The job market for cybersecurity-related jobs is growing and is expected to reach a peak in demand in the next few years. Statistics showed that the USA has an overall national workforce shortage. Additionally, there is a need for education methods in this field, in particular, to evolve and accommodate market demands.

In this path, the NICE Cybersecurity education framework has been introduced recently. In this book, our goal is to present a teaching material based on the NICE framework. The NICE framework focus was more jobs oriented than educational oriented. The NICE framework itself extended earlier OPM security framework (https://www.opm.gov/policy-data-oversight/assessment-and-selection/competencies/).  Both frameworks adopted KSA competencies (knowledge, skills, and abilities or experience) as an alternative to the classical course or program learning outcomes (CLOs and PLOs). One of the main differences between the two approaches is that KSA competencies explicitly distribute teaching, learning, and also assessment activities to three categories: KSAs. This is very necessary for practical-oriented majors such as cybersecurity where knowledge and lecturing based on slides will not be enough.

The NICE framework is evaluated from an education perspective. Issues and challenges related to using such a framework to guide future cybersecurity programs are discussed in detail. One of the most significant challenges observed is related to the lack of a unified method to estimate KSAs. Different KSAs vary widely in their level of detail. Additionally, the same KSA can interpret in different cybersecurity classes or programs differently. This means that estimating how much of course time such KSA should be allocated can widely vary from one school or program to another.