The National Academies Press

Currently Skimming:

3 Conclusions, Recommendation, and Criteria for Professionalization of Cybersecurity
Pages 23-30

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 23... ... Even large organizations with top talent and significant resources devoted to cybersecurity have suffered major cybersecurity compromises, and organizations that do not have such levels of talent or resources face even greater challenges. More highly skilled workers in cybersecurity roles would help the nation respond more robustly to the cybersecurity problems it faces. Read the entire page →
From page 24... ... Although the need for cybersecurity workers is likely to continue to be high, it is difficult to forecast with certainty the number of workers required or the needed mix of cybersecurity knowledge and skills. There are many indications today that demand for cybersecurity workers will continue to be high, but it is notoriously difficult to measure or forecast labor supply and demand for any field, especially one that is as dynamic and fast moving as cybersecurity. Read the entire page →
From page 25... ... In digital forensics, where the results are to be used in a legal proceeding, the work is comparatively narrowly defined by procedures and law, the relevant domain of expertise appears to be sufficiently narrow, and the appropriate professionalization mechanism is clear (certification with periodic recertification reflecting advances in acceptable forensic techniques and practices) Read the entire page →
From page 26... ... As a result, education, training, and workforce development activities that focus too much on narrow technical knowledge and skills may discourage participation by people with much-needed nontechnical knowledge and skills, may overly concentrate attention and resources on building technical capability and capacity, and may discourage technically proficient people from developing nontechnical skills. The result would fall short of delivering the workforce the nation requires. Read the entire page →
From page 27... ... Although the adoption of such codes is generally a positive step with few drawbacks, it does raise two possible concerns in the context of cybersecurity. One issue is how the codes relate to actions taken in roles that involve offensive operations or active defensive measures (where legitimate activities might run afoul of overly narrowly drawn standards) Read the entire page →
From page 28... ... The following criteria are suggested to help identify cybersecurity specialties and circumstances where professionalization may be appropriate and to assess the potential effects of different professionalization mechanisms: • Do the benefits of a given professionalization measure outweigh the potential supply restrictions resulting from the additional barriers to entry? Professionalization can be both a magnet (attracting people to the field) Read the entire page →
From page 29... ... Certificates and certifications may provide useful tools for vetting job candidates, but overreliance on them may screen out some of the most talented and suitable individuals. This is particularly true in cybersecurity today, where some of the most effective workers develop their skillsets through informal methods (e.g., self-taught hackers) Read the entire page →
From page 30... ... common body of knowledge on which members of the profession can be judged to a generally agreedupon standard. This does not imply, however, that the occupation is static; even within a rapidly evolving profession, core knowledge elements that remain stable can be identified. Read the entire page →

From page 23...

... Even large organizations with top talent and significant resources devoted to cybersecurity have suffered major cybersecurity compromises, and organizations that do not have such levels of talent or resources face even greater challenges. More highly skilled workers in cybersecurity roles would help the nation respond more robustly to the cybersecurity problems it faces.

Read the entire page →

From page 24...

... Although the need for cybersecurity workers is likely to continue to be high, it is difficult to forecast with certainty the number of workers required or the needed mix of cybersecurity knowledge and skills. There are many indications today that demand for cybersecurity workers will continue to be high, but it is notoriously difficult to measure or forecast labor supply and demand for any field, especially one that is as dynamic and fast moving as cybersecurity.

Read the entire page →

From page 25...

... In digital forensics, where the results are to be used in a legal proceeding, the work is comparatively narrowly defined by procedures and law, the relevant domain of expertise appears to be sufficiently narrow, and the appropriate professionalization mechanism is clear (certification with periodic recertification reflecting advances in acceptable forensic techniques and practices)

Read the entire page →

From page 26...

... As a result, education, training, and workforce development activities that focus too much on narrow technical knowledge and skills may discourage participation by people with much-needed nontechnical knowledge and skills, may overly concentrate attention and resources on building technical capability and capacity, and may discourage technically proficient people from developing nontechnical skills. The result would fall short of delivering the workforce the nation requires.

Read the entire page →

From page 27...

... Although the adoption of such codes is generally a positive step with few drawbacks, it does raise two possible concerns in the context of cybersecurity. One issue is how the codes relate to actions taken in roles that involve offensive operations or active defensive measures (where legitimate activities might run afoul of overly narrowly drawn standards)

Read the entire page →

From page 28...

... The following criteria are suggested to help identify cybersecurity specialties and circumstances where professionalization may be appropriate and to assess the potential effects of different professionalization mechanisms: • Do the benefits of a given professionalization measure outweigh the potential supply restrictions resulting from the additional barriers to entry? Professionalization can be both a magnet (attracting people to the field)

Read the entire page →

From page 29...

... Certificates and certifications may provide useful tools for vetting job candidates, but overreliance on them may screen out some of the most talented and suitable individuals. This is particularly true in cybersecurity today, where some of the most effective workers develop their skillsets through informal methods (e.g., self-taught hackers)

Read the entire page →

From page 30...

... common body of knowledge on which members of the profession can be judged to a generally agreedupon standard. This does not imply, however, that the occupation is static; even within a rapidly evolving profession, core knowledge elements that remain stable can be identified.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

3 Conclusions, Recommendation, and Criteria for Professionalization of Cybersecurity Pages 23-30

3 Conclusions, Recommendation, and Criteria for Professionalization of Cybersecurity
Pages 23-30