To navigate today’s cybersecurity environment, federal agencies must build a pipeline of security talent. But that’s a challenge: Depending on an organization’s mission, it can take up to three years to train someone for a government security role, and during that time, they also need other on-the-job training.
“Beyond threats from other nations, I think the biggest issue for federal agencies is the skills pipeline,” said Pluralsight’s Aaron Rosenmund, Senior Director of Content Strategy and Curriculum and who also serves as CyberShield’s National Red Team Lead. There are several ways to address the cybersecurity talent shortage, he said.
Require Relevant Hands-On Experience
Organizations need mission-related security training that addresses current threats and vulnerabilities — including hands-on learning tailored to specific jobs. “There’s been really good progress, especially with some of the new work roles and IDs in the Department of Defense Cyber Workforce Framework,” explained Rosenmund. “Part of that is you need to be hands-on and have someone check off that you’ve done that hands-on capability before you’re qualified in your work role.”
“One of the big things we need to do,” he added, “is enable DoD to very quickly prove and check off [areas] of knowledge that people already have and offer practice in [areas] that people don’t, so they can get qualified … to go beyond mission.”
Incorporate Civilian Experience
Although DoD and federal agencies require unique security training, they share certain tools and threats with the civilian sector. Exchanging such knowledge is key to strengthening cyber defenses.
The National Guard offers an example, Rosenmund said, because “essentially half of [its] job is to provide as much support for the DoD as [it] possibly can.” Though there’s some concern regarding the training’s impact on people’s private lives, the relationship benefits both civilians and DoD, he said. Individuals return to their civilian jobs and a rotational, knowledge-sharing process develops. “I think that’s our best way to keep the people and talent we need to … dominate in the information space,” said Rosenmund.
Conduct a Skills Inventory
Agencies must know what their team members can do, so Rosenmund recommended conducting a skills inventory or asking team members to complete skills assessments. Such benchmarking helps agencies distribute work quickly to the right people.
“We need to be nimbler,” he said. “For instance, if there’s something we [need to] execute on in two weeks, let’s … have a skills inventory within the DoD to identify people who are capable and qualified. And then let’s get spaces where they can do missions regionally available to them [and] go back home.”
How Pluralsight Helps
Pluralsight partners with federal agencies to develop security skills training that’s specific to their individual needs, Rosenmund explained. “What we can do, and already do, is structure [our content] around the DoD Cyber Workforce Framework, but then also heavily focus on exactly what those agency missions are,” he said. “And we provide a set of training that fully emulates the most advanced, persistent threats.”
This article appeared in our guide, “Government Gears Up for a Better Cyber Future.” To see more about how agencies are keeping on top of security basics, while staying agile enough to respond to emerging threats, download it here:
