Organizational Security Competencies and Cybersecurity Workforce Development (Donaven Haderlie)

A new approach for extending existing cybersecurity frameworks has been developed by a team of researchers at Idaho National Laboratory. The project is being called the CYBER Security – Competency Health and Maturity Progression (CYBER-CHAMP) Model. There are five phases in the model that are meant to help an organization assess their risk profile and their workforce’s cybersecurity maturity. Phase 1: Measure Organizational Security State. Examine the organizations security profile and operational readiness by measuring the security elements of the organizational documents. Phase 2: Create Workforce Profile. Determine the organizations workforce structure by identifying job roles and placing them into job groups. The job groups are then assigned a cyber function level in which they are to meet and maintain. Phase 3: Determine Competency Health State. Identify job roles and tasks that match industry frameworks. This process provides an identification of the primary job role. Phase 4: Develop and Complete Learning Path(s). Based on the identification of the primary job role training plans are provided to ensure the workforce is maintain the competency that is required to keep the organization secure. Phase 5: Re-measure Organizational Security State. Re-examine the organizations security profile and operational readiness and adjust, as necessary. For the purpose of our presentation we will focus on a high-level CYBER-CHAMP overview with specific emphasis on organizational security competencies and cybersecurity workforce development.