[Student Name]

[Professor Name]

Course Name

March 4th, 2020

The National Institute for Cybersecurity Careers and Studies (NICCS) from the
Department of Homeland Security has developed a Cybersecurity Workforce Framework
(Newhouse et al., 2016) to provide the cyber workforce with a comprehensive collection of work
functions. Although this ontology was created to support the hiring criteria of the US
government and was not empirically supported, it reflects the well-documented rostering of the
cyber domain's job roles. This collection includes nine categories of work-roles, 31 specialization
areas and more than 1000 forms of expertise, skills, and abilities. Reading through them, I have
identified one area that is most aligned to my current educational interest, i.e., Analyze.

Analyze reviews and analyze incoming information on cybersecurity to assess its

intelligence utility. It is further divided into five specialty areas which are associated with
Analyze category: All-source Analysis, Exploitation Analysis, Language Analysis, Targets, and
Threat Analysis. A specialty area consists of the related essential knowledge, skills and abilities
(KSA). Task is another subcategory analyzed and mapped. Many tools list tasks separately from
KSAs but are included as KSATs. As with KSAs, an ID number is also allocated to the activities.
Because different jobs can involve similar tasks, it is popular to map a role to more than one job
title. The best of it is that The National Cybersecurity Careers and Studies Initiatives (NICCS)
have developed a downloadable to help hiring managers and human resources professionals
navigate through KSAT's long lists.

The Framework’s purpose is to define research on cybersecurity, irrespective of

organizational structures, job titles or other potentially idiosyncratic conventions. For example,
under this framework a person may perform tasks in more than one area of specialty, or all the
work of an individual can fall within a single area of speciality. Additionally, large organizations
may have many individuals committed to a single specialty region, whereas smaller agencies
may need individuals to cover many specialty areas. Within any particular organization, the way
such groupings are structured into ranks, job areas, or work functions depends on a number of
factors including organizational characteristics (e.g., geographical location), limitations (e.g.,
restricted personnel), and task. Therefore, due to the variety of jobs, professions, societies,
systems within any particular department or organization, there may not always be a “one-to-
one” crosswalk of workers or career fields into specific areas of specialization.

As my area of interest in The NICE Framework is Education so it provides educators

with a guide to develop curriculum, diploma or degree programs, training programs, courses,
workshops, and activities or challenges that address the KSAs and Tasks listed in the NICE
Framework. The Good Structure can be used as a tool for job exploration by human resources
recruiting professionals and guidance counselors. Academic institutions are a critical component
of cybersecurity workforce readiness and education. Collaboration between public and private
agencies, such as through the NICE programme, helps these organizations to recognize the
shared knowledge and skills that are required. In addition, designing and implementing curricula
that are consistent with the NICE Framework lexicon allows schools to prepare students with the
skills that employers require. Increasing the pool of students seeking ideal employment in
cybersecurity would draw more students to college cybersecurity programs as a gateway to a
career.

According to Cable & Parsons (2001), part of the problem for cyber professionals and the
businesses looking to hire them is that very few people outside the tech industry grasp the cyber
domain's scope. Nevertheless, the vast majority of businesses use the cyber domain for logistics,
connectivity, human resource management and a wide variety of other functions. As a result,
organizations looking to hire cyber professionals operate outside of their core competencies and
thus may not be able to develop a good sense of person-organization suitability. Additionally,
Baker (2016) is of the view that human resources may not understand the language needed to
appropriately advertise for the knowledge, skills, and attitudes they are looking for due to the
complexity of the cyber domain. Finally, in an era of ever tightening budgets, many companies
may want to hire a single professional as opposed to a team in order to keep costs contained or
may seek to contract out the work without fully understanding their own needs.
Since cyber work is hard to grasp, my questions from the professionals would be that how cyber
employees can build trust close to that of other careers and how can it provide opportunity for
corruption, from bad actors as well as from disgruntled employees or even well-meaning
employees. Therefore these questions raise recruiting challenge in today's job market, where
workers are employed for skillsets rather than values.

Therefore, a critical problem with developing a baseline of cyber skills, however, is the
over emphasis on technical skills such as computer sciences or electrical engineering (Gates et
al., 2014). While technical skills are an important aspect of knowledge within the cyber domain,
it is only one aspect. Cyber threat detection requires knowledge not only of technical
vulnerabilities but in understanding how everyday user behavior increases network
vulnerabilities (Arachchilage and Love, 2013). Convincing users to engage in best practices, as
opposed to actively working against network security officers is a skill set that relies more on
social skill and persuasion than technical skill (Shillair et al., 2015). Criminal investigations are
another area within the overarching cyber domain that is both technical and investigative and
relies more on social skill than raw cognitive ability.

References

Arachchilage, N. A., and Love, S. (2013). A game design framework for avoiding phishing

attacks. Comput. Hum. Behav. 29, 706–714. doi: 10.1016/j.chb.2012. 12.018

Baker, M. (2016). Striving for Effective Cyber Workforce Development. Pittsburgh, PA:

Software Engineering Institute.

Cable, D. M., and Parsons, C. K. (2001). Socialization tactics and personorganization fit. Pers.

Psychol. 54, 1–23. doi: 10.1111/j.1744-6570.2001. tb00083.

Shillair, R., Cotten, S. R., Tsai, H. Y., Alhabash, S., LaRose, R., and Rifon, N. (2015). Online

safety begins with you and me: convincing internet users to protect themselves. Comput.

Hum. Behav. 48, 199–207. doi: 10.1016/j.chb.2015.01.046