Infosec Skills release: NICE Framework mapping, new navigation enhance content discoverability

April 12, 2021

Training mapped to the NICE Workforce Framework for Cybersecurity

The cybersecurity skills gap is a pressing issue, having massive ramifications for both public safety and private sector productivity. In an era where many industries' labor supply outstrips demand, cybersecurity faces the opposite challenge: there are far too few applicants for myriad jobs, all of which are crucial.

The federal government recognized this prior to 2010, coming up with the concept for the first NICE Framework before the titular government agency — the National Initiative for Cybersecurity Education — was even created. Over a decade later, government and business have made admirable strides in refining the NICE Framework and evolving it to meet the needs of a rapidly-changing field. According to our own research, over 81% of organizations are considering aligning job descriptions to the NICE Framework.

This is why we're thrilled to announce that NICE Work Roles are now incorporated into Infosec Skills. Learners now have a logical starting point for cybersecurity training based on their current or potential career paths.

Because we mapped every Infosec Skills course, cyber range and project to specific Knowledge and Skills Statements, employers have ultimate flexibility in creating their teams' employee development plans. NICE Knowledge and Skills Statements are the “building blocks” of the NICE Framework and roll directly into Tasks, Work Roles, Competencies and even Custom Work Roles. However you've opted to implement the NICE Framework, we can help.

There are a number of ways this functionality can be used:

  • Learners who want to advance in or towards a certain job can view all 52 NICE Work Roles, click on the most relevant option and then choose the best learning paths for that position. Corresponding Knowledge and Skill Statements are also shown:


  • For folks who are interested in a learning path but are unsure how it will help them, they can now check relevant NICE Work Roles to see if and how that learning path is connected.

These are just the first steps — but exciting ones — towards integrating the NICE Framework with Infosec Skills. We'll continue to partner with private and public sector organizations to evolve the tool in a way that helps the entire field. In the meantime, click here to read the full 2021 Cybersecurity Role and Career Path Clarity Study.

Improved global navigation

In order to facilitate quicker access to information, we've re-organized the homepage to mirror learners' desired outcomes when using the app. New sections include:

Learn: A consolidated home for learners to access training materials, including Cyber Ranges, learning paths, assessments and more.

Teams: Where Teams administrators can view, manage and report on their employees' training progress, as well as change technical settings — currently around SSO and open API — for their organization.

Account: Users can easily change their individual account settings and access Assigned and Completed learning.

These and future UI changes will provide learners with a more intuitive training experience, allowing folks to focus on what matters most.

New Infosec Skills learning paths

Advanced Adversary Tactics

Sun Tzu preached the importance of knowing one's enemy, a precept June Werner has taken to heart. In her first learning path, the Infosec cyber range engineer will show you how to defeat threat actors with an ever-growing list of interactive training. Initial lessons — steeped in June's offensive security expertise — include:

  • Common attack methods and techniques
  • Indicators of compromise
  • Reconnaissance and resource development methods
  • Initial access, execution and persistence methods
Advanced Adversary Tactics

JavaScript Security

JavaScript is omnipresent, so avoiding it isn't an option for most cybersecurity professionals. Infosec Skills author Vladimir de Turckheim — who also teaches a learning path about Node.js — takes a broader approach in his newest course. JavaScript Security will cover crucial topics like:

  • The security model of browser applications
  • The impact of security headers and modern XSS mitigation techniques
  • How to set up a serverless JavaScript project and implement security best practices
  • Common attacks against modern websites (including clickjacking)
JavaScript Security

Cybersecurity Foundations

Consultant, instructor and Infosec Skills author Keatron Evans' newest entry will prepare you for a career transition into cybersecurity, future boot camps or other intermediate training activities. Cybersecurity Foundations is paced deliberately so that industry newcomers can truly master the basics before moving on. Evans will teach you:

  • Functional definitions of cybersecurity, networks and operating systems
  • How to use cloud computing in a secure manner
  • New ways of digesting technical information and knowledge
  • And more
Cybersecurity Foundations


Contact Information

Jeff Peters