Saturday, July 22, 2017

NIST Cybersecurity Workforce RFI Comments – 07-22-17

This is the first in a series of blog posts looking at the comments that NIST has received on their request for information (RFI) on cyber workforce development. The comments are posted to the NIST National Initiative for Cybersecurity Education (NICE) web site. Comments posted this week came from:

 One commenter specifically responded to questions posed by NIST in their RFI. The others were long form explications of viewpoints about specific issues. One was a copy of an article published on addressing some different non-traditional cybersecurity-training activities that have been tried. Another suggested that we need to start looking at specialization training for cybersecurity personnel rather than generalist training. And the last one addressed the need for rapid changes in cybersecurity training programs to reflect changes in the environment.

The comments from Eric Baechle provided specific responses for the NIST questions. The views from Eric paint a very bleak picture of how cybersecurity specialists are utilized at one, unnamed agency (presumably government agency, but that is not exactly clear). Not unexpectedly they paint a picture of an agency management that does not understand the complexities of the cybersecurity problems being addressed by the specialized workforce nor the work actually being done by their cybersecurity team. While this is not directly a workforce development issue (other than apparently there is no effort in this organization being made to continue developing the skills of the team being employed) it does help to explain why there may be retention issues and employee burnout affecting cybersecurity operations.

No comments:

/* Use this with templates/template-twocol.html */