stock.adobe.com

NIST Shares Workforce Development, Cybersecurity Partnership Insights

A NIST report sheds light into a recent pilot program for regional alliances and stakeholder partnerships, which outlines a roadmap for building similar cybersecurity partnerships and workforce.

NIST released a report outlining the results from a five-year pilot program for regional alliances and stakeholder partnerships, which also provides organizations with a roadmap for building their own cybersecurity partnerships and workforce.

The National Initiative for Cybersecurity Education (NICE), led by NIST, first awarded funding for the Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development program in September 2016.

Across the US, the cybersecurity workforce shortages have been well-documented. Reports have shown that the impact of those shortages are heavily seen in the healthcare sector. In 2017, the Department of Health and Human Services cybersecurity task force found three out of four hospitals were operating without a designated security person.

NICE sought to address the issue with its pilot program and its efforts to energize and promote a network of cybersecurity education, training, and workforce development. Those efforts include supporting career development and workforce planning though state and regional collaborations to identify ways to address those workforce needs.

A summary of the project determined there were four primary components for successful alliances to build a cybersecurity workforce. To start, organizations must first establish well-defined program goals and metrics, along developing and implementing strategies and tactics by first determining “what mechanisms will be used to coordinate the alliance and what the primary activities of the alliance will be.”

Organizations must then measure the impact and result of those strategies and create a plan for sustaining the tactic. The report can help provide organizations with a roadmap for building this type of program, by shedding light on each of these activities with specific examples and activities that were found to be successful during the pilot program.

According to the report, fostering regional alliances helps meet workforce needs of local businesses and nonprofits that are better aligned with the NICE Cybersecurity Workforce Framework, bolsters “the pipeline of students pursuing cybersecurity careers,” and improves the cybersecurity skills of the workforce, overall, while stimulating job growth.

“This publication was created for those seeking guidance on how to organize and facilitate regional efforts to enhance cybersecurity education and workforce development,” researchers explained. “While this document explores some elements for consideration when forming alliances, it is not intended to be a how-to guide that gives specific instructions.”

“NIST believes that this is best left to the local or regional experts who are familiar with the needs of their specific community,” they added.

However, the report can help organizations explore ways to tackle cybersecurity workforce challenges and bolster relationships with similar organizations to tackle those needs.

Specifically, the report shows four key challenges and ways those in the pilot program tackled those issues. Those challenges vary by region and will depend on the maturity of existing efforts.

First, employers are unsure about their cybersecurity workforce needs. There is also a disconnect between workforce supply and demand around talent, while resources for education and workforce development programs are typically not coordinated and talent retention in smaller communities is difficult.

“Most employers commonly do not understand their own cybersecurity workforce needs, neither the number of professionals needed nor the cybersecurity skillsets they should hold,” researchers explained. “Companies continue to struggle with recognizing a return on their security investments, especially since gains are often seen as the absence of attacks and senior managers typically operate from a reactive stance, often failing to understand their own proactive, ongoing security needs.”

The report shows unique ways organizations can foster those relationships with similar facilities.

In healthcare, the collaborative cybersecurity approach is crucial to building up workforce and security efforts. Stakeholders have repeatedly stressed that given many healthcare providers are strapped with limited resources, meaningful collaboration between private and public sectors and providers can help the sector improve its cyber posture.

The Healthcare and Public Health Sector Coordinating Council also has guidance specific to healthcare organizations around recruiting and retaining cybersecurity workforce. Think tank New America also recently shared an in-depth analysis with real-world examples, focused around key program elements.

Dig Deeper on Cybersecurity strategies