The product that I would be proposing and have been thinking about would be an early career inventory based on the knowledge, skills, abilities as outlined in the Nice Framework and likes/dislikes of the individual taking the assessment. This would be very similar to a Strong or Myers-Briggs inventory but based specifically on the field of cybersecurity. However, because of the nature of online students and employment, the idea is really to create a web-based application so that it is paper-free, green, and provides quick automated results.
This product is being proposed because it addresses the problem of folks looking to enter into the field of cybersecurity by educating them on the various roles in cybersecurity while helping them chart their path, plan their academics, while also saving them time and money. So many folks begin this process of trying to get a job in cybersecurity without knowing the roles. This solution could help alleviate that issue.
There are a lot of folks aiming to get into cybersecurity without knowing what in cybersecurity they might consider pursuing. This product and approach would be a type of career assessment that helps folks plot a career-path into the cybersecurity field. As it stands, there’s about 57 different roles in cybersecurity and yet folks only know that term, not the various career paths.
This would not recommend certifications or require any kind of membership. It’s solely an assessment (like Myers Briggs or Strong Interest Inventory) for a mentor/mentee/educator/student to help guide individuals looking to make either a career change into one of the many fields or for students early in their academic career to focus their studies.
The main issue the assessed might run into is that ‘cybersecurity’ isn’t necessarily a traditional starting point for entry into cybersecurity. While someone might take the assessment, and score high for the field of ‘forensics’, they have to have a baseline knowledge pertaining to operating systems, packet analysis, etc. It will be imperative to relay to the assessment-taker that the purpose of the assessment is to assist in charting a course into cybersecurity. This could lead to an individual becoming frustrated and confused by the assessment and purpose.
Another barrier that might inhibit success for the application would be a lack of participants, insufficient feedback from participants, the duration of the assessment itself, and subsequently the attention of the participant. The quality of the application could also result in substandard participation as well. If the application is aesthetically unpleasing or glitchy, that could sway results or create an environment that the participant simply elects to cease participation.
An additional barrier would be that the assessment will require frequent updating. As cybersecurity roles change and grow, so too will the assessment need to be modified to accommodate those changes. This will require the developer to constantly review the NICE Framework for updates to existing roles or the inclusion of new ones, requiring an update.
Another barrier towards a successful assessment will be the time of the assessment itself. As there are hundreds of knowledge, skills, and abilities, an assessment figures to be very lengthy and very much in depth. This could lead to fatigue or participants rushing through the questionnaire. This would provide a very skewed end-result which would not be an accurate portrayal of the participants’ likes or dislikes, causing a false group of matched jobs. Obviously if that occurs, then the assessment will be pointless.
A final hypothesized barrier will be a change in the participant’s interests. There could come a time, well after an initial assessment, that the likes and dislikes for a participant changes. In that case, the question of value towards the assessment would have to be addressed and questioned. Did the assessment lead the participant on an exploratory path into another field? Did they not end up liking one of the jobs they selected in the assessment? Why? These questions, and many more, would have to be addressed in order to ascertain whether the product is viable.
At the conclusion of the assessment, a yet-to-be-determined feedback questionnaire will be supplied to the participant to survey the content and structure of the test. These results will be analyzed while allowing us to have the data necessary to shift the product to make it a more pleasing experience for the participant. This line of questions will pertain to the aesthetics, structure, and content of the assessment while also taking into account how the participant felt about the quantity of questions. This, again, will allow me to gauge whether a participant was engaged in the assessment and if changes need to be made to the questions or application, in general.
In total, the assessment will allow folks to really evaluate their interests and dislikes by answering questions specific to the knowledge, skills, and abilities as outlined in the NICE Cybersecurity Framework. The results of the assessment will aim to provide the participant certain roles within cybersecurity to research. The additional aim is to arm the participant with a clearly defined path to either independently study or plan their academic pursuit that provides them with enough knowledge and baseline skills.
It is my sincere belief that once the assessment has been somewhat perfected, it would allow and empower an individual in their pursuit of a role into the vast cybersecurity sector. Having gone through a number of assessments that are available, most require an annual membership and lead directly to the recommendation of a professional, industry-standard certification (CompTIA, ISC2, etc.). That is not the aim for this assessment. Certifications will not be recommended at all as this is a career path assessment based on the aforementioned framework. Certifications are costly and, with some even exceeding $1000.00. Should an employer require a certification, then that should be taken into consideration by the participant. However, the aim for this assessment is really to help folks looking to enter into the field pinpoint roles they may wish to pursue. It is solely for the knowledge of the participant.
Cybersecurity is an umbrella term that covers a large quantity of roles, 57. Knowing the role a student or job-seeker aims to pursue will go a long way in their studies and academics with the residual impact of saving time and money. The assessment will strive to address this issue that I think is crucial towards the success of the job seeker and student looking to enter the field. There aren’t too many introductory courses in academics that pertain to all of these roles, but this will be a good start for many. At least, that is the intent.
