Inventory List with Blog Title Text over a Thought Bubble

Inventory Company Skills using the NICE Framework

April 22, 2021 | 6 minute read

In the age of digital transformation, a key factor to any business’ success is people. Where people feel that they are valued, that their skills and talents are valued, they are most likely to stay, work well, and achieve vocational happiness. This is not only good for business, but necessary for managing risk, securing threats and vulnerabilities, and meeting compliance requirements every day. The landscape of cyberspace, where millions of people conduct their daily business, is continuing to reshape itself. “Ultimately the knowledge, soft skills and agile nature that are wired into our human DNA will help organizations successfully navigate a rapidly changing marketplace.” (Cole, Forbes) Over the past few decades, cybersecurity has steadily grown in the limelight, along with an expanding catalog of options for automated risk management solutions. But, what about people?

Cybersecurity is still considered a niche sector of IT. Due to the cybersecurity skills shortage, it’s a seller’s market for job seekers, and even those who are already employed. The best and brightest cybersecurity workers are poached for their skills constantly. Why stay with a company, when its competitors are offering substantially more than the current average salary? If people are a key factor to an organization’s success in the digital age, shouldn’t we also be focusing on tools that help employers find and retain those people? Providing a strategical path to the proper training and upskilling of individuals, in a way that supports their overall career journey, is achievable through the use of skills inventories and skills gap analysis. Reskilling employees that want to stay with a company, by transforming skills from their current job, can also benefit employers with loyalty and reduced recruiting, or hiring costs.

“Ultimately the knowledge, soft skills and agile nature that are wired into our human DNA will help organizations successfully navigate a rapidly changing marketplace.”

What is a skills inventory?

A skills inventory is an index of skills, education, and experiences of employees. It gives employers and hiring recruiters an at-a-glance view of the overall skills gap(s) in their company, or select departments, as well as any gap(s) in the skills of employees, or candidates.

Skills inventories are also lexicons, or taxonomies of knowledge, skills, and abilities (KSAs) related to specific work roles, and their associated tasks. The ability to define a particular work role prepares employers with a standard of measurement when it comes to assessing cybersecurity skills for hiring, upskilling, or reskilling.

Why is it important for companies?

The importance of skills inventories lies in their effectiveness for identifying skills gap(s) at every level within a company, providing a crystal-clear view of all security-related, organizational assets. They are a necessary tool in cybersecurity, especially when used in conjunction with the terms listed, below.

Strategic Planning- Every business needs to know where they currently stand, to plan for where they’re headed. Strategic planning involves analyzing the need for and availability of human capital in meeting the organization’s goals and objectives. This is even more precedent regarding cybersecurity. Using skills inventories provides business leaders a guide whereby, after identifying gap(s), they can quickly develop and implement a strategy that is not only cost-effective, but foundational, easy to expand, and focused on people. In a recent research study, conducted by the IBM Institute for Business Value (IBV) in collaboration with Oxford Economics, more than 2,700 C-level executives across the world’s 12 largest national economies were surveyed on a range of topics both related to their organizations’ and nation’s successes. Of the surveyed, 90% of executives cite skilled labor and quality as a critical factor for their organization when considering expansion into new markets, and 54% say cyber threats are among the biggest strategic risks for their nation’s economy in the next 5 years.

Agility- From the highest level down, cyber agility represents keeping up with the pace of change and being able to adapt and respond virtually, in real-time. IGI Global defines cyber agility as, “Quick and flexible capability for guaranteed recovery of critical digital world systems, services and users from multiple cyber disasters, i.e. ones related to the cyber space.” This indicates a formidable and talented cybersecurity workforce is needed, and should infiltrate every industry involved in the digital transformation belonging to this era. “Balancing digital transformation with cyber security agility means being mindful of the potential for attack and adopting integrated network security policy management to reduce possible compromise.” (Woods, Cyber Security Hub) Just as coaches use agility training to tally strengths and weaknesses in their athletes, so too should business leaders be using skills inventories to identify gaps concerning the cybersecurity skills in their organizations.

Retention- ISACA’s 2020 State of Cybersecurity: Part One report unveiled that, despite ample media coverage and discussion, hiring and retention practices, as well as progress in diversity have shown little improvement. Of the surveyed, 62% say their organization’s cybersecurity team is understaffed, and 57% say they currently have unfilled cybersecurity positions on their team. What is it going to take to move the dial and increase retention of a diverse, skilled workforce in the cybersecurity sector? Being willing to expand recruitment efforts past the usual cohorts of candidates is a good start, and so is adopting methods like skills inventory and skills gap analysis to find and train individuals, from all walks of life, interested in becoming cybersecurity professionals. There are simply not enough people in the industry, and so the response should be to not only sift out the best based on skill-level, but also indoctrinate and train anyone who has the aptitude and soft skills to succeed. Retention is going to require more collaborative efforts across industry, academia, and government.

NICE for what?

The NICE Framework, developed by the U.S. National Institute of Standards and Technology, is a comprehensive and foundational standardization of cybersecurity competencies, skills, and work roles. This widely adopted framework serves as the central point of cybersecurity work in the U.S., as it stands today. It can be used by universities and community colleges to aid in the development and modification of cybersecurity curriculum. The government uses it to recruit military veterans, reskilling or upskilling their already existing talent and soft skills. Business leaders and executives can adopt this framework as the measuring stick for all their skills inventories, skills assessments, and skills gap analysis initiatives.

CyberKnights Skills Inventory and Skills Gap Analysis for Employers

Graph displaying Employer Skills Gap information

Ex. Employer Skills Gap Graph

CyberKnights provides employers everywhere with the foundation of the NICE Framework, through the use of CyberKnights portal. One of the (free) key features CyberKnights offers employers is a Skills Inventory function, coupled with the ability to drill down through the 7 categories, 32 specialties, and 52 work roles of the NICE Framework. Employers need an objective approach to measuring the cybersecurity knowledge and skills held by their current staff, against the overall knowledge and skills the organization needs to minimize cybersecurity risk exposure. Once employers see their skills gaps, CyberKnights offers additional pathways of employee development to cover those gaps, via certifications, virtual labs, cyber range, and curriculum offered by academia. Click here for more information.