Skip to main content

Currently Skimming:

2 Approaches to Professionalization
Pages 14-22

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 14...
... For example, white papers prepared for the National Initiative on Cybersecurity Education use a definition with three elements (a body of knowledge, ethical guidelines, and professional organization that publishes papers and establishes best practices) (Department of Homeland Security, National Initiative for Cybersecurity Education, "The Path toward Cybersecurity Professionalization: Insights from Other Occupations: White Paper," 2012, available at http://niccs.us-cert.gov/careers/professionalization)
From page 15...
... A growing number of educational institutions offer degrees or specializations in cybersecurity, and a National Centers of Academic Excellence program, sponsored by NSA and DHS, certifies education, training, and research programs of 2- and 4-year academic institutions against standards established jointly by those two federal agencies. A sufficiently large number of certificates and certifications in various cybersecurity skills and specializations have emerged that DHS has developed a searchable online catalog to guide workers and employers.4 These include general certifications like the Certified Information Systems Security Professional (CISSP)
From page 16...
... For the government, professionalization might mean encouraging or requiring a particular educational achievement or certifications for its own workforce, supporting the development of curricula, establishing standards for education programs, encouraging the use of certification as a means of regulating the workers whose jobs affect the health and safety or property of others, or requiring (at either the federal or state level) licensure for particular occupations.
From page 17...
... Another issue is that some specialized cybersecurity jobs that involve offensive operations or active defense might run afoul of codes that do not take such work into account, a tension that other fields have had to consider in developing their ethical standards. Education Education for cybersecurity is provided at the undergraduate level by both 2- and 4-year institutions, which offer a wide range of courses, programs, and degrees focused on cybersecurity and as a component of computer science and engineering, management information system, and other information technology (IT)
From page 18...
... Another risk is ossification -- when the establishment of a standard inhibits evolution of skills and knowledge because those certified may not be incentivized to learn beyond what was included in the last certification test. Organizations that offer certifications can address these challenges by focusing assessments as much as possible on fundamental concepts, by adopting nimble processes for updating content, and by requiring periodic recertification.
From page 19...
... For example, a licensed civil engineer responsible for approving a bridge design is assumed to be able to state with some certainty that the bridge will stand under stated conditions. By contrast, for software and security no equivalent knowledge exists, which is one reason that licensure has not taken hold in the related area of software engineering.
From page 20...
... Even today, debate about how the necessary skills and knowledge for medical students are best acquired through classroom education and hands-on practice continues, reflecting the growing body of scientific knowledge, the increasing complexity of clinical care, and the evolving socioeconomic context in which medicine is practiced.11 An important and open question is whether cybersecurity will endure in anything like its present form over the timescales in which professionalization emerged and matured in professions like medicine, law, and aviation. TRADE-OFFS ASSOCIATED WITH PROFESSIONALIZATION Chapter 1 described some of the uncertainties associated with the current and future supply and demand for cybersecurity workers and the diversity of contexts in which cybersecurity work is done.
From page 21...
... Certificates and certifications provide some ability to vet job candidates, but overreliance on them may screen out some of the most talented and suitable indi­ viduals. This is particularly true in cybersecurity, in which some of the most proficient cyber experts have developed their skill sets through informal methods (e.g., self-taught hackers)
From page 22...
... By helping define roles and career paths, professionalization can help workers identify suitable jobs and employers identify suitable workers. On the other hand, defining the field in terms of a specific set of exams, certificates, degrees, or the like will narrow the pipeline of future candidates for the field and thus may constrain supply.


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.