Demand for skilled workers in the field of cybersecurity is currently strong and expected to remain so for the next few years. At the same time, many countries are experiencing skill shortages in this area. This book describes the National Initiative for Cybersecurity Education (NICE) framework, an initiative of the National Institute of Standards and Technology (NIST) designed to be a partnership between government, academia, and private industry, with the goal of defining a consistent way to describe cybersecurity work roles, as well as the knowledge, skills, and abilities (KSAs) needed for them.

There are several skills and competency frameworks, such as the Skills Framework for the Information Age (SFIA), that organizations can use as a general framework for describing digital and information technology (IT) skills. The NICE framework, however, focuses specifically on cybersecurity skills and adopts KSA competencies as an alternative to classical learning outcomes and assessment activities.

The first chapter provides an introduction and identifies core cybersecurity roles. Rather than approaching NICE from a work role perspective, Alsmadi approaches NICE from an educational perspective, aiming to assist those planning cybersecurity education and syllabi.

The remaining 17 chapters then follow the KSA general framework to describe, in detail, areas selected by Alsmadi for their importance in cybersecurity roles. Chapters begin with a short explanation of the area, the technical functions involved, and why people working in cybersecurity should have the related KSAs. The KSAs associated with each area are then identified and described in significant detail and supported with relevant illustrations, screen shots, and code samples. Indeed, the level of detail provided is sufficient to form a good foundation for course teaching material for each of the identified KSAs. Each chapter concludes with detailed references. Without listing all 17 areas that Alsmadi has chosen to cover, major areas such as disaster and continuity planning, cyber defense, cyber intelligence, analysis, operational planning, and incident response and management are all covered in good detail. The work has a detailed table of contents and concludes with a thorough index.

Alsmadi’s stated goal is primarily to help education workers, curriculum developers, and training providers to develop and structure teaching materials and assessment tools needed for cybersecurity roles, by providing a common terminology and framework for describing cybersecurity roles. The book will also be of value to employers, human resources (HR) departments, and hiring managers to identify and define cybersecurity roles and skills within their organizations. Individuals can also use the book to explore career prospects in cybersecurity.