Reports and articles keep surfacing on the issue of lacking cybersecurity talent in the federal government. Since 2010, little improvement has been seen regarding increased knowledge, skills, and abilities among the federal cybersecurity workforce. (Williams, 2015b).This can be attributed large to leadership failures across the agencies. Cybersecurity experts in the trenches, industrial organizational psychologists, and workforce development professionals have developed a comprehensive national cybersecurity workforce framework, created training programs/plans, policies to enable creative tools to hire the right talent, worked with certification and training vendors to create skills-based training and performance-based assessment programs, developed workforce development, recruiting, and retention strategies and even create a tool to improve cybersecurity relate job description development; all of which have gone largely ignore by civilian agency leadership, because of an unwillingness to invest in cybersecurity professional development and instead focusing primarily on expensive, ineffective technical solutions to protect the federal government against attack (Williams, 2015a).
The solutions are not complicated. First, get the leadership out of the room and have a discussion with the cybersecurity practitioners and cybersecurity workforce development professionals. Next, stop purchasing new silver bullet cybersecurity tools, and DEVELOP a CYBER RANGE to provide and environment where mission qualification and continuation training, functional assessments and exercise events can occur. Third and most importantly, transition from knowledge-based training and assessment to skills-based training and performance-based assessment to certify federal employees and contractors who spend at least 20% their time performing technical functional roles (as described in the NICE National Cybersecurity Workforce Framework) in their job duties (Williams, 2015b).
Williams, K. B. (2015a). Money, bureaucracy and weed: Why the feds are failing at cyber. The Hill. Retrieved from http://thehill.com/policy/cybersecurity/251707-money-bureaucracy-and-weed-why-the-feds-are-failing-at-cyber
Williams, R. B. (2015b). Applying Instance-Based Learning Theory to Skills-Based Cybersecurity Training to Enhance Entry-Level Cybersecurity Professionals’ Incident Response Skills (Unpublished Doctoral Dissertation). NorthCentral University, Prescott, AZ.