CISO , Governance

Refined Security Job Codes From NIST: Help With Recruiting

How the Latest Updates Could Help Those Looking for Specialists
Refined Security Job Codes From NIST: Help With Recruiting

The National Institute of Standards and Technology's recent updates to its precise definitions of various cybersecurity jobs are designed to help make recruiting more efficient - both inside the federal government and elsewhere.

See Also: IoT is Happening Now: Are You Prepared?

The refinements in the job definitions could assist with standardizing cybersecurity recruitment practices in a severely short-staffed industry, says Diana Burley, executive director and chair of the Institute for Information Infrastructure Protection at The George Washington University, who has been tracking the skills gap issue for several years.

"The work roles are extremely valuable for advancing recruitment strategies and operations," Burley says. "They provide a common language for employers, inside and outside of the federal government, and potential candidates to use to understand working requirements. They can also be used by academic institutions to align curricular content and programs to work role requirements." 

Valuable Reference

The National Initiative for Cybersecurity Education program within NIST first published a Cybersecurity Workforce Framework in 2013 that it describes as a "reference resource for describing and sharing information about cybersecurity work and the knowledge, skills, and abilities needed to complete tasks."

The latest update, the third in a series, creates codes assigned to 55 workforce roles, says Bill Newhouse, deputy director of NICE. The codes provide a standardized set of data that Newhouse hopes will help further connect the dots and fill in the gaps for organizations seeking to fill cybersecurity job vacancies.

The codes further enhance the use of a position description tool known as the PushbuttonPD designed by the Department of Homeland Security. The aim of the tool is to improve communication between hiring managers and human resource managers.

While the PushbuttonPD was created to support federal hiring practices, it could be modified to support the specific needs of private-sector organizations, Newhouse says.

The tool enables a hiring manager to reference the NICE Framework work role codes, which then trigger prompts that enable them to pick specific knowledge, skills and abilities statements, he explains.

The latest framework improvements make it more efficient for a hiring manager to list the requirements that are needed for a vacant position and deliver those requirements in a format usable by HR, he says. HR would also have a more accurate filter to vet candidates, he adds.

"If all positions advertise generic degree requirements as the credential needed for the position without describing the cybersecurity KSAs required and tasks being performed with some level of specificity, the pool of applicants with those credentials - but that are not useful to the hiring manager - can be high," Newhouse says.

 

About the Author

Joan Goodchild

Joan Goodchild

Director of Multimedia Content, ISMG

Joan Goodchild is veteran writer and editor who has been covering security for more than a decade. Before joining ISMG, she was the editor-in-chief of CSO, where she led the team to several national awards, including an AZBEE (ASPBE) for website of the year and several Digital Eddie (Folio) awards for B2B website of the year. Her previous experience in business journalism includes roles as a broadcast and web editor with the Boston Business Journal and as a news writer covering the Windows OS with TechTarget. Prior to that, she worked as a television reporter and anchor for more than a decade. She has a master's degree in journalism from Northwestern University's Medill School of Journalism and is the recipient of an Edward R. Murrow award for investigative reporting.




Around the Network