Quantitative CyberSeek

As a cybersecurity educator one of the core concepts that I try to relate to students is the ability to differentiate between qualitative and quantitative data. While to some it may seem a simple distiction between two forms of measurement; from my perspective as an educator it is not. While both forms of data are important it is critical that cybersecurity analysts be able to quickly differentiate between data types and know that in order to really contribute to the team sport that is cyber security they need to advance quantitative arguments. The CyberSeek project applies this logic to the often heard statement that there is a shortage of qualified applicants for cyberscurity positions.

CyberSeek is a project is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce. What I found makes it different are the organizations supporting the project. The project partners are NICE, Burning Glass Technologies, and CompTIA. The ‘certifying’ organizations providing data include: ISACA, ISC2, and GIAC (SANS). I found that to be impressive in that these organizations are contributing and collaborating to produce this portal that provides valuable data to all cybersecurity students and professionals.

Having looked at and worked with this portal several times I found the interactive map to be of high value. The data there broken down not only by US state but also by metropolitan areas was very valuable. Looking at data from different areas of the country you can see the differences between entry level staffing (applicants with base certifications such as CompTIA Security+) versus more experienced staff (those holding advanced certifications such as CISM and CISA) available.

The Career Pathway heatmap while interesting is something that I think needs to be refined. It lists IT Auditor as an entry level position from which one could advance to become a Cybersecurity Consultant or (in my opinion the dreaded) Vulnerability and Penetration tester. I say dreaded becuase I find that many students want that ‘Penetration Test’ career path not really understanding all that it involves. Specifically the constant education requirement and often the need to travel for work better than 50% of the time.

Overall, I found CyberSeek to be an excellent resourse and applaud the creators, suppliers, and maintainers of this project.