Playing NICE? A Workforce Framework for Cybersecurity from NIST

According to Karen Wetzel, Manager of the NICE Framework, “The NICE Framework building blocks (Tasks, Knowledge, and Skill statements) will unleash a variety of ways in which organizations can use and apply the NICE Framework within their unique context and in a manner that is consistent with the attributes of agility, flexibility, interoperability, and modularity. The introduction of Competencies, a mechanism for organizations to assess learners, is designed to increase alignment among employers, learners, and education and training providers and close the cybersecurity skills gap.”

en flag
et flag
fr flag
de flag
pt flag
ru flag
es flag

Content Assessment: Playing NICE? A Workforce Framework for Cybersecurity from NIST

Information - 95%
Insight - 100%
Relevance - 90%
Objectivity - 100%
Authority - 100%



A short percentage-based assessment of the qualitative benefit of the recent NIST special publication on workforce framework for cybersecurity as shared in this recent post by ComplexDiscovery.

Editor’s Note: The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.  Located in the Information Technology Laboratory  at NIST, the NICE Program Office operates under the Applied Cybersecurity Division, positioning the program to support the country’s ability to address current and future cybersecurity challenges through standards and best practices.

The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our Nation secure.

The recently revised Workforce Framework for Cybersecurity is one example of NICE efforts to help better coordinate an integrated ecosystem of cybersecurity education, training, and workforce development.

Extracts from NIST Resources for Workforce Framework for Cybersecurity

New NICE Framework Released

Published as a NICE Framework Resource

“The revised NICE Framework provides an improved and simplified conceptual design that helps to better coordinate an integrated ecosystem of cybersecurity education, training, and workforce development,” said Rodney Petersen, Director of NICE, which is led by the National Institute of Standards and Technology (NIST) and is a partnership between government, academia, and the private sector.

The “cybersecurity workforce,” Petersen noted, “includes those whose primary focus is on cybersecurity as well as those in the workforce who need specific cybersecurity-related knowledge and skills in order to perform their work in a way that enables organizations to properly manage the cybersecurity-related risks to the enterprise.”

Revisions to the NICE Framework (NIST Special Publication 800-181) include:

  • A streamlined set of “building blocks” comprised of Task, Knowledge, and Skill Statements
  • The introduction of Competencies as a mechanism for organizations to assess learners
  • A reference to artifacts, such as Work Roles and Task, Knowledge, and Skills statements, that will live outside of the publication to enable a more fluid update process

Read the complete original update by NIST

Workforce Framework for Cybersecurity (NICE Framework)

Authored by Rodney Peterson, Danielle Santos, Matthew C. Smith, Karen A. Wetzel, and Greg White

Executive Summary

Each of us—individually and organizationally—performs important work that provides a contribution to society. However, as information and technology, including many evolving types of operational technology, grow increasingly complex and interconnected it can be difficult to clearly describe the work that is being performed or that we desire to accomplish, in these areas in particular. The National Initiative for Cybersecurity Education (NICE) recognizes that those performing cybersecurity work—including students, job seekers, and employees— are lifelong learners throughout their efforts to emphasize and address cybersecurity implications across many domains. This segment of people is referenced in this document both as “Learners” and at times as the “cybersecurity workforce”, though the latter is not meant to imply that the work roles and content included in the NICE Framework apply only to those fully embedded in the cybersecurity domain. The tasks that these learners perform are further referenced here as “cybersecurity work”, and the Framework provides a means to describing that work with precision to support learner education or training and in the recruitment, hiring, development, and retention of employees. The NICE Framework has been developed to help provide a reference taxonomy—that is, a common language—of the cybersecurity work and of the individuals who carry out that work. The NICE Framework supports the NICE mission to energize, promote, and coordinate a robust community working together to advance an integrated ecosystem of cybersecurity education, training, and workforce development. The NICE Framework provides a set of building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work performed by individuals and teams. Through these building blocks, the NICE Framework enables organizations to develop their workforces to perform cybersecurity work, and it helps learners to explore cybersecurity work and to engage in appropriate learning activities to develop their knowledge and skills. This development, in turn, benefits employers and employees through the identification of career pathways that document how to prepare for cybersecurity work using the data of Task, Knowledge, and Skill (TKS) statements bundled into Work Roles and Competencies.

The use of common terms and language helps to organize and communicate the work to be done and the attributes of those that are qualified to perform that work. In this way, the NICE Framework helps to simplify communications and provide focus on the tasks at hand. Finally, use of the NICE Framework improves clarity and consistency at all organizational levels—from an individual to a technology system to a program, organization, sector, state, or nation.

NIST Special Publication 800-181 Review 1 (PDF)

NIST – A Workforce Framework for Cybersecurity

Read the complete original NIST Special Publication 800-181 Revision 1 

Additional Reading

Source: ComplexDiscovery

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is an online publication that highlights data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

A (Brand) New Approach? Considering the Framework and Structure of eDiscovery Offerings

Today’s eDiscovery providers may benefit from the lessons learned in the creation of the Sgt. Pepper’s Lonely Hearts Club Band album by creating a concept for branding and packaging their offerings within that brand in a connected, theme-based way that represents the offerings’ promise and capability in a way that is easy to understand and remember.

This fictionalized branding approach was developed from the intellectual exercise of trying to figure out a reasonable and memorable way to descriptively highlight the promise and capabilities of offerings typically delivered by full-service eDiscovery providers. It may not be completely comprehensive or fully normalized. However, the hope of sharing this branding example is that it might help those involved in the branding and communication of eDiscovery provider services and solutions.

Reveal And Brainspace Merge

According to Wendell Jisa, founder and CEO of Reveal, "Backed by...

eDiscovery Mergers, Acquisitions, and Investments in 2020

Since beginning to track the number of publicly highlighted merger, acquisition,...

Relativity Acquires VerQu

According to Relativity CEO Mike Gamson, "It's imperative that the legal...

eDiscovery Mergers, Acquisitions, and Investments in Q4 2020

From Nuix and DISCO to Exterro and AccessData, the following findings,...

A New Era in eDiscovery? Framing Market Growth Through the Lens of Six Eras

There are many excellent resources for considering chronological and historiographical approaches...

An eDiscovery Market Size Mashup: 2020-2025 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Resetting the Baseline? eDiscovery Market Size Adjustments for 2020

An unanticipated pandemeconomic-driven retraction in eDiscovery spending during 2020 has resulted...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Five Great Reads on eDiscovery for January 2021

From eDiscovery business confidence and operational metrics to merger and acquisition...

Five Great Reads on eDiscovery for December 2020

May the peace and joy of the holiday season be with...

Five Great Reads on eDiscovery for November 2020

From market sizing and cyber law to industry investments and customer...

Five Great Reads on eDiscovery for October 2020

From business confidence and captive ALSPs to digital republics and mass...

Only a Matter of Time? HaystackID Launches New Service for Data Breach Discovery and Review

According to HaystackID's Chief Innovation Officer and President of Global Investigations,...

It’s a Match! Focusing on the Total Cost of eDiscovery Review with ReviewRight Match

As a leader in remote legal document review, HaystackID provides clients...

From Proactive Detection to Data Breach Reviews: Sensitive Data Discovery and Extraction with Ascema

A steady rise in the number of sensitive data discovery requirements...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

Issues Impacting eDiscovery Business Performance: A Winter 2021 Overview

In the winter of 2021, 43.3% of respondents viewed budgetary constraints...

Not So Outstanding? eDiscovery Operational Metrics in the Winter of 2021

In the winter of 2021, eDiscovery Business Confidence Survey more...

A Lifting of the Fog? Winter 2021 eDiscovery Business Confidence Survey Results

This is the twenty-first quarterly eDiscovery Business Confidence Survey conducted by...

High Five? An Aggregate Overview of Five Semi-Annual eDiscovery Pricing Surveys

As we are in the midst of a pandemic that has...