Using the CYBER-Champ Model to Determine Cyber Competencies and Role Alignment

Cybersecurity roles, tasks, and skills are seen by many organizations as nonessential, abstract, or complicated. Although standards are in place, such as the National Institute of Standards and Technology (NIST) 800-181 document titled “Workforce Framework for Cybersecurity (NICE Framework)” available since September 2012, companies are still showing security vulnerabilities in their cyber networks (Hatzes, 2020). Barriers towards creating a cyber-ready workforce are not always due to a lack of resources, but often caused by organizational structure. The need for cyber-cognizant job postings, improved communication between Operational Technology (OT) and Information Technology (IT) employees, increases in staffing and funding for cyber teams, and better communication of standards and training can all contribute to increasing an organization’s cyber resilience. Cybersecurity Competency Health and Maturity Progression model (CYBER-CHAMP) is a model aimed at evaluating an organization’s structure and individual employee’s cyber knowledge and helps develop a plan to reach competency. This model was used to engage with organizations to promote proper cyber protocols and policies. The aim of this paper is to answer if it is possible for an organization to build a cyber-ready workforce by providing education and training options for current employees and prepare the future workforce to be ready on day one of employment. Both open source and firsthand interviews with organizations were used to conduct the research contained in this document. Further research may include additional development to the CYBER-CHAMP model and its delivery platform.