This is the first in a series of blog posts looking at the
comments that NIST has received on their request for information (RFI) on cyber
workforce development. The comments are posted to the NIST National
Initiative for Cybersecurity Education (NICE) web
site. Comments posted this week came from:
• Eric
Baechle;
• Central
Lakes College; and
One commenter
specifically responded to questions posed by NIST in their RFI. The others were
long form explications of viewpoints about specific issues. One was a copy
of an article published on CIODive.com addressing some different
non-traditional cybersecurity-training activities that have been tried. Another
suggested that we need to start looking at specialization training for
cybersecurity personnel rather than generalist training. And the last one
addressed the need for rapid changes in cybersecurity training programs to
reflect changes in the environment.
The comments from Eric Baechle provided specific responses
for the NIST questions. The views from Eric paint a very bleak picture of how
cybersecurity specialists are utilized at one, unnamed agency (presumably
government agency, but that is not exactly clear). Not unexpectedly they paint
a picture of an agency management that does not understand the complexities of
the cybersecurity problems being addressed by the specialized workforce nor the
work actually being done by their cybersecurity team. While this is not
directly a workforce development issue (other than apparently there is no effort
in this organization being made to continue developing the skills of the team
being employed) it does help to explain why there may be retention issues and
employee burnout affecting cybersecurity operations.
Posts
No comments:
Post a Comment