Microsoft PowerPoint - CAE Symposium 2018 (Dan Kim).pptx

slide 38

DanJ.Kim,Ph.D.

UniversityofNorthTexas

UNDERSTANDINGWORKFORCEATTRIBUTESBY

EXPLORINGEMPIRICALCAREERPATHWAYSOF

CYBERSECURITYPROFESSIONALS

InformationTechnologyandDecisionSciences

November8,2018

NeedforCybersecurityWorkforce

• The2018GlobalRiskReportbytheWorld

EconomicForumhaslistedcybersecurityattacks

asthesecondmostlikelycauseofglobal

instabilitybehindenvironmentaldisaster.

• Cybersecurityworkforceparticipationwillgrowat

10%annuallyfrom2015to2020,andthatannual

spendingoncybersecuritywillreach$170billion

(Morgan,2015).

CareerPathsofCybersecurity

Professionals

• Therearemanyopportunitiesfor

cybersecurityworkforce

• Therearemanycareerpathswith

differentworkforceattributes(factors)

FactorsAffectingCareerPath

Leadership,

Knowledge

Skills, Ability

Credentials,

Experience,

Citizenship,

Security

Clearance, etc.

Technician

Director

Analyst/

Consultant

InfoSecurity

Manager

CISO

Architect/

Auditor

Noteasytoseeabigpicture

ReviewonPreviousRelevantWork

ExistingIndustryFrameworks

• CybersecurityCareerPathwaybyCyberSeek

(www.cyberseek.org)

• CompTIACybersecurityCareerPathway

(certification.comptia.org/certifications)

• EC‐CouncilCareerPathbyCAST(CenterforAdvanced

SecurityTraining)

• SANStraining/certificationroadmap

(www.giac.org/certifications/get‐certified/roadmap)

(Source: www.cyberseek.org)

IssuesandOurApproach

Drawbacksofexistingindustryframeworks

• Categorizedbyownproducts/types(e.g.,

certifications,trainingcourses,jobdemands,

etc.)

• APriori (i.e.,top‐down)approach

Ourapproach,

• Takeaposteriori(i.e.,bottom‐up)approach

• Mapcareerprogressionsthroughjob

transitions

ResearchPurpose

• Developacybersecuritycareerpathmap

– Toshowcareerprogressionsthroughwork

roletransitionswithdetailedrequired

elements(e.g.,credentials,skillsets,

knowledge,experience)associatedwitheach

role

– Tofindkeyjobswithincybersecurityand

commontransitionopportunities

– Identifycurrentempiricaltrendsin

experienceandeducationpreferences

Methodology

• Dataset:Over1,000CVsofcybersecurity

professionalsfrom“indeed.com”containing

cybersecurityworkroles

• Capturing:

workroletransitionsandkeyelements

• DataCoding:

Workrolelevel/type,educationtime/type,

location,certificationtype/#,skillsets,experience,

militaryservice,securityclearance,etc.

PreviousJobTitle(Pn‐1)

Administra

tor

Analyst Architect Auditor Consultant Director Engineer Manager Other Other(Security) Specialist Technician

CurrentJob

Title

(Pn)

Administrator 1%

Analyst 39% 26% 22% 13% 17% 21% 30% 33%

Architect 2% 1% 5%

Auditor 17% 4% 1%

Consultant 4% 16% 4% 2% 2% 4%

Director 2% 43% 16% 33% 1% 5%

Engineer 13% 5% 8% 30% 8% 8% 7%

Manager 5% 29% 33% 11% 7% 21% 1% 7%

Other 26% 29% 17% 16% 33% 9% 38% 58% 40% 33% 33%

Other

(Security)

50% 6% 33% 25% 7% 21% 6% 14% 7%

Specialist 50% 5% 11% 15% 4% 26% 33%

Technician 1% 0%

CYBERSECURITYPROFESSIONALJOB

TRANSITIONS

Administrator

ManagerArchitect

Engineer

Consultant

Auditor

Analyst

Specialist/

Technician

Director

15%

13%

29% 0%

12%

CYBERSECURITYPROFESSIONALJOB

TRANSITIONMAP

ExpectedContributions

Wecanpossiblyanswerfollowingquestions.

• Whatarethemostcommonentry‐leveljobsin

cybersecurity?

• Whattypesofknowledge,skills,andeducational

credentialsareneededtostartacybersecuritycareer?

• Whattypesofknowledge,skills,andcertificationsare

neededforaspecificcybersecurityrole?

• Whatcybersecuritycertificationsaremostindemandin

mid‐levelandadvanced‐levelroles?

• Whatcriticalelements(e.g.,educationlevels,certifications,

experiences,etc.)dorequiretobeexecutive‐level

cybersecurityprofessionals?

RelevantLiterature

• Radziwill,N.&Benton,M.(2017).Costofquality:Managingthecostsofcybersecurityrisk

management.AdministrativeScienceQuarterly. Vol.19(4).

• Carnevale,A.,Smith,N.,&Strohl,J.(2010).Helpwanted:Projectionsofjobsandeducation

requirementsthrough2018.Washington,DC:GeorgetownUniversityCenteronEducationand

theWorkforce.

• Harris,M.,Patten,K.(2015).UsingBloomandWebb’staxonomiestointegrateemerging

cybersecuritytopicsintoacomputingcurriculum.JournalofInformationSystemsEducation. Vol

26(3).

• Knapp,K.J.,Maurer,C.,&Plachkinova,M.(2017).Maintainingacybersecuritycurriculum:

Professionalcertificationsasvaluableguidance. JournalofInformationSystemsEducation, 28(2),

101‐113.

• Schwartz,R.(2016).Thecareerpathwaysmovement:Strategyforincreasingopportunityand

mobility.JournalofSocialIssues. Vol.72(4).

• Wilbanks,L.(2011)Otherdutiesasassigned?.ITPro.IEEEComputerSociety.

• NationalInitiativeforCybersecurityEducation,NationalCybersecurityWorkforceFramework,ver.

2.0,https://www.nist.gov/file/359261

• U.S.DepartmentofHomelandSecurity,CybersecurityWorkforceDevelopmentToolkit(CWDT),

https://niccs.us‐cert.gov/workforce‐development/cybersecurity‐workforce‐development‐toolkit