FOUNDATION FOR DEFENSE OF DEMOCRACIES - RADM (Ret) Mark Montgomery CCTI Senior Director and Senior Fellow & Jiwon Ma Program Analyst - MAR 1, 2023
The Department of Defense (DOD) released an update last week to its plan to provide flexible role-specific training for its cyber workforce. This effort continues DOD’s successful approach to cyber workforce management, which can serve as a model for the non-DOD federal workforce.
The updated plan is a modularized training program for reskilling DOD’s cyber personnel and setting standards for its future cyber workforce. The department’s current cyber workforce comprises 225,000 civilians, military personnel, and contractors. The DOD program provides job-specific training for each person to meet knowledge requirements and basic cybersecurity concepts applicable to the DOD’s missions. In addition, the program’s metrics simplify the qualifications and skillsets for all DOD cyber-related positions. The program captures the DOD’s current workforce needs, and its comprehensive data will improve the understanding of new workforce initiatives.
The DOD’s program emphasizes the importance of two strategic approaches to strengthening the federal cyber workforce. First, the program invests in existing cyber personnel while raising the standards for the DOD’s future cyber workforce. Second, the program collects consistent data and metrics as part of workforce management efforts, which would provide high-level insight into the DOD’s cyber hiring landscape. The program’s data on demographic and retention trends can strengthen recruitment and development policies for the cyber workforce.
Furthermore, this data-driven approach will likely aid the DOD in identifying other innovative ideas for cyber strategies. For example, the Fiscal Year 2021 National Defense Authorization Act (NDAA) directed DOD to study the feasibility of a civilian cybersecurity reserve corps to assist in responding to significant cyber incidents.
DOD failed to report on the issue in 2022, but the same provision appears in the Fiscal Year 2023 NDAA. The DOD will be able to use the data from its new workforce qualification program to better assess the utility of the civilian cybersecurity reserve corps and how it would supplement the DOD’s existing workforce.
DOD’s updated cyber training program removes barriers to high-quality training, especially for those who did not follow traditional path to a career in cybersecurity. The program is flexible in allowing its personnel to fulfill job-specific requirements based on a broad range of qualifications, including equivalent experience, to demonstrate their knowledge. The program demonstrates DOD’s commitment to an iterative process to improve its cyber workforce. The department’s efforts to mobilize existing resources demonstrates lessons that could be learned by the Office of Personnel Management and the rest of the U.S. government.