How the Latest Updates Could Help Those Looking for Specialists
The National Institute of Standards and Technology’s recent updates to its precise definitions of various cybersecurity jobs are designed to help make recruiting more efficient – both inside the federal government and elsewhere.
See Also: How to Scale Your Vendor Risk Management Program
The refinements in the job definitions could assist with standardizing cybersecurity recruitment practices in a severely short-staffed industry, says Diana Burley, executive director and chair of the Institute for Information Infrastructure Protection at The George Washington University, who has been tracking the skills gap issue for several years.
“The work roles are extremely valuable for advancing recruitment strategies and operations,” Burley says. “They provide a common language for employers, inside and outside of the federal government, and potential candidates to use to understand working requirements. They can also be used by academic institutions to align curricular content and programs to work role requirements.”
The National Initiative for Cybersecurity Education program within NIST first published a Cybersecurity Workforce Framework in 2013 that it describes as a “reference resource for describing and sharing information about cybersecurity work and the knowledge, skills, and abilities needed to complete tasks.”
The latest update, the third in a series, creates codes assigned to 55 workforce roles, says Bill Newhouse, deputy director of NICE. The codes provide a standardized set of data that Newhouse hopes will help further connect the dots and fill in the gaps for organizations seeking to fill cybersecurity job vacancies.
The codes further enhance the use of a position description tool known as the PushbuttonPD designed by the Department of Homeland Security. The aim of the tool is to improve communication between hiring managers and human resource managers.
While the PushbuttonPD was created to support federal hiring practices, it could be modified to support the specific needs of private-sector organizations, Newhouse says.
The tool enables a hiring manager to reference the NICE Framework work role codes, which then trigger prompts that enable them to pick specific knowledge, skills and abilities statements, he explains.
The latest framework improvements make it more efficient for a hiring manager to list the requirements that are needed for a vacant position and deliver those requirements in a format usable by HR, he says. HR would also have a more accurate filter to vet candidates, he adds.
“If all positions advertise generic degree requirements as the credential needed for the position without describing the cybersecurity KSAs required and tasks being performed with some level of specificity, the pool of applicants with those credentials – but that are not useful to the hiring manager – can be high,” Newhouse says.