• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

cyberspace workforce

Convocourses Cybersecurity Workforce

September 6, 2020 by Leave a Comment

Here is what you need to know about the Cybersecurity workforce.

Audio ONLY:
http://www.nist80037rmf.com/wp-content/uploads/2020/09/Cybersecurity-Convocourses-the-cybersecurity-work-force.mp3

http://www.nist80037rmf.com/wp-content/uploads/2020/09/Cybersecurity-Convocourses-the-cybersecurity-work-force.mp3

Podcast: Play in new window | Download

Subscribe: Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS

Filed Under: convocourses, cyberspace workforce, podcast Tagged With: 8140, 8570, cyberspace workforce, workforce

Cybersecurity Framework

April 30, 2014 by Bruce Brown Leave a Comment

Adam Sedgewick, Senior Information Technology Policy Advisor at the National Institute of Standards and Technology (NIST) spoke at RSA Conference 2014.

Adam Sedgewick touched on the key elements of the cyber security framework.  Cyber security is designed for critical infrastructure operators to safeguard their information assets.

Adam addresses critics who say the framework is over simplified to be effective.

Cyber security framework will evolve from version 1 that was issued in mid-February (see NIST Releases Cybersecurity Framework).

More on Critical Infrastructure Framework Cyber security.  This document is a guide for implementing Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,”

Adam represents NIST on the Department of Commerce Internet Policy Task Force and advices NIST leadership on cybersecurity issues:

“Recognizing the role that the protection of privacy and civil liberties plays in creating greater public trust, the Executive Order requires that the Framework include a methodology to protect individual privacy and civil liberties when critical infrastructure organizations conduct cybersecurity activities. Many organizations already have processes for addressing privacy and civil liberties. The methodology is designed to complement such processes and provide guidance to facilitate privacy risk management consistent with an organization’s approach to cybersecurity risk management. Integrating privacy and cybersecurity can benefit organizations by increasing customer confidence, enabling more standardized sharing of information, and simplifying operations across legal regimes.” — Cyberframework

Filed Under: cyberspace workforce, DIARMF Tagged With: Adam Sedgewick, cybersecurity, cybersecurity framework, cyberspace workforce

computer network defense

January 23, 2014 by Bruce Brown Leave a Comment

Computer Network Defense is listed in the DoDD 8140, Cyberspace workforce has as a task among the Protect & Defend Category.

Job Description of Computer Network Defense

The actual work of Computer Network Defense covers Protect & defend and Analyze and possibly other categories.  A system security analyst doing CND work is expect to monitor, detect and respond to security incidents on the network.  They need to be familiar with not only information system security tools to monitor network traffic but they must also be able to know what the actual packets look like with certain patterns emerge on the network.  They must be familiar with certain patterns to detect network attacks and be familiar with incident handling.

Tools of Computer Network Defense

System security analyst performing CND work should be able to use a packet sniffer (protocol analyzer) such as wireshark and etherape.  The are also expected to be knowledgeable of certain Intrusion Detection System (such as Snort).  Or they can also have working experience with Intrusion Prevention Systems.  Since there are so many products that do very similar work of IPS, IDS, or packet analyzer knowing one really good and having a little hands on with others is usually ok.  What is important is knowing signature system attacks well enough to detect them when they occur, understanding ports, protocols and services and being intimately familiar with network packets.

8140 cyberpace computer network defense
8140 cyberpace computer network defense

Computer Network Defense Certification

GIAC Certified Intrusion Analysts (GCIAs) – The top of the food chain for security analysts doing pure analyst work.  Highly, highly respect intrusion cert.

GIAC Certified Incident Handler (GCIH) – Help certification to establish yourself.

CISSP – not really relevant or specialized for incident analysis but accepted like a VISA card.

Security+…not so much.. its like bringing a knife to a gun fight.

Filed Under: Assurance Technology, cyberspace workforce, Information Assurance, Information Assurance Jobs Tagged With: advanced persistent threats, APT, cnd, computer network defense, cyber, cybersecurity, cyberspace workforce, dod information assurance awareness, dodd 8140, dodd 8140 cyberspace workforce, IA, information, information assurance, information security, security, security analysis, security analyst, security operations center

dod 8140

January 22, 2014 by Bruce Brown 2 Comments

Dod 8140

DoD 8140, Cyberspace workforce will supersede DoD 8570 as the guide for selecting the personnel with the correct certifications, skills and experience.

DoDD 8140, Cyberspace workforce has 7 high level categories under a National Initiative for Cybersecurity Education (NICE) framework:

Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.

These categories are broken down further into a sum total of 31 tasks.  It was supposed to be released in 2013, but there is actually no telling when it will come out.

 

dod 8140
dod 8140

 

Security Provision

IA Assurance Compliance, Software, Enterprise Architecture, Technology Demonstration, System Requirement Planning, Test & Evaluation, System Development

Operate & Maintenance

Data Administration, Information System Security Management, Knowledge management, Customer & Tech Support, Network Services, System Administration, Systems Security Analysis

Protect & Defend

Computer Network Device (CND), Incident Response, CND Infrastructure Support, Security Program Management, Vulnerability Assessment & Management

Analyze

Cyber Threat Analysis, Exploitation Analysis, All-source Analysis, Targets

Operate & collect

Collection Operations, Cyber Operational Planning, Cyber Operations

Oversight & Development

Legal Advice & Advocacy, Strategic Planning & Policy, Education & Training

Investigate

Investigation, Digital Forensics

The categories with the “cyberspace workfore” of DoD 8140 are broken up finer and in more detail than that of the IA Workforce.

http://csrc.nist.gov/nice/

dod 8140
dod 8140

Also, notice that they have included some fields of IT and engineering that were passed over in the DoD 8570 Chart.  Areas such as Architect and Software Developer have been added.

So what Certs do we need..  THAT is the real question.  I am still looking for that.  I have not found it yet.  I guess that is still in draft.  Here is some of what I found:

http://csrc.nist.gov/nice/documents/the_path_towards_cybersecurity_professionalization_100312_draft_nice_branded.pdf

Cybersecurity Workforce Training and Professional Development is led by the Department of Defense (DoD), Office of the Director of National Intelligence (ODNI), and the Department of Homeland Security (DHS). The Component, in coordination with academia, industry, and State, Local, and Tribal governments, will identify the cybersecurity training and professional development required for the nation’s cybersecurity workforce. This team will be broken into four functional areas:

    • Functional Area 1: General IT Use (Co-Leads: DHS, Federal CIO Council)
    • Functional Area 2: IT Infrastructure, Operations, Maintenance, and Information Assurance (Co-Leads: DoD, DHS)
    • Functional Area 3: Domestic Law Enforcement and Counterintelligence (Co-Leads: DOD/DC3; NCIX; DHS/USSS; DoJ)
    • Functional Area 4: Specialized Cybersecurity Operations (Lead: NSA)

Filed Under: DIARMF Tagged With: 8140, cyberspace workforce, dod 8570 chart, dod information assurance awareness training, dodd 8140, dodd 8140 cyberspace workforce, entry level information assurance jobs, NICE

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Cybersecurity Jobs Resume Marketing: Book 1 Find Cybersecurity jobs
  • Security Control Assessor (SCA) Methods table top exercise
  • Cybersecurity Pro opinion about Tiktok
  • Las Vegas teleworking
  • STIGS in the RMF Process

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in