ENTERPRISE SECURITY COMPETENCY MODEL - DEVELOPMENT AND VALIDATION PROCESS TIMELINE The Enterprise Security Industry Competency Model, 1 written by Apollo Education Group | University of Phoenix in partnership with the ASIS Foundation, and with support from the ASIS International CSO Roundtable Leadership Development Committee, was developed under the auspices of the U.S. Department of Labor (DOL) Competency Model Clearinghouse. The model is designed to represent the competencies needed by individuals whose activities impact the security of their organization’s operations. The ASIS Foundation, ASIS International and University of Phoenix | Apollo Education Group have partnered with the US Department of Labor to help design a validation process and steps necessary to publish the Enterprise Security Competency Model in September 2015. Following the publication of the model, the ASIS International and the U.S. Department of Labor in partnership with Apollo Education Group will ensure that the model will be annually reviewed to adjust to the changing dynamics of the global security industry. Apollo Education Group | University of Phoenix, ASIS Foundation and the ASIS International CSO Roundtable are partnering to disseminate the model, creating resources and tools to enable security professionals, private organizations, government entities and training and educational institutions to understand and apply the model to their respective workforce development priorities. This document serves as an outline of the Enterprise Security Competency Model development and validation process timeline overseen by the Models’ Executive Steering Committee. - Jeff Greipp, J.D. Apollo Education Group ENTERPRISE SECURITY COMPETENCY MODEL EXECUTIVE STEERING COMMITTEE (ESC) 1 Barbara Buzzell ASIS Foundation Director ASIS Foundation Jim Evans Chief Financial Officer V.P. Membership & Administration ASIS International/ASIS Foundation Pamela Frugoli O*NET/Competency Assessment Team Lead Employment and Training Administration U.S. Department of Labor Jeff Greipp, J.D. – Group Vice President Apollo Education Group Competency Model Author Apollo Education Group | UOPX Dan McGarvey Dir. Security Programs, GSX LDC, CSO Roundtable – ASIS Peter Piazza V.P. Strategic Operations ASIS International A competency model is a collection of competencies that together define successful performance in a particular work setting. Competency models are the foundation for important human resource functions such as recruitment and hiring, training and development, and performance management. For more information see the U.S. Department of Labor Competency Model Clearing House Resources and Tool Kits: http://www.careeronestop.org/COMPETENCYMODEL/userguide_competency.aspx ENTERPRISE SECURITY COMPETENCY MODEL DEVELOPMENT AND VALIDATION PROCESS TIMELINE June 2012 Partnership Evaluation: Apollo Education Group | University of Phoenix and the ASIS Foundation begin evaluating the formation of an academic partnership. A growing security industry skills gap and opportunities to improve the alignment of educational programs become a focus of the partnership planning sessions. | October 2012 Partnership Launch: ASIS Foundation & University of Phoenix form an academic partnership and begin designing research activities to measure the security industry skills gap and develop actionable recommendations to better serve security practitioners and their diverse career pathways. | January 2013 Research is Launched: University of Phoenix and the ASIS Foundation launch research activities and environmental scans are conducted to determine the most effective methodology to measure the industry skills gap. | March 2013 National Roundtable: Research is competed and consensus is reached that convening national roundtable of industry leaders should be launched to identify the top risks, challenges and skills gaps the industry is facing over the next five years and identify the key competencies security practitioners will require to manage the emerging risks and challenges effectively. Security subject matter experts, industry leaders, multiple industry associations, educators and the U.S. Department of Homeland Security assist University of Phoenix and the ASIS Foundation in the roundtable design and research. 2 | June 2013 National Roundtable: The ASIS Foundation and University of Phoenix convened a national roundtable of senior leaders from the security industry, higher education, and representatives of security industry associations to identify the top security risks and challenges that the industry will face in the next five years, and the key competencies that security practitioners will require to manage the risks and challenges effectively. | September 2013 Publication Dissemination: The roundtable findings were published in Enterprise Security Risks and Workforce Competencies, a report released by University of Phoenix and the ASIS Foundation.2 The roundtable publication and findings are disseminated at the ASIS International Seminar in Chicago, Illinois. The findings are first disseminated during a panel session with the CSO Roundtable with Apollo Education Group (AEG) | University of Phoenix, Senior Jeff Greipp and AEG CIO Mike Sajor, Apple Inc., Co-Founder Steve Wozniak and Allied Barton CEO Bill Whitmore. University of Phoenix and ASIS Foundation host multiple webinars, lectures and panel sessions to disseminate the findings and discuss action steps with stakeholders. The research findings are later published in the security industry journal Dynamics, media outlets and interviews are later conducted with Security Management magazine. The research begins to surface in industry textbooks and industry white papers. | October 2013 National Survey: Continuing their collaborative investigation, University of Phoenix and the ASIS Foundation and University of Phoenix conducted a national survey of security industry professionals in fall 2013 to validate the roundtable findings with quantitative data to help verify and prioritize the identified security risks, challenges, and professional 2 University of Phoenix / ASIS Foundation “Enterprise Security Risks and Workforce Competencies – Findings From An Industry Roundtable on Security Talent Development” September 2013, http://cdn.assets-phoenix.net/content/dam/altcloud/doc/industry/UOPXASISFoundationSecurityRisksandCompetenciesReport.pdf 3 competencies. The results of this industry survey were published on August 14, 2014 in the report entitled “Security Industry Survey of Risks and Professional Competencies.”3 | November 2013 Competency Model Needs Assessment: ASIS Foundation and University of Phoenix host multiple sessions evaluating the value of creating an industry endorsed competency model for Enterprise Security Practitioners with roundtable participants, industry leaders and educators. | November 2013 Competency Model Research Launch - University of Phoenix begins conducting additional enterprise security competency research, formatting findings into a new Enterprise Security Competency Model, using a framework provided by the Department’s Employment and Training Administration. The resulting model depicts industry consensus on the core competencies required for enterprise security workers and will serve as a resource for industry-aligned businesses, educational institutions, and aspiring professionals. University of Phoenix assisted the Department in validating a new CyberSecurity Industry Competency Model scheduled for publication in the summer of 2014. | February 2014 Draft Completed: University of Phoenix completes the design of the new Enterprise Security Competency Model and supporting brief. | March 2014 3 University of Phoenix / ASIS Foundation Report, August 14, 2014 “Security Industry Survey of Risks and Professional Competencies.” http://cdn.assets-phoenix.net/content/dam/altcloud/doc/industry/ASIS-Security-report-WEB.pdf 4 Executive Steering Committee (ESC) Forms: University of Phoenix, the ASIS Foundation and the CSO Roundtable Leadership Development Committee form an Executive Steering Committee (ESC) to oversee the validation of the competency model. The committee selects a validation completion date is set for April of 2015. The 2015 Annual ASIS International Seminar in Anaheim, CA is selected as a publication and dissemination venue. | April 2014 CSO Leadership Development Committee (LDC): ESC Members Dan McGarvey and Jeff Greipp begin chairing a series of meetings with the CSO Roundtable Leadership Development Committee to launch the first validation of the model and design an international validation strategy. | May 2014 CSO LDC Validation Committee Launch: ESC member Jeff Greipp will chair the launch of a committee to initiate the validation within the CSO Roundtable and design a validation strategy. The committee will receive an orientation to the model’s purpose, design and a framework to complete tasks by June 30th. | June 2014 LDC Validation Committee Findings: ESC members Jeff Greipp and Dan McGarvey members will summarize the LDC Validation Committee work and present a global validation process to the full CSO Roundtable LDC member meeting. | July 2014 LDC Validation: Members of the full CSO Roundtable Leadership Development Committee will be invited to take part in and complete validation exercises. | 5 September 2014 International, Chief Security Officer (CSO) and Young Professional Stakeholders Focus Groups: Validation sessions will be held in Atlanta Georgia during the ASIS International Seminar. These sessions will include International stakeholders, invited CSOs and Young Professionals. Representatives will receive an orientation to the project and instructions on how to validate the model against senior and entry level works as well as regional and international industry workforce trends. 7 validation sessions were completed with 125 companies, security subject matter experts and international stakeholders. The work will require additional sessions with each international region aligned to ASIS International Chapters and will launch the validation work required before the international conference sessions are held later in the year. | October 2014 ASIS International Councils: The Competency Model Executive Steering Committee will provide orientation sessions for the leaders of each ASIS International council and provide resources and instructions in validating the model with each of their workgroups. | November 2014 International Validation: India: ESC members Jeff Greipp & Peter Piazza will presented the model during a plenary presentation at the CSO Summit in New Delhi, India along with Bridge School of Management – Apollo Education Group. Bridge School of Management | AEG and the CSO Chapter of India will then work to contextualize the model to the workforce in India and report back to the ESC their findings. | December 2014 6 International Focus Group: Competency Model Executive Steering Committee will finalize review with the US DOL and ASIS International Councils. | January 2015 Board Presentations: The Executive Steering Committee will present the Enterprise Security Competency Model and validation summaries to the ASIS Foundation and ASIS International Board of Directors and incorporate the board’s guidance in 2015 validation exercises, publication and dissemination activities in collaboration with ASIS International and the CSO Roundtable. | February 2015 Final Industry Validation: The Executive Steering Committee will provide orientation sessions and disseminate the competency model for broader industry validation to those including: key leaders in ASIS Counsels, additional industry association partners in security and other industries the security sector is serving (Retail, Energy, Manufacturing etc.) Second International Focus Group: 6th Annual Middle East Security Conference & Exhibition will take place and a focus group of regional security professionals may be conducted to validate the application of the model. | March 2014 Final International Focus Group: The European Security Conference & Exhibition will take place and a focus group of regional security professionals may be conducted to validate the application of the model. Education Stakeholders: The Executive Steering Committee will convene a group of education stakeholders to review the model and comment on its uses and applications to curriculum development. Stakeholders will be lead by Apollo Education Group | University of Phoenix and the American Association of Community Colleges (AACC) and will engage a number of community college, private and public academic institutions in collaborative review and comment. | April 2015 7 Closing Focus Group: The 25th Annual New York City Security Conference & Expo will take place and a focus group of regional security professionals may be conducted to validate the application of the model. | April 2015 Validation Conclusion: The Executive Steering Committee will finalize feedback and make adjustments to the competency model that represent industry consensus for publication with the US Department of Labor. | May 2015 Institutional Ownership: The Executive Steering Committee will work with the ASIS Foundation to develop a methodology ensure model will adjust to future industry risks, challenges and dynamics. The ASIS Foundation Research Council is being evaluated to assume responsibilities for annually reviewing the model against research activities, communicating with ASIS council leaders and the CSO Roundtable. | September 2015 Model Publication: The ASIS Foundation and Apollo Education Group | University of Phoenix have partnered with the US Department of Labor to help design a validation process and steps necessary to disseminate the Enterprise Security Competency Model in September 2015 at the ASIS International Seminar and Exhibition in Anaheim California. Apollo Education Group | University of Phoenix, ASIS Foundation and the ASIS International CSO Roundtable are partnering with US DOL to disseminate the model, creating resources and tools to enable security professionals, private organizations, government entities and training and educational institutions to understand and apply the model to their respective workforce development priorities. 8