Cybersecurity Academy
A strategic Palo Alto Networks initiative
NIST/NICE Program Mapping
Tom Trevethan, March 2021
Executive Order on America’s Cybersecurity Workforce
o
The United States Government must support the development of
cybersecurity skills and encourage ever-greater excellence so that
America can maintain its competitive edge in cybersecurity.
o
The Secretary of Commerce, the Secretary of Labor, the Secretary of
Education, the Secretary of Homeland Security, and the heads of other
appropriate agencies shall encourage the voluntary integration of the
NICE Framework into existing education, training, and workforce
development efforts undertaken by State, territorial, local, tribal,
academic, non-profit, and private-sector entities, consistent with
applicable law.
https://trumpwhitehouse.archives.gov/presidential-actions/executive-orderamericas-cybersecurity-workforce/
Current NICE Leadership
Rodney Peterson
Director
Marian Merritt
Deputy Director and Lead
for Industry Engagement
Davina Puritt-Mentle
Lead for Academic
Engagement
NICE led by NIST of the U.S. Department of Commerce
Acronyms
●
NIST: National Institute of Standards and Technology
●
NICE: National Initiative for Cybersecurity Education
o The National Initiative for Cybersecurity Education (NICE) is a
partnership between government, academia, and the private sector
working to energize and promote a robust network and an
ecosystem of cybersecurity education, training, and workforce
development.
o NICE fulfills this mission by coordinating with government,
academic, and industry partners to build on existing successful
programs, facilitate change and innovation, and bring leadership
and vision to increase the number of skilled cybersecurity
professionals helping to keep our nation secure.
NICE Framework Timeline
o
January 2008 - Federal Chief Information Officers (CIO) Council took on the task in 2008 to provide a
standard framework to understand the cybersecurity roles within the federal government. Thirteen
specific roles were identified as needed by agencies to conduct cybersecurity work.
o
April 2013 - National Cybersecurity Workforce Framework version 1.0.
o
April 2014 - The Department of Homeland Security (DHS) gathered input and validated final
recommendations via focus groups with subject matter experts from around the country and across
industry, academia, and government resulting in a second version of the NICE Framework, version 2.0.
o
2015/2016 - The Office of the Secretary of Defense (OSD) expanded on version 2.0 through internal
engagements with service components and external engagements with the private sector. The DHS and
NIST co-authors worked with OSD to refine their expansion with a goal to emphasize private sector
applicability and to reinforce the vision that the NICE Framework is a reference resource for both the
public and private sectors.
o
August 2017 – National Cybersecurity Workforce Framework special publication NIST.SP.800-181.
o
November 2020 – Special Publication NIST.SP.800-181 Revision 1.
NICE Framework for Cybersecurity Work Roles
The NICE Framework, NIST Special Publication 800-181, is a national
focused resource that categorizes and describes cybersecurity work.
o Establishes a taxonomy and common lexicon that describes
cybersecurity work and workers.
o Applied in the public, private, and academic sectors.
o Comprised of the following:
•
•
•
7 Categories – High-level common cybersecurity functions.
33 Specialty Areas – Distinct areas of cybersecurity work.
52 Work Roles – Detailed grouping of cybersecurity work
comprised of specific Knowledge and Skills required to perform
Tasks within a specific work role.
Tasks, Knowledge & Skills (KSTs)
Task
An activity that is directed toward the achievement
of organizational objectives.
Knowledge
A retrievable set of concepts within memory.
Skill
The capacity to perform an observable action.
NIST/NICE Work Roles
Work Roles
Work Roles are a way of describing a grouping of
work for which someone is responsible or
accountable.
Tasks
Work Roles are composed of Tasks that constitute work
to be done; Tasks include associated Knowledge and
Skill statements that represent learners’ potential to
perform those Tasks.
Work Role Competency Assessment
Competency
A mechanism for organizations to assess learners.
Competencies are:
• Defined via an employer-driven approach
• Learner-focused
• Observable and measurable
Educators and Trainers
o Facilitates collaboration among public and private entities thereby
enabling academic institutions to determine common knowledge
and skills that are needed.
o Allows educators to prepare learners with the specific KSTs from
which they can demonstrate the ability to perform cybersecurity
tasks.
o Aids in the development and delivery of curricula that are
harmonized with the NICE Framework lexicon to prepare students
with the competencies needed by employers.
o Guidance counselors can use the NICE Framework as a resource
for career exploration.
Technology Providers
o
The NICE Framework allows a technology provider to
identify the cybersecurity work roles and the KSTs
associated with hardware and software products and
services they provide.
o
When training and industry certification providers
use the Framework, those in or who wish to enter the
cybersecurity field, can find training and/or
certification providers that teach the tasks
necessary to secure cybersecurity jobs or new
positions.
o
Technology providers can create appropriate support
materials to assist members of the cybersecurity
workforce in the proper configuration and
management of their products.
Cybersecurity Academy Academic Curriculum Roadmap
STEAM
Enterprise Security
(Strata)
Cloud Security
(Prisma)
Security Operations
(Cortex)
CYBER.ORG
PCNSA – Certified Network
Security Administrator
(Future Certification)
(Future Certification)
Academic Division of
the Cyber Innovation
Center
Enterprise Security Management
Cloud Security Management
Security Operations Management
Enterprise Security Deployment
Cloud Security Deployment
STEAM
Fundamentals
____________
Cyber Literacy
I/II
Cyber-Science
Cyber-Society
PCCET – Certified Cybersecurity Entry-Level Technician
Network Security Fundamentals
Cloud Security Fundamentals
Cybersecurity Foundation
12 | ©2015, Palo Alto Networks. Confidential and Proprietary.
Security Operations Deployment
Security Operations Fundamentals
NIST.SP.800-181 KST to Palo Alto Networks Technology Mapping (Examples)
o
Strata (S0076 – Skill in configuring & utilizing network-based firewall devices)
o
App-ID (T0015 - Apply security policies against Business-to-Business applications)
o
Content-ID (K0324 – Knowledge of Intrusion Detection/Prevention Systems)
o
User-ID (T0996 – Continuous monitoring and reporting of enterprise groups/users)
o
Wildfire (S0079 – Skill in analyzing and protecting networks against malware)
o
Prisma ( K0100 – Knowledge of Enterprise Information Technology and Cloud Architecture)
o
Prisma (K0071 – Knowledge of Remote Access and Endpoint Security Concepts)
o
Cortex (T0800 – Provide timely notice of imminent or hostile intentions or activities which may
impact organization objectives, resources, or capabilities)
o
Cortex (S0309 – Skill to anticipate key target or threat activities which are likely to prompt a
leadership decision)
NICE Work Role and Job Roles – Foundational (High School)
Course/Certification
NIST/NICE Work Role(s) Alignment
Potential Job Roles
PCCET Certification
See Below
See Below
Security Operations
Fundamentals (Cortex)
• Threat/Warning Analyst (AN-TWA-001)
• All-Source Analyst (AN-ASA-001)
• Cyber Threat Analyst
• Data Analyst
Cloud Security
Fundamentals (Prisma)
• Technical Support Specialist (OM-STS-001)
• Network Services (OM-NET-001)
• Technical Support Associate
• Help Desk Associate
• Network Operations Specialist
Network Security
Fundamentals (Strata)
• Technical Support Specialist (OM-STS-001)
• Network Operations Specialist (OM-NET-001)
• Technical Support Associate
• Help Desk Associate
• Network Operations Specialist
• Technical Support Specialist (OM-STS-001)
• Technical Support Associate
• Help Desk Associate
Cybersecurity
Foundation
NICE Work Role and Job Roles – Intermediate (College)
Course/Certification
NIST/NICE Work Role(s) Alignment
Potential Job Roles
PCNSA Certification
See Below
See Below
Enterprise Security
Deployment (Strata)
Enterprise Security
Management (Strata)
• Systems Architecture (SP-ARC-001)
• Cybersecurity Defense Infrastructure Support
(PR-INF-001)
• Systems Administration (OM-ADM-001)
• Enterprise Architect
• Cyber Defense Infrastructure
Support Specialist
• Systems Administrator
•
•
•
•
•
•
•
•
•
•
Systems Architecture (SP-ARC-002)
Systems Analysis (OM-ANA-001)
Cybersecurity Defense Analysis (PR-CDA-001)
Cloud Security Management (OV-MGT-001)
Executive Cyber Leadership (OV-EXL-001)
Security Architect
Systems Security Analyst
Cyber Defense Analyst
Info Systems Security Manager
Executive Cyber Leader
NICE Work Role and Job Roles – Advanced (University)
Course/Certification
NIST/NICE Work Role(s) Alignment
Potential Job Roles
TBD Certification
See Below
See Below
Security Operations
Management (Cortex)
•
•
•
•
•
Cloud Security
Management (Prisma)
• Cloud Security Management (OV-MGT-001)
• Executive Cyber Leadership (OV-EXL-001)
• Info Systems Security Manager
• Executive Cyber Leader
Security Operations
Deployment (Cortex)
• Threat Analysis (AN-TWA-001)
• All-Source Analyst (AN-ASA-001)
• Cyber Operational Planning (CO-OPL-002)
• Threat Analyst
• Data Analyst
• Cyber Ops Planner
Cloud Security
Deployment (Prisma)
• Systems Administration (OM-ADM-001)
• Systems Administrator
All-Source Analyst (AN-ASA-001)
Cyber Operational Planning (CO-OPL-002)
Cyber Investigation (IN-INV-001)
Cloud Security Management (OV-MGT-001)
Executive Cyber Leadership (OV-EXL-001)
•
•
•
•
•
Data Analyst
Cyber Ops Planner
Cyber Crime Investigator
Info Systems Security Manager
Executive Cyber Leader
Thank you.