Widgetized Section

Go to Admin » Appearance » Widgets » and move Gabfire Widget: Social into that MastheadOverlay zone

Is Your Cyber Workforce Fully Enabled in the Digital Ecosystem?

The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.

By Robert Alan Young
January 17, 2024

The Administration’s 2023 National Cyber Workforce and Education Strategy reminded the country that cyberspace has three components: technology, process and people. It is without question that people are the hub applying those processes to enable benefit from the technology. We know digital transformation is more about people than technology. This makes the case that developing a cyber workforce to bolster data interoperability, analysis and defensive capabilities remains a critical requirement for all levels of government, as well as the non-profit and private sectors.

Achieving even a foundational level of capability requires digital and computation literacy, cybersecurity and resilience. Interdisciplinary approaches based on evidence-based practices can offer an effective path forward. The following practices are in place at various agencies and have proven useful in the development and management of the cyber workforce:

  1. Addressing the gaps after a skills assessment can offer the opportunity to prioritize risk-based investments. This can involve surveys, interviews and skill evaluations to understand the existing capabilities and areas needing improvement. The more structured the organization’s cyber work role schema, the easier it becomes to standardize qualification criteria. This enables accountability, oversight and reporting for each role. The Department of Defense (DoD) Cyber Workforce Framework (DCWF) and the National Initiative for Cybersecurity Education (NICE) Workforce Framework from the National Institute for Science & Technology are ideal examples.
  2. Training and education programs should be designed to improve employees’ cyber skills with validation. Such programs should include purposely selected workshops, seminars, online courses and rigorous industry certifications tailored to specific cyber roles throughout the organization. Evidence-based training methods have been proven effective in measurably improving knowledge retention and skill development. Cyber-focused academic scholarships and employee exchanges, such as the DoD’s Cyber Scholarship Program and the Cyber and Information Technology Exchange Program (in partnership with private sector organizations), are managed by the DoD CIO’s Workforce Innovation Directorate.
  3. Encourage (and entice) employees to participate in action-based learning opportunities to apply their cyber skills in controlled and real-world scenarios. Additionally, partnering junior employees with more experienced mentors will provide an exchange of knowledge and facilitate skill development through crafted experience building. Participation in pilot studies and innovation projects can add to joint learning.
  4. The development and use of cross-training initiatives can broaden and deepen employees’ skill sets and increase their versatility in managing different cyber-related roles. Skill rotation programs can also be beneficial, allowing employees to gain exposure to various aspects of cyberspace and preventing skill stagnation. Considerations for these initiatives should extend to multisector partners and agency stakeholders.
  5. A most beneficial effort is team-based simulation exercises and cyber drills. Many workforce development opportunities target the individual level rather than the team level. This is important because the response to real scenarios rarely depends on a sole individual but is more of a collective response. Conduct regular simulation exercises and cyber drills to simulate disruptive scenarios and test cyber employees’ readiness to respond effectively. These exercises can help reinforce training, identify areas for improvement and enhance the agency’s ability to detect, respond to, and mitigate cyber risks.
  6. Facilitate a culture where the learning is on a continuum. When an organization learns, the exponential value is more significant than the sum of its parts. Diminished formal learning results in the misalignment of organizational systems and perpetuates a mindset with corresponding behaviors reflecting an attitude of we don’t know what we don’t know, and it’s okay because we already know best. Such is the case when leaders rely upon their non-expert intuitions rather than seek to supplement their perspectives with data, information or other perspectives when challenged by new obstacles. Such a state is mitigated with practices in evidence-based management. Employees are encouraged and supported by fostering a culture of constant learning to pursue the ongoing development of their cyber skills. Access to resources such as learning platforms, professional development opportunities and incentives for completing certifications or training programs offer benefits.

Sustaining performance improvement while incorporating new learning into organizational systems is important. Whether using the change acceleration process (CAP) or applied interventional research models, performance progress must be monitored to sustain the levels of knowledge and skill being applied. The risk of illusory superiority occurs when an individual overestimates their own abilities. The risk evolves when the organization believes that ability exists and fills a gap. Systematic evaluation will provide evidence of the actual state of capability.

  1. The lines of effort should encompass feedback and employee performance assessment. When constructively applied, employees benefit from feedback and performance evaluations; the cyber workforce is no different. Regular feedback sessions can emphasize strengths and areas needing improvement, establish goals for skill enhancement and track progress over time. Furthermore, qualification evaluation needs to be uniform, structured, and documented. For example, DoD Manual 8140 Cyberspace Workforce Qualifications and Management Program (2023) mandates such evaluation standards.
  2. Sharing with employees the latest developments and industry trends builds understanding. The latest trends, technologies, and best practices in cyber can happen through participation in industry conferences, forums and communities of practice. The sharing of new learning and awareness with the team should be required. Accessing relevant publications, research papers and online resources can support continuous learning and skill improvement when leadership makes clear the significance of putting new learning to work. Community Listserves and communities of practice can be considered expert practitioners helping practitioners.

By implementing these evidence-based practices, agencies can more effectively develop and maintain a skilled cyber workforce capable of addressing evolving threats and challenges in the digital landscape. With hundreds of thousands working in cyber roles, millions of cyber positions remain vacant worldwide. The criticality of developing and retaining an enabled cyber workforce will become even more significant tomorrow.

Postscript:

For further reading on this topic, I recommend:

  1. National Cyber Workforce and Education Strategy: Unleashing America’s Cyber Talent (July 2023). https://www.whitehouse.gov/wp-content/uploads/2023/07/NCWES-2023.07.31.pdf
  2. The Department of Defense Manual 8140.03 Cyber Workforce Qualifications and Management Program (February 2023). https://dodcio.defense.gov/Portals/0/Documents/Library/DoDM-8140-03.pdf
  3. NICE Framework Resource Center, National Institute for Science & Technology, Applied Cyber Security Division (2023). https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center
  4. National Initiative for Cybersecurity Careers and Studies (NICCS), Cybersecurity and Infrastructure Agency (2024). https://niccs.cisa.gov/workforce-development
  5. Author: Robert Alan Young retired from federal service as the chief strategist for the national and homeland security arm of the Federal Aviation Administration. In the doctoral Organizational Intelligence track, he teaches organizational systems at Trevecca Nazarene University (Nashville, TN). Dr. Young is a subject matter expert in the process analysis and development of the cyber workforce. He can be reached at [email protected]. The views expressed are those of the author alone. 

Author: Robert Alan Young retired from federal service as the chief strategist for the national and homeland security arm of the Federal Aviation Administration. In the doctoral Organizational Intelligence track, he teaches organizational systems at Trevecca Nazarene University (Nashville, TN). Dr. Young is a subject matter expert in the process analysis and development of the cyber workforce. He can be reached at [email protected]. The views expressed are those of the author alone. 

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Leave a Reply

Your email address will not be published. Required fields are marked *