CIO John Sherman has outlined a new cybersecurity workforce strategy coming soon to solve his tech talent problem.
John Sherman, CIO of the Department of Defense, at the Billington Cybersecurity Summit in Washington, DC on September 8, 2022. Photo credit: Billington
As the demand for cybersecurity professionals continues to outstrip the supply, federal agencies are introducing new programs to help close this workforce gap.
At the Department of Defense, this will involve a new strategy that CIO John Sherman presented at the Billington Cybersecurity Summit in Washington, DC on Thursday.
“We have a cybersecurity workforce strategy that will likely come out in the next 60 days,” Sherman said. “We need a dedicated workforce strategy…that doesn’t just focus on cyber, but also broader STEM efforts and what we’re doing in the age of the enterprise. So we have a specific strategy on that as we seek to diversify the workforce…it really is our generation’s space race.
As DOD continues to accelerate its workforce development, DOD Senior Director of Resources and Analysis Mark Gorak said the agency is focusing on two key elements: attraction and training. In addition to inspiring the younger generation to join the federal workforce, Gorak said there needs to be ongoing training to prepare cybersecurity experts for the changing threat landscape.
The DOD will target education programs for colleges and below to increase awareness of cybersecurity job opportunities. The agency is also looking to develop entry-level positions, multi-level positions, and internships.
“The desire is there. We need to come together as a community so that we can inspire these children to want to serve in this kind of capacity,” Gorak said.
The DOD also established the Cyber Workforce Framework, which is a standardized workforce framework that DOD Cybersecurity uses to categorize the full range of cyber workforce roles. Gorak noted that the DOD will expand the program across the agency and use the framework to guide compensation and retention efforts.
Government cybersecurity consultancy agency CISA is also working on efforts to introduce the field of cybersecurity early on among the nation’s youth. This includes partnering with organizations such as cyber.org to create free K-12 programs for schools, said CISA Chief of Staff Kiersten Todt. CISA emphasizes accessibility and diversity in its outreach strategy.
“We haven’t really created the diversity of thought, skills, abilities and expertise that we need in this space. This space is all about innovation, and innovation is about thinking about problems differently,” Todt said.
CISA has faced resource challenges as it continues to expand its workforce programs and incentives, which has made it difficult for the agency to remain competitive with industry. CISA focuses on building an integrated agency and investing in culture change to create an “organization that retains people because they are invested in the mission.”
“What we have in the federal government is the mission. … What we really don’t have are the resources,” Todt said. “It’s this continuum in this ecosystem, which all needs the support and really the cutting edge capability of innovative thinking in order to execute to grow this workforce more effectively.”