• Federal agencies, especially those with a more clearly evident information/computer security (cybersecurity) mission should identify and prioritize those areas that are of the greatest criticality, relative to cybersecurity talent – and substantive and affirmative investments should occur in those areas, even if detrimental to other lower priority areas.
• More aggressively leverage non-traditional channels for cybersecurity candidates (military, technical schools, associate degree programs, high school, etc.), where candidates can still be shown to meet job relevant requirements, as non-traditional education sources continue to rise in prominence/predominance now, and in the future.
Actively and selectively manage the availability of training opportunities which correlate to new and/or increased levels of required skills in cybersecurity, even if detrimental to other lower priority areas.
Information/computer security (cybersecurity) services for which the United States Government (USG) contracts out for services, and which represent an enduring, long-term function, should be assessed for whether greater cost-effectiveness and capability would be better realized if the USG were to assume the performance of that function.
Organizations can use assessments measuring the knowledge, skills, abilities, and personal characteristics required for successful performance in cybersecurity jobs, to ensure they hire qualified job candidates; make job placement decisions based on a candidate’s interest in the job and their ability to perform on the job, and/or provide trainings that address a candidate’s specific developmental needs
Breach discovery/open vulnerability information should be shared through closed, but accessible data sharing systems open to both private industry and government. While it may be inadvisable to share open vulnerability information in a public forum, it is critical to share this information among industry and government cyber security professionals through a closed but easily accessibly forums.
The Cybersecurity landscape involves multiple iterations of systems based on the AES256 Standard. This standard is easily breached making stopping intruders at the gate an impossible proposition. the Government and Private Industry needs to put more muscle behind the research, funding, test and deployment of a true "One Time Pad" standard for protecting filaes at rest and in transmission.
Currently agencies self assess their cybersecurity posture. OMB should create a assessment standard and have an independent assessment board of government and industry SME's assess each agency, via a framework such as the one used for FEDRAMP.