Certified Program (SCP) Security Certified Network Architect
DRI Certified Business Continuity Professional Certified Hacking Forensic Investigator
DRI Certified Functional Continuity Professional Certified Penetration Tester

I don’t see too many surprises there (though given the DoD’s recognition of the CompTIA Advanced Security Practitioner, or CASP, just recently I do expect it to show up here sometime soon as well). I’ve had enough trouble getting solid, objective info on the Security Certified Program (SCP) credentials that I’ve kind of written them off; their appearance here with the SCNP and SCNA is surprising, and I’m also a little surprised to see that none of the Cisco security certs made the grade, even though CCNA and CCNP Security are on the same DoD cert list that CASP just joined recently (that DoD Information Assurance or IA registry is documented in the 8570.01-M Manual). But again where government agencies are concerned, I don’t necessarily expect them to be completely in synch with one another: the DHS is not part of the DoD, after all.

5  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Kevin Beaver
    Thanks for this good info Ed. I wasn't aware of this program. I don't agree with a lot of the redundancy, waste, and control that comes out of D.C. but these resources do underscore the importance of educating yourself if you work in or around information security.As Earl Schoff once said, "Learn to work harder on yourself than you do on your job. If you work hard on your job you'll make a living…if you work hard on yourself you can make a fortune." Very true - especially in IT!
    27,525 pointsBadges:
  • Ed Tittel
    Great comment, Kevin. I'm hopeful that when the actual content gets delivered that what I see as great potential value turns into even better real and actual value. Jury's still out, though: lots of government projects have made wonderful promises, then delivered little or nothing to meet them. As you can tell, I'm torn between optimism and the burden of history (realism/pessismism).Thanks for the remark from Earl Schoff, though: it remains true for each and every one of us, no matter whether the feds (or anybody else) comes through or not.Take care, and thanks again.--Ed--
    13,835 pointsBadges:
  • TomLiotta
    For the U.S.A., an unfornate fact is that government initiatives are driven by "voters". Many years in government service taught me that projects often are scoped, designed, started... and then... An election brings a new administration, with a new "mandate from the voters". Project resources get reduced or redirected, or the projects are scrapped in favor of 'New! Improved! Project X 2.0'. It can be incredibly frustrating to work long-term as a government employee. -- Tom
    125,585 pointsBadges:
  • TomLiotta
    "...unfortunate fact" that these posts can't be edited after posting... -- Tom
    125,585 pointsBadges:
  • Ed Tittel
    Tom:Indeed this is part and parcel of the back-n-forth that a democracy entails. Great observation! Let's hope that all parties see the wisdom of this particular effort, and that it doesn't get derailed or rejiggered.Thanks,--Ed--
    13,835 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: