Here is what you need to know about the Cybersecurity workforce.
Audio ONLY:
Podcast: Play in new window | Download
Subscribe: Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS
cyberspace workforce
Cybersecurity Framework
Adam Sedgewick, Senior Information Technology Policy Advisor at the National Institute of Standards and Technology (NIST) spoke at RSA Conference 2014.
Adam Sedgewick touched on the key elements of the cyber security framework. Cyber security is designed for critical infrastructure operators to safeguard their information assets.
Adam addresses critics who say the framework is over simplified to be effective.
Cyber security framework will evolve from version 1 that was issued in mid-February (see NIST Releases Cybersecurity Framework).
More on Critical Infrastructure Framework Cyber security. This document is a guide for implementing Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,”
Adam represents NIST on the Department of Commerce Internet Policy Task Force and advices NIST leadership on cybersecurity issues:
“Recognizing the role that the protection of privacy and civil liberties plays in creating greater public trust, the Executive Order requires that the Framework include a methodology to protect individual privacy and civil liberties when critical infrastructure organizations conduct cybersecurity activities. Many organizations already have processes for addressing privacy and civil liberties. The methodology is designed to complement such processes and provide guidance to facilitate privacy risk management consistent with an organization’s approach to cybersecurity risk management. Integrating privacy and cybersecurity can benefit organizations by increasing customer confidence, enabling more standardized sharing of information, and simplifying operations across legal regimes.” — Cyberframework
computer network defense
Computer Network Defense is listed in the DoDD 8140, Cyberspace workforce has as a task among the Protect & Defend Category.
Job Description of Computer Network Defense
The actual work of Computer Network Defense covers Protect & defend and Analyze and possibly other categories. A system security analyst doing CND work is expect to monitor, detect and respond to security incidents on the network. They need to be familiar with not only information system security tools to monitor network traffic but they must also be able to know what the actual packets look like with certain patterns emerge on the network. They must be familiar with certain patterns to detect network attacks and be familiar with incident handling.
Tools of Computer Network Defense
System security analyst performing CND work should be able to use a packet sniffer (protocol analyzer) such as wireshark and etherape. The are also expected to be knowledgeable of certain Intrusion Detection System (such as Snort). Or they can also have working experience with Intrusion Prevention Systems. Since there are so many products that do very similar work of IPS, IDS, or packet analyzer knowing one really good and having a little hands on with others is usually ok. What is important is knowing signature system attacks well enough to detect them when they occur, understanding ports, protocols and services and being intimately familiar with network packets.
Computer Network Defense Certification
GIAC Certified Intrusion Analysts (GCIAs) – The top of the food chain for security analysts doing pure analyst work. Highly, highly respect intrusion cert.
GIAC Certified Incident Handler (GCIH) – Help certification to establish yourself.
CISSP – not really relevant or specialized for incident analysis but accepted like a VISA card.
Security+…not so much.. its like bringing a knife to a gun fight.
dod 8140
Dod 8140
DoD 8140, Cyberspace workforce will supersede DoD 8570 as the guide for selecting the personnel with the correct certifications, skills and experience.
DoDD 8140, Cyberspace workforce has 7 high level categories under a National Initiative for Cybersecurity Education (NICE) framework:
Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.
These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out.
Security Provision
IA Assurance Compliance, Software, Enterprise Architecture, Technology Demonstration, System Requirement Planning, Test & Evaluation, System Development
Operate & Maintenance
Data Administration, Information System Security Management, Knowledge management, Customer & Tech Support, Network Services, System Administration, Systems Security Analysis
Protect & Defend
Computer Network Device (CND), Incident Response, CND Infrastructure Support, Security Program Management, Vulnerability Assessment & Management
Analyze
Cyber Threat Analysis, Exploitation Analysis, All-source Analysis, Targets
Operate & collect
Collection Operations, Cyber Operational Planning, Cyber Operations
Oversight & Development
Legal Advice & Advocacy, Strategic Planning & Policy, Education & Training
Investigate
Investigation, Digital Forensics
The categories with the “cyberspace workfore” of DoD 8140 are broken up finer and in more detail than that of the IA Workforce.
Also, notice that they have included some fields of IT and engineering that were passed over in the DoD 8570 Chart. Areas such as Architect and Software Developer have been added.
So what Certs do we need.. THAT is the real question. I am still looking for that. I have not found it yet. I guess that is still in draft. Here is some of what I found:
http://csrc.nist.gov/nice/documents/the_path_towards_cybersecurity_professionalization_100312_draft_nice_branded.pdf
Cybersecurity Workforce Training and Professional Development is led by the Department of Defense (DoD), Office of the Director of National Intelligence (ODNI), and the Department of Homeland Security (DHS). The Component, in coordination with academia, industry, and State, Local, and Tribal governments, will identify the cybersecurity training and professional development required for the nation’s cybersecurity workforce. This team will be broken into four functional areas:
- Functional Area 1: General IT Use (Co-Leads: DHS, Federal CIO Council)
- Functional Area 2: IT Infrastructure, Operations, Maintenance, and Information Assurance (Co-Leads: DoD, DHS)
- Functional Area 3: Domestic Law Enforcement and Counterintelligence (Co-Leads: DOD/DC3; NCIX; DHS/USSS; DoJ)
- Functional Area 4: Specialized Cybersecurity Operations (Lead: NSA)