The “AI and Critical Technology Workforce Framework Act,” introduced by Sens. Gary Peters, D-Mich., and Eric Schmitt, R-Mo., would direct NIST to create a workforce framework for AI and assess whether other critical or emerging technology areas might also benefit from frameworks, according to bill text and a release provided to FedScoop.

“As artificial intelligence continues to play a bigger role in our society, it’s critical the future of this groundbreaking technology is formed in the United States. The way to ensure that happens is by building a workforce engaged in these new technologies,” Peters, chairman of the Senate Homeland Security and Governmental Affairs Committee, said in a written statement.

The bill is intended to build upon NIST’s existing National Initiative for Cybersecurity Education (NICE) framework — which outlines cybersecurity roles in an effort to help employers build their cyber workforces — as AI is poised to reshuffle the workforce.

Over the next five years, demand for AI and machine learning specialists is expected to increase by 40%, according to a 2023 World Economic Forum report on workforce trends across the world. 

“This bill will ensure that America continues to have a strong and increasingly skilled workforce, will utilize AI to bolster American industry, and will incentivize companies to keep their jobs in the United States rather than outsourcing them overseas,” Schmitt said in a written statement. “Additionally, this bill’s potential to benefit our defense capabilities is endless.”

Under the bill, NIST would be required to report to Congress about other critical and emerging technology areas it finds could benefit from a workforce framework. It would also direct NIST to update the NICE framework to reflect changes in the cybersecurity field and “encourage” the agency to provide resources and guidance on cybersecurity careers to students and adults, according to the release.

The post Bipartisan Senate proposal calls for AI workforce framework from NIST appeared first on FedScoop.

Together with the White House Office of the National Cyber Director, Department of Commerce and other agencies, DOL will recruit employers, industry sector associations, labor unions, educational providers, and community-based organizations to join or launch registered apprenticeships through National Apprenticeship Week running Nov. 12-20, 2022.

Registered apprenticeships are career pathways, often for underserved communities, where employers offer future workers pay, mentorships, classroom instruction and a nationally recognized credential, and the Biden administration is championing them to fill nearly 700,000 open cyber jobs nationwide. The Cybersecurity Apprenticeship Sprint was announced at the White House’s National Cyber Workforce and Education Summit, one month after President Biden signed into law a bill creating a federal rotational cyber workforce program.

“These newly trained workers will help protect our critical infrastructure, advance our digital way of life, strengthen our economy and improve access to cybersecurity career paths for underrepresented communities — especially women, people of color, veterans and people with disabilities,” said Labor Secretary Marty Walsh.

DOL’s Office of Apprenticeship will work with employers to launch apprenticeship programs within 48 hours using vetted standards, and the National Institute of Standards and Technology‘s National Initiative for Cybersecurity Education (NICE) is also looking to partner. NICE offers an apprenticeship locator.

About 42,260 cybersecurity apprentices are a part of 714 programs currently with 199, a 28% increase, created since Jan. 20, 2021.

“The Cybersecurity Apprenticeship Sprint is a creative initiative, which will encourage a swath of new talent into the cybersecurity workforce by bootstrapping highly visible and valuable work experience and by focusing on inclusivity and diversity as a primary objective,” said Casey Ellis, founder of Bugcrowd, which offers its vulnerability disclosure platform to agencies, in a statement.

The post Labor Department announces 120-day cybersecurity apprenticeship sprint appeared first on FedScoop.

DHS’s Cybersecurity and Infrastructure Security Agency issued a request for information this week “to solicit information from industry that can provide President’s Cup Cybersecurity Competition (PCCC) support services.”

Launched in 2019, the President’s Cup is a national event to “identify, challenge, and reward the best cybersecurity talent in the federal workforce” based on elements of the National Initiative for Cybersecurity Education (NICE) Framework, according to CISA. The competition was created by a 2019 executive order on the federal cyber workforce, and the third iteration will run sometime this fall.

The RFI asks industry vendors to share information on their experience hosting online competitions — particularly those involving cybersecurity challenges like capture the flag events — providing cybersecurity training information, and developing video games, as well as generalized cybersecurity knowledge across their workforce.

It also asks questions about vendors’ capability to support the competition’s specific needs, like creating and testing “over 70 competition challenges within 2-3 months,” open-sourcing all content and providing 24/7 support.

Interested parties have until Sept. 8 to submit responses.

The 2020 President’s Cup ran from August 2020 to Feb. 25, 2021, hosting more than 1,400 participants and 250 teams in a virtual format. Participants competed in capture the flag challenges, as well as a so-called “Save the World” scenario, which featured mock news broadcasts about a snowstorm taking out a city’s critical infrastructure. The winning team came from the Army’s 780th Military Intelligence Brigade.

CISA hasn’t decided yet if the 2021 event will be in-person or virtual.

The post DHS searching for vendors to help host President’s Cup cyber competition appeared first on FedScoop.

Developed by the National Institutes of Standards and Technology, the National Initiative for Cybersecurity Education framework breaks down agency work roles, like cyber defense analyst, to their core knowledge, skills, abilities and tasks (KSATs).

The COVID-19 pandemic presents agencies with the opportunity to audit their employees and determine where there are cyber skills gaps that remote learning can fill, Rodney Petersen, NICE director, told FedScoop.

“The discussions I’m hearing at the moment are less about the training needs and more about how the entire learning ecosystem could be fundamentally changed,” Petersen said. “And cybersecurity could become the pilot for how that is implemented and rethought in this current environment.”

Cyber workforce development firm CyberVista has seen an uptick in requests — almost exclusively from a “handful” of federal agencies — for digital forensics and basic training as the coronavirus spreads, said CEO Simone Petrella.

Federal employees using mobile devices for remote work leaves them more exposed to cyber threats, meaning roles that aren’t traditionally focused on security suddenly require that knowledge to a greater degree, Petrella said.

“Outside of the forensic requirement, I actually think that the biggest need I’ve seen across the board is in fundamental and baseline skills for entry- to mid-level staff that can ultimately be upskilled and trained to those more specialized roles,” she said.

The NICE Framework not only helps agencies identify what roles they need but how to measure the effectiveness of training so employees can ultimately fill those positions.

Agencies remain in the early stages of workforce considerations as they focus on mission-critical functions in the face of COVID-19, Petersen said.

“One of the skills that people are going to take for granted during this time period is the impact telework has on what we call professional, soft or employability skills,” he said. “Because obviously we don’t have the same level of face-to-face or interpersonal interactions we would in the workplace.”

Video conferencing can be used to preserve those skills, as can virtual learning environments like cyber ranges, Petersen said.

Common mistakes include agencies thinking they can simply stick instructors in front of webcams and relying too heavily on lecture-based curriculums, Petrella said.

Hands-on learning ensures employees can actually do the work required by allowing for qualitative, technical assessments, which CyberVista already conducts in distributed environments like the one the coronavirus has created, she said.

“We’re in this remote environment, and so everyone feels fairly isolated,” Petrella said. “So you don’t want to necessarily give them an experience where they are isolated.”

NICE issued a call for proposals Tuesday for its annual conference scheduled for November in Atlanta. Several early proposals centered on continuity of learning during the pandemic.

Figuring out how to accommodate a more remote workforce throughout the talent lifecycle is critical, and a move toward online learning in government will allow for greater experimentation and innovation, Petersen said.

“I think it’s going to revolutionize telework as we see how it’s both possible and potentially productive,” he said. “It’s certainly going to cause us to reconsider employment from a distance for a variety of careers including cybersecurity, and, of course, it’s going to require that we rethink how we learn.”

The post For remote learning in government, coronavirus cyber training could prove transformational appeared first on FedScoop.

VA’s Office of Information Security stood up a Cyber Workforce Management (CWM) program across the broader Office of Information and Technology (OIT), which determined existing NICE Framework roles didn’t meet all of VA’s mission needs. The NICE framework, developed by the National Initiative for Cybersecurity Education, prescribes knowledge, skills, abilities and tasks (KSATs) to work roles like a cyber defense analyst.

“There are gaps in the framework. Medical is not in there, med cyber — jack of all trades, master of medical devices,” Stephanie Keith, CWM program manager, said during a panel discussion at the 2020 Health IT Summit. “But where are the cybersecurity aspects of that? At VA we’re looking at how we develop what that work role looks like.”

The CWM program plans to identify work roles across every single position within VA and its IT office and establish qualification requirements for each role that all of government can use, she added.

“I’m not about unique requirements for an agency,” Keith said. “I’m about federal national standards.”

CWM is also standing up a cyber training academy pilot to teach employees baseline skills associated with the work roles. Baseline skills for, say, a cyber defense analyst should be the same at every agency so they’re portable, Keith said.

Training for new work roles covering positions like healthcare technology managers and informaticists should happen at the device level, not the network level, she added.

VA employees further removed from technical positions still require cyber training as well in areas like early detection and zero trust, said Paul Cunningham, chief information security officer at VA.

“We’re never going to get medical teams to be primarily cybersecurity. It’s not their mission; we shouldn’t expect it,” Cunningham said. “But we should make it very easy for them to help us as first-line defenders recognize when things are not operating correctly.”

The post VA developing cyber careers program to fill gaps in workforce framework appeared first on FedScoop.

Comtech Telecommunications rated applicants’ potential to succeed in a cyber career prior to their admission into the cohort and for the first time administered hands-on CYBRScore skills assessments throughout the eight-week instructional period. The CYBRScore assessment was tailored to the cyber defense analyst (CDA) work role defined in the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.

But first, the pool of 600 federal employees that applied to the academy needed whittling down to 20 students across 10 civilian agencies and the Department of Defense. The Office of Management and Budget and Federal CIO Council didn’t require an IT or cyber background to apply, so Comtech asked general questions measuring 44 characteristics within the realm of aptitude, attitude and career interest.

Aptitude questions consisted of basic science, technology, engineering and math problems, while attitude questions gauged an applicant’s penchant for repetitive tasks and preference for working alone or in groups.

“We try and get those discerning features characterized up front, so at the end of the day, the cohort would be the best fit for success going through the overall program,” Alan Gush, academy director of CYBRScore, told FedScoop.

For instance, the CDA work role required candidates be committed to accuracy when interpreting data, but not so much so that they couldn’t complete assignments. Those characteristics were weighted more heavily.

Once the cohort was selected, subsequent CYBRScore assessments — conducted in a real-world virtual environment using open-source tools to do the data gathering — evaluated CDA knowledge, skills, abilities and tasks (KSATs) as laid out in the NICE framework. That meant no true-false, multiple-choice or fill-in-the-blank questions.

The first assessment baselined each student’s KSATs. Then CYBRScore divided the CDA work role into five functional areas for a total of five weekly assessments: protocol analysis, network defense analysis, network attack analysis, incident detection and incident handling.

“That’s a little bit nerve-racking, but it’s similar to…taking a certification exam,” said Erik Wallace, director of business development for CYBRScore.

An assessment might inform the student a hacker accessed the system and ask them to determine what happened leading up to the breach and identify the piece of data used in the intrusion, as well as the date it transpired. Or the participant might be asked to enumerate a network — identifying hosts by their internet protocols, noting their operating systems and which ports are potentially open.

Hundreds of data points were scored in real-time throughout each assessment, with the scores provided to students immediately after for them to track their progress. Scores were also used to personalize learning plans, with participants directed to specific training sets or hands-on virtual labs in areas where they were found to have skills gaps.

On the whole, the 19 participants that completed the academy showed “amazing gains in proficiency” between their baseline and final CYBRScore assessments, Gush said. In total, 16 of the 19 academy graduates finished in a higher experience tier than when they began.

Graduates received a certificate of completion Sept. 20 with 20% selected for cyber positions within their original agency or another since then, Gush said. Alternatively, graduates may have pursued developmental rotation assignments or additional cyber responsibilities within their current roles.

If OMB and the CIO Council opt to do a third cohort of the Reskilling Academy, Comtech would have to bid to run the program like any other company. But cyber aptitude assessments come recommended.

OMB has access to all the applicant data generated by CYBRScore through its contracting partner, the General Services Administration, for future iterations. And Federal CIO Suzette Kent hinted at their expansion in September.

CYBRScore would be interested in supporting a third cohort for OMB or training for any other federal agency — others having expressed interest, Gush said. Wallace said he would expect “slight tweaks” to the weighting of future assessments.

Agencies can find the offering on GSA’s Schedule 70 IT contract.

“So it is available as a distinct program, if agencies are interested in building out that capacity,” Gush said.

The post As the Cyber Reskilling Academy’s second cohort moves on, trainers reflect on the impact appeared first on FedScoop.