Embed Size (px)
Citation preview
ISSA DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLOBALLY
Improving Cybersecurity Workforce Capacity and Capability: Addressing the Education-to-Workforce Disparity
Improving Cybersecurity
Workforce Capacity and Capability
Addressing the Education-to-Workforce Disparity
14 – ISSA Journal | October 2015
AbstractAcross public and private sectors, there is a growing demand for qualified cybersecurity professionals. Finding those in-dividuals with the necessary knowledge, skills, and abilities (KSAs) to fill vacant positions has proven to be difficult. This article examines the chasm between demand and supply in the cybersecurity labor market. It looks at the professional competencies established by the federal government to help align industry cyber needs with education and training ini-tiatives. It also offers suggestions to enhance the partnerships between academia, industry, and professional associations that will improve the KSAs of undergraduates who will soon enter the cybersecurity workforce.
S ince 2007, the demand for cybersecurity professionals has risen dramatically. The cause is likely due to multi-ple factors (e.g., greater connectivity, more vulnerabil-
ities, increased intruder awareness of the value of attacking networks, and heightened public awareness of successful at-tacks) [14]. According to Burning Glass Technologies, cyber-security job postings grew 74 percent from 2007-2013, more
than twice the rate of all other information technology (IT) jobs [3]. They also took 36 percent longer to fill than all job postings [3]. Last year, Cisco estimated an industry shortage of more than one million security professionals worldwide [4]. A recent Ponemon Institute survey of 504 human re-sources and IT security specialists in the United States found that the IT security function in most organizations was un-derstaffed, with 70 percent of the respondents reporting that they had neither the depth nor breadth of qualified securi-ty professionals [21]. In January 2015, ISACA conducted a global survey of 3,439 business and IT professionals in 129 countries [12]. Ninety percent of the respondents said there was a national shortage of skilled cybersecurity profession-als. Another survey conducted earlier this year [13] seemed to corroborate this. More than half of the 926 respondents reported that it took their organizations anywhere from three to six months to fill an open position, and that fewer than 25 percent of the applicants were qualified to fill the positions for which they applied.The demand for cybersecurity professionals is projected to intensify over the next several years, largely due to the in-creasing sophistication and persistence of cyber threats, and
This article examines the chasm between demand and supply in the cybersecurity labor market. It looks at the professional competencies established by the federal government to help align industry cyber needs with education and training initiatives and offers suggestions to enhance the partnerships between academia, industry, and professional associations.
By Marie A. Wright – ISSA member, Connecticut Chapter
©2015 ISSA • www.issa.org • [email protected] • All rights reserved.
While billions of dollars are being spent on new technol-ogies to secure the US Government in cyberspace, it is the people with the right knowledge, skills, and abilities to implement those technologies who will determine suc-cess. However, there are not enough cybersecurity experts within the Federal Government or private sector to im-plement the CNCI, nor is there an adequately established Federal cybersecurity career field. Existing cybersecuri-ty training and personnel development programs, while good, are limited in focus and lack unity of effort. In order to effectively ensure our continued technical advantage and future cybersecurity, we must develop a technologi-cally-skilled and cyber-savvy workforce and an effective pipeline of future employees. It will take a national strate-gy, similar to the effort to upgrade science and mathemat-ics education in the 1950s, to meet this challenge [6].
In 2010, in response to CNCI Initiative #8, the National Ini-tiative for Cybersecurity Education (NICE) was established. Led by the National Institute of Standards and Technology (NIST), NICE consists of more than twenty federal depart-ments and agencies. To achieve its mission of enhancing the overall cybersecurity posture of the United States, NICE has three goals: To increase national cybersecurity awareness, to expand the pool of individuals prepared to enter the cyber-security workforce, and to develop a globally competitive cy-bersecurity workforce [17].
NICE National Cybersecurity Workforce FrameworkThe foundation of the NICE effort to standardize the cyberse-curity field is the National Cybersecurity Workforce Frame-work [8]. Version 1.0, released in August 2012, organized cy-bersecurity into seven high-level categories, each comprised of several specialty areas. Related job titles, tasks, and KSAs needed to successfully complete those tasks were further de-
the growing pervasiveness of mobile devices and cloud ser-vices in the business environment [9]. According to the most recent (ISC)2 Global Information Security Workforce Study [9], the estimated compound annual growth rate in global demand for security professionals from 2014-2019 is 10.8 per-cent, while the estimated compound annual growth rate in global supply during that same five year period is only 5.6 percent. The numbers suggest that by 2019, there will be a workforce shortage of more than 1.5 million cybersecurity professionals.The Bureau of Labor Statistics projects a 37 percent growth in employment for Information Security Analysts through 2022, compared to an 11 percent average growth rate for all occupations [2]; however, the title of “Information Security Analyst” certainly does not describe all cybersecurity jobs. Perhaps a better sense of the demand for cybersecurity work-ers should be based on the number of organizations that ought to be undertaking some measures to protect their sys-tems, networks, and data from unauthorized access, use, or harm [5]. In the United States there are approximately 456 agencies in the federal government [18], more than 90,000 state and local governments [26], almost 13,000 independent school districts [26], approximately 7,200 public and private colleges and universities [28], and more than six million firms [25]. All should have someone responsible for cybersecurity within their respective organizations.
Education and training initiativesThe first official recognition of the need for cybersecurity pro-fessionals was the 2008 Comprehensive National Cybersecu-rity Initiative (CNCI) [6]. The CNCI consisted of a dozen ini-tiatives with the overall goal of helping to secure the United States in cyberspace. Initiative #8 specifically addressed the expansion of cyber education:
October 2015 | ISSA Journal – 15
Improving Cybersecurity Workforce Capacity and Capability | Marie A. Wright
©2015 ISSA • www.issa.org • [email protected] • All rights reserved.
framework is shown in Table 1. Source: “DRAFT National Cybersecurity Work-force Framework Version 2.0,” National Initiative for Cybersecurity Careers and Studies.1
ETA Cybersecurity Competency ModelIn 2013, the Employment and Training Administration (ETA) of the US Depart-ment of Labor began working with the more than twenty federal departments and agencies that contributed to the
1 http://niccs.us-cert.gov/research/draft-national-cybersecurity-workforce-framework-version-20.
scribed within each specialty area [11]. By establishing a common taxonomy and lexicon for cybersecurity workers, and developing a baseline of tasks and KSAs associated with cybersecurity pro-fessionals [17], the framework defines cybersecurity work irrespective of orga-nizational structure or job title, and is flexible enough to allow organizations to adapt its content to their own workforce planning needs [16]. In 2013, work began on updating the framework to reflect the latest changes in IT and the cybersecu-rity field. The most recent version of the
Categories Specialty Areas
Securely ProvisionConcerned with conceptualizing, designing, and building secure IT systems with responsibility for some aspect of the systems’ development
Secure AcquisitionSecure Software EngineeringSystems Security ArchitectureTechnology Research and DevelopmentSystems Requirements PlanningTest and EvaluationSystems Development
Operate and MaintainResponsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security
Data AdministrationCustomer Service and Technical SupportNetwork ServicesSystem AdministrationSystems Security Analysis
Protect and DefendResponsible for the identification, analysis, and miti-gation of threats to internal IT systems or networks
Enterprise Network Defense AnalysisIncident ResponseEnterprise Network Defense Infrastructure SupportVulnerability Assessment and Management
InvestigateResponsible for the investigation of cyber events or crimes related to IT systems, networks, and digital evidence
Digital ForensicsCyber Investigation
Oversee and GovernProviding leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work
Legal Advice and AdvocacyStrategic Planning and Policy DevelopmentTraining, Education, and AwarenessInformation Systems Security OperationsSecurity Program ManagementRisk ManagementKnowledge Management
Collect and OperateResponsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence
Collection OperationsCyber OperationsCyber Operations Planning
AnalyzeResponsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence
All Source IntelligenceExploitation AnalysisTargetsThreat Analysis
Table 1 – National Cybersecurity Workforce Framework
NICE framework to develop a Cyberse-curity Competency Model [7]. The goal was to promote a better understanding of the competencies and skill sets that were essential to educate and train a globally competitive cyber workforce [10]. The resulting model incorporates the competencies identified in the NICE framework and expands on it by includ-ing the competencies needed by average workers who use technology, as well as those needed by cybersecurity profes-sionals [7]. The Cybersecurity Compe-tency Model was launched in May 2014, and is shown in figure 1 [1].The pyramid structure conveys an in-creasing level of content specialization, from entry-level worker to senior-level cybersecurity professional. The blocks within each tier represent competency areas (i.e., the KSAs necessary for suc-cessful performance) [1]. At the bottom of the pyramid, Tiers 1 through 3 repre-sent the “soft skills,” the personal effec-tiveness, academic, and workplace foun-dation competencies essential for all in the cybersecurity workforce. Tiers 4 and 5 (shown in yellow) show the technical competencies that are cross-cutting to the cybersecurity industry or indus-try sector. The top tier (shown in blue) represents the specialization of knowl-edge and technical competencies within management and within specific cyber-security occupations [1].
Addressing the supply/demand disparityIn spite of the federal government’s ini-tiatives to increase the supply of cyber-security professionals, it will take time to expand the workforce in response to the heightened demand [14]. It may take years to educate and train a sufficiently qualified labor force; yet, there are things that can be done in the short term—by industry, academia, and professional as-sociations—that can positively impact the KSAs of undergraduates who will soon enter the workforce. Following are ten straightforward suggestions, offered from the author’s perspective as an ac-ademic who has spent more than two decades developing and updating under-graduate information security courses and programs.
16 – ISSA Journal | October 2015
Improving Cybersecurity Workforce Capacity and Capability | Marie A. Wright
©2015 ISSA • www.issa.org • [email protected] • All rights reserved.
1 – Industry security professionals and board members from regional chapters of professional security associa-tions should volunteer to be guest speakers in the IT and security classes offered at local colleges and universities. In spite of the fact that millennials (young adults, ages 18 to 26) have grown up in a digital environment, only one in four indicates an interest in a career as a cybersecurity profes-sional [23]. Most students are uncertain about cybersecurity job responsibilities, and they need information, advice, and encouragement from others outside of the academic sphere. There is no more effective way to share career experiences, to influence individual career choices, or to emphasize the need for a stronger cybersecurity workforce, than to speak directly to those still in school. 2 – Security professionals from industry and board mem-bers from regional chapters of professional security associ-ations should volunteer to serve as advisory board members for college or university departments that offer cybersecu-rity or information security courses. Active board partic-ipation is essential, and contributing to the advancement of cybersecurity education is equally important. Academic ad-ministrators listen to the feedback provided by external pro-fessionals, and they typically listen more carefully than they do to the information provided by their own faculty.3 – Businesses should establish more paid internships and co-ops in cybersecurity. These offer the best of both worlds to businesses and to students. Businesses have the opportu-nity to hire, without obligation, knowledgeable and energetic individuals from local colleges and universities who are eager
to contribute, and to do so at a (typically) lower pay scale on a short-term basis. Students have the opportunity to gain the practical, entry-level experience necessary for them to be-gin their cybersecurity careers, while earning much-need-ed money for their tuition expenses.4 – Businesses should make a more concerted effort to donate their unused equipment to local colleges and universities that are trying to develop their cyberse-curity programs. Academic institutions operate in the real world. They continually face budget cuts, and oftentimes funding that should go to improve the classroom learning environment instead becomes redirected toward administrative and operating expenses. Today, many publicly-funded universi-ties receive less than 50 percent of their revenue from the state. Businesses can help by donating equipment they no longer need to colleges or universities for educational purposes. By do-ing so, businesses not only help students who may be aspiring cybersecurity professionals, they may be able to claim a tax deduction for their equipment donations as well.5 – Business professionals and academ-ics need to strongly encourage students to join professional associations, at-
tend local chapter meetings, and network. Particularly for those on the cusp of starting their careers, “what you know” has to be supplemented with “who you know.” The benefits of professional association membership are well known to those already in the field, but students have not yet learned the ad-vantages of developing professional relationships, being men-tored, or having access to an array of resources and services that are offered only to members. Students need help in de-termining which of the many good security-related profes-sional associations they should join. For example, by joining the ISSA, students could take advantage of the Cybersecu-rity Career Lifecycle (CSCL) program. As pre-professionals, they could do a self-assessment of their KSAs, which would help them to better understand what an aspiring professional needs to know to enter the field, as well as the types of indus-try roles they might be best suited to fill [20]. 6 – All security-related professional associations should have low-cost student membership rates, and they should offer scholarships for student members who are studying cybersecurity. Some professional associations offer student memberships at reduced costs, but not all do. Even fewer offer student scholarships.2 Student membership in security-relat-ed professional associations might be better spurred if stu-dent financial needs were better understood. Since 2008, pub-lic colleges and universities nationwide have increased tuition by more than 27 percent to compensate for state funding cuts [19]. Most of the nation’s undergraduates hold jobs while go-
2 ISSA offers student memberships. The ISSA Education Foundation (issaef.org) awards annual scholarships and administers ISSA chapter scholarships, such as Denver and San Francisco chapters. In addition, several other ISSA chapters conduct their own scholarship programs.
Figure 1 – Cybersecurity Competency Model
October 2015 | ISSA Journal – 17
Improving Cybersecurity Workforce Capacity and Capability | Marie A. Wright
©2015 ISSA • www.issa.org • [email protected] • All rights reserved.
strong communications skills, and being able to understand the business, may be more important for success as a cyber-security professional.9 – Academics should incorporate realistic case studies and practical simulations into the cybersecurity curriculum. Classroom theory and hands-on practice have a reciprocal relationship, where one informs and reinforces the other. The case method, originally championed by the Harvard Business School, uses case studies to emulate realistic business chal-lenges. The information provided is typically complex and insufficiently detailed, so students are challenged while their judgment and leadership skills are strengthened. In the case of simulations, learning occurs through hands-on actions, and preferred outcomes tend to be based on experience. The simulation environment provides constant and immediate feedback, so students can adjust their actions based on the information they receive. Both case studies and simulations are operational scenarios in which specific skills are learned and performance is evaluated within a realistic context. Mis-takes will be made, and they often provide the best learning experiences.10 – Industry professionals should work more closely with academia to sponsor mock cybersecurity competitions. Unlike large-scale competitions, such as the annual National Collegiate Cyber Defense Competition sponsored by the De-partment of Homeland Security Science and Technology Di-rectorate’s Cyber Security Division, these mock competitions should be much smaller and should occur more frequently (e.g., monthly). They should have a practical, hands-on focus, but they should not require the high level of technical profi-ciency demanded by national cyber competitions in order to encourage as much student participation as possible, includ-ing those who are not majoring in Computer Science or IT. After all, students majoring in non-technical disciplines may have the right set of skills to become cybersecurity profes-sionals [14].
ConclusionSince 2007, the sharp increase in demand for cybersecurity professionals has been met with a relatively small increase in the number of individuals qualified to fill those jobs. In spite of the federal government’s initiatives to increase the supply of cybersecurity professionals, the labor market is tight and is projected to remain so for the next decade. It will take years to educate and train a sufficiently qualified workforce. In the meantime, there are actions that can be undertaken in part-nership by industry, academia, and professional associations that can help to improve the capacity and capability of the cybersecurity workforce.
References[1] Bertsche, Alyce Louise. “The DOL Competency Model Clear-
inghouse.” Webinar presentation for the North East Regional Employment and Training Association, May 1, 2014 – http://docslide.net/government-nonprofit/competency-model-clear-inghouse.html.
ing to school to pay for their educational expenses: 52 percent work part-time, and another 20 percent work full-time [27]. The bottom line is that their discretionary income is limited.7 – Academics should encourage students to pursue certi-fication. There are hundreds of cybersecurity-related certifi-cations, and navigating through the confusing array can be a daunting challenge. To make the process easier, the National Initiative for Cybersecurity Careers and Studies (NICCS) de-veloped a list of organizations that provide the professional certifications needed for entry or promotion in the cyberse-curity career field [22]. The list supports NICE’s goal of facil-itating the development of a globally competitive cybersecu-rity workforce. Certification standards can help academia to better align their cybersecurity curricula with current indus-try needs [24]; however, these standards have a training focus that should supplement, but not replace, education.8 – Academics should employ a multidisciplinary approach to cybersecurity education. Traditionally, security courses and programs have been housed in Computer Science or En-gineering departments, which necessarily emphasize high-ly-specialized, technical knowledge; however, cybersecurity is more than just a technical discipline. It is “a complex sub-ject, whose understanding requires knowledge and expertise from multiple disciplines, including but not limited to com-puter science and information technology, psychology, eco-nomics, organizational behavior, political science, engineer-ing, sociology, decision sciences, international relations, and law.” [15] Although technical knowledge is important, recent studies [9][13] have suggested that other attributes, such as having a broad understanding of the security field, having
Don’t Miss This Web Conference!Big Data–Trust and Reputation,
Privacy–Cyber Threat Intelligence
2-hour live event – 9:00 am PDT, 12:00 pm EDT, 5:00 pm London, Tuesday, October 27, 2015.
The Internet is forever. If something is posted on the net, there is no way to get it back—or even correct it. This webinar will talk about the poten-tial uses of big data “for good” and “for bad.”
Moderator: Hari Pendyala, ISSA Fellow and mem-ber, Chennai, Asia Pacific Chapter.
Click here for more information.
For more information on our webinar schedule:www.issa.org/?page=WebConferences.
UPCOMING
18 – ISSA Journal | October 2015
Improving Cybersecurity Workforce Capacity and Capability | Marie A. Wright
©2015 ISSA • www.issa.org • [email protected] • All rights reserved.
n 5-10X faster than the competition
n Application-aware for precise control
n Deep packet inspection (DPI) streamlines traffi c fl ow
n Security Zone level grouping
Today’s Warfi ghter requires the best tools to conduct combat in Cyberspace. Our fi eld-proven and award-winning network security products ensure your critical data is safe from the inside out.
With solutions confi gured to Military-grade specs, you can deploy the fastest and most advanced network security platform on the market.
FortiDDoSDenial of Service Protection
FortiGateHigh Performance Firewalls,
UTM and NGFW
FortiGate RuggedIndustrial Network Security
Call to Schedule Your Free Application and Risk Analysis of Your Network (571) 449-8375fortinet.com/solutions/federal.html
SECURINGYour World
www.fortinet.com
FortiGateFortiDDoS FortiGate Rugged
http://csrc.nist.gov/nice/documents/nicestratplan/nice-strate-gic-plan_sep2012.pdf.
[17] National Institute of Standards and Technology. “NICE Overview.” Presentation at the Asia-Pacific Economic Coop-eration, Women’s Business and Smart Technology Seminar, Beijing, China, May 23, 2014 – http://mddb.apec.org/Docu-ments/2014/PPWE/SEM2/14_ppwe_sem2_007.pdf.
[18] “Number of Agencies in the Federal Government” – http://www.numberof.net/number-of-agencies-in-the-federal-gov-ernment/.
[19] Oliff, Phil, Vincent Palacios, Ingrid Johnson, and Michael Leachman. “Recent Deep State Higher Education Cuts May Harm Students and the Economy for Years to Come.” March 19, 2013 – http://www.cbpp.org/research/recent-deep-state-higher-education-cuts-may-harm-students-and-the-econo-my-for-years-to-come?fa=view&id=3927.
[20] Parizo, Eric. “Non-traditional Employee Recruitment May Remedy Security Hiring Woes,” November 2014 – http://searchsecurity.techtarget.com/opinion/Non-traditional-em-ployee-recruitment-may-remedy-security-hiring-woes.
[21] Ponemon Institute LLC. “Understaffed and at Risk: Today’s IT Security Department,” 2014 – http://www.hp.com/hpinfo/newsroom/press_kits/2014/RSAConference2014/Ponemon_IT_Security_Jobs_Report.pdf.
[22] “Professional Certifications,” National Initiative for Cyber-security Careers and Studies – http://niccs.us-cert.gov/train-ing/professional-certifications.
[23] Raytheon Company. “Preparing Millennials to Lead in Cy-berspace,” October 2014 – http://www.raytheon.com/news/rt-nwcm/groups/gallery/documents/digitalasset/rtn_210603.pdf.
[24] University of Phoenix and (ISC)2 Foundation. “Cybersecu-rity Workforce Competencies: Preparing Tomorrow’s Risk-Ready Professionals,” 2014 – http://cdn-static.phoenix.edu/content/dam/altcloud/doc/industry/cybersecurity-report.pdf.
[25] US Census Bureau. “Appendix Table 1: Summary Statistics by NAICS Sector and Enterprise Employment Size: 2012.” Sta-tistics of U.S. Businesses: Employment and Payroll Summary: 2012 – http://www.census.gov/content/dam/Census/library/publications/2015/econ/g12-susb.pdf.
[26] US Census Bureau. “Government Organization Summary Report: 2012” –http://www2.census.gov/govs/cog/g12_org.pdf.
[27] US Census Bureau. “School Enrollment and Work Status: 2011” –http://www.census.gov/prod/2013pubs/acsbr11-14.pdf.
[28] US Department of Education, National Center for Educa-tion Statistics. “Table 105.50 Number of Educational Institu-tions, by Level and Control of Institution: Selected Years, 1980-81 through 2011-12” –https://nces.ed.gov/programs/digest/d13/tables/dt13_105.50.asp.
About the AuthorMarie A. Wright, PhD, is a Distinguished Professor of Management Information Sys-tems at Western Connecticut State Univer-sity. She has been actively involved in the field of information security for more than twenty-five years. She may be reached at [email protected].
[2] Bureau of Labor Statistics, US Department of Labor. “Infor-mation Security Analysts,” Occupational Outlook Handbook, 2014-15 – http://www.bls.gov/ooh/computer-and-informa-tion-technology/information-security-analysts.htm.
[3] Burning Glass Technologies. “Job Market Intelligence: Re-port on the Growth of Cybersecurity Jobs.” 2014 – http://burning-glass.com/wp-content/uploads/Burning-Glass-Re-port-on-Cybersecurity-Jobs.pdf.
[4] Cisco Systems, Inc. “Cisco 2014 Annual Security Report” –https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf.
[5] Committee on Professionalizing the Nation’s Cybersecurity Workforce: Criteria for Future Decision-Making, Computer Science and Telecommunications Board, Division on Engi-neering and Physical Sciences, and National Research Council. Professionalizing the Nation’s Cybersecurity Workforce?: Cri-teria for Decision-Making, Washington, DC: National Acad-emy of Sciences, 2013 – http://www.nap.edu/catalog/18446/professionalizing-the-nations-cybersecurity-workforce-crit-eria-for-decision-making.
[6] “Comprehensive National Cybersecurity Initiative” – https://www.whitehouse.gov/sites/default/files/cybersecurity.pdf.
[7] “Cybersecurity Competency Model,” CareerOneStop Com-petency Model Clearinghouse – http://www.careeronestop.org/competencymodel/competency-models/cybersecurity.aspx.
[8] “FAQs.” National Initiative for Cybersecurity Careers and Studies – http://niccs.us-cert.gov/footer/faqs.
[9] Frost and Sullivan, (ISC)2, and Booz Allen Hamilton. “The 2015 (ISC)2 Global Information Security Workforce Study” – https://www.isc2cares.org/uploadedFiles/wwwisc2care-sorg/Content/GISWS/FrostSullivan-(ISC)²-Global-Informa-tion-Security-Workforce-Study-2015.pdf.
[10] “Help and FAQs,” CareerOneStop Competency Model Clear-inghouse – http://www.careeronestop.org/competencymodel/faq.aspx.
[11] “Interactive National Cybersecurity Workforce Frame-work,” National Initiative for Cybersecurity Careers and Studies – http://niccs.us-cert.gov/training/tc/framework/.
[12] ISACA. “2015 Global Cybersecurity Status Report” – http://www.isaca.org/pages/cybersecurity-global-status-report.aspx.
[13] ISACA, and RSA Conference, “State of Cybersecurity: Im-plications for 2015” – http://www.isaca.org/cyber/Documents/State-of-Cybersecurity_Res_Eng_0415.pdf.
[14] Libicki, Martin C., David Senty, and Julia Pollak. H4cker5 Wanted: An Examination of the Cybersecurity Labor Market, Santa Monica, CA: RAND Corporation, 2014 – http://www.rand.org/content/dam/rand/pubs/research_reports/RR400/RR430/RAND_RR430.pdf.
[15] National Academy of Sciences, Computer Science and Tele-communications Board, Division on Engineering and Physical Sciences. “At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues,” May 2014 – http://sites.na-tionalacademies.org/cs/groups/depssite/documents/webpage/deps_087875.pdf.
[16] National Institute of Standards and Technology. “National Initiative for Cybersecurity Education Strategic Plan,” 2012 –
20 – ISSA Journal | October 2015
Improving Cybersecurity Workforce Capacity and Capability | Marie A. Wright
©2015 ISSA • www.issa.org • [email protected] • All rights reserved.
