6. Solving the Talent Search

Prioritize and Differentially Invest in Cybersecurity Talent

Community Member kudos icon + Community member

• Federal agencies, especially those with a more clearly evident information/computer security (cybersecurity) mission should identify and prioritize those areas that are of the greatest criticality, relative to cybersecurity talent – and substantive and affirmative investments should occur in those areas, even if detrimental to other lower priority areas.

Voting

1 vote
Public Input

6. Solving the Talent Search

Leverage Non-Traditional Talent Channels for Cyber Hiring

Community Member kudos icon + Community member

• More aggressively leverage non-traditional channels for cybersecurity candidates (military, technical schools, associate degree programs, high school, etc.), where candidates can still be shown to meet job relevant requirements, as non-traditional education sources continue to rise in prominence/predominance now, and in the future.

Voting

1 vote
Public Input

6. Solving the Talent Search

Review and Assess Cybersecurity Areas Performed by Contractors

Community Member kudos icon + Community member

Information/computer security (cybersecurity) services for which the United States Government (USG) contracts out for services, and which represent an enduring, long-term function, should be assessed for whether greater cost-effectiveness and capability would be better realized if the USG were to assume the performance of that function.

Voting

2 votes
Public Input

6. Solving the Talent Search

Increased Use of Measurement/Assessment In Talent Selection

Community Member kudos icon + Community member

Organizations can use assessments measuring the knowledge, skills, abilities, and personal characteristics required for successful performance in cybersecurity jobs, to ensure they hire qualified job candidates; make job placement decisions based on a candidate’s interest in the job and their ability to perform on the job, and/or provide trainings that address a candidate’s specific developmental needs

Voting

2 votes
Public Input

6. Solving the Talent Search

Improve the Taxonomy and Structure of How Cyber Work is Managed

Community Member kudos icon + Community member
Getting the highest return on investments in superior talent will require investing in creating and sustaining superior working conditions to ensure the best use of that talent. Accordingly, the creation of the work environment that allow government to optimally organize and manage the cybersecurity work and the talent that will perform that work, requires that government develop a taxonomy of cybersecurity functions... more »

Voting

3 votes
Public Input

6. Solving the Talent Search

Enhance the Cyber Talent Pipeline Through Early Outreach

Community Member kudos icon + Community member
Additional assistance can be provided through outreach initiatives that generate interest in this career field far before individuals are ready to seek employment. Providing training and certification in cyber tools and sponsoring cyber competitions, in addition to cyber ‘camps’ for students at the middle and high school level, are great ways to engage youth in this discipline and can connect the dots between success... more »

Voting

4 votes
Public Input

3. Breach-to-Response Acceleration

Need for less cumbersome breach discovery information sharing.

Community Member kudos icon + Community member

Breach discovery/open vulnerability information should be shared through closed, but accessible data sharing systems open to both private industry and government. While it may be inadvisable to share open vulnerability information in a public forum, it is critical to share this information among industry and government cyber security professionals through a closed but easily accessibly forums.

Voting

1 vote
Public Input

1. Addressing Cyber Fundamentals

Need for New Standard other than AES-256

Community Member kudos icon + Community member

The Cybersecurity landscape involves multiple iterations of systems based on the AES256 Standard. This standard is easily breached making stopping intruders at the gate an impossible proposition. the Government and Private Industry needs to put more muscle behind the research, funding, test and deployment of a true "One Time Pad" standard for protecting filaes at rest and in transmission.

Voting

3 votes
Public Input

4.Adopting a Threat-Aware Proactive Defense

Threat Awareness is Not Enough for Breach Mitigation

Community Member kudos icon + Community member
While the sharing of information is important, Funding for research into methods for immediate breach awareness the minute they occur is a critical component for detection and mitigation. There is technology available that can spot and identify attempts at intrusion at the source. As we know, i.e. OPM and others had been breached long before there was a discovery of intrusion. Much remains to be accomplished toward... more »

Voting

3 votes
Public Input

4.Adopting a Threat-Aware Proactive Defense

Addressing Insider Threat

Community Member kudos icon + Community member
Insider threat represents one of the most vexing problem facing the USG. Executive Order 13587 seeks significant enhancements to address this threat to organizations critical assets-including employees, contractors and business partners. Theft of IP or classified information or PII via stolen credentials is a mounting challenge given the internal networks are often lacking effective security measures. Deployment of a... more »

Voting

2 votes
Public Input

4.Adopting a Threat-Aware Proactive Defense

Preventing and Detecting API Threats

Community Member kudos icon + Community member
APIs are windows into the Enterprise and need to be secured at every points of engagement between end user (consumer) and Enterprise crown jewels. In the API world, humans and machines seamlessly interact with each other and blend the trust boundaries between customers, partners and service providers. It is becoming increasingly hard to differentiate good human, authorized machine (apps) and cybercriminals who may exploit... more »

Voting

2 votes
Public Input

7. Executive Leadership-led Risk Management

Independent Organizational Assessment

Community Member kudos icon + Community member
Organizations in government tend to be overly optimistic about their capabilities and performance, reference OPM's epic failure. Cyber security is too important to be left to self-assessments. An organization should be externally assessed and rated by unbiased and competent evaluators. Risk is only one aspect of management performance. Governance, culture and technical competence are but three key facets that determine... more »

Voting

3 votes
Public Input

4.Adopting a Threat-Aware Proactive Defense

A Proposed Strategy for the Cyber Defense of U.S. Critical Infra

Community Member kudos icon + Community member
Today, America is in constant contact with the enemy - and the form of conflict has changed. The expansion of the Internet globally is being accompanied by an explosion of cyber threats. Nation-state adversaries, terrorists, and criminals exploit our weakly secured technology. The United States is principally reliant on its technology for a competitive advantage across the globe. Now, thanks to the Internet and cyberspace,... more »

Voting

3 votes
Public Input