In recent years, the cybersecurity threat has continued to grow in significance, scale, scope, and sophistication. Protecting the critical information networks that underpin our financial markets, power grids, intelligence and defense systems, and which hold the intellectual property and private information of millions of businesses and individuals, has become a high priority.
There is an unprecedented demand for highly-skilled practitioners capable of building security into new and existing networks, assessing security on a real time basis as new vulnerabilities are identified and disclosed, and acting as front-line cyber defenders across various industries and government agencies. Meanwhile, the number of entrants into the IT workforce has not kept up with this demand , leaving a significant gap in capacity to adequately protect these networks from attack. At the same time, the lack of clarity and consistency in job profiles, competency models, skills assessment and workforce management contribute to a sub-optimal deployment of these scarce resources.
The cybersecurity profession - and those that train, develop, hire and manage these professionals - needs the following:
- Clear, commonly-understood job descriptions and competency models
- Ability to assess individual capability and predict performance
- Consistent training and education standards to develop the right skills
- An understanding of where to find the best talent
- Ability to properly place and provide career pathways for professionals within an enterprise
- Ability to support broad security efforts by everyone, so that advanced skills can be applied where they are most needed
The National Board of Information Security Examiners (NBISE), was formed to leverage the latest advances in assessment and learning science towards the solution of one of world's most critical workforce shortages: cybersecurity professionals. Through its Job Performance Model approach, NBISE coordinated the work of teams of practitioners, researchers, and educators to develop and validate or enhance existing performance-based learning and assessment vehicles to materially accelerate the acquisition of hands-on skill and tacit knowledge by students and practitioners in collegiate and continuing education programs. This work continued with the Council on Cybersecurity and continues with CIS following the integration of the Council with CIS. CIS seeks to develop assessment instruments to reliably predict future performance and aptitude for cybersecurity jobs, supporting both the growth of the workforce and its ability to deliver positive results