By: Yaya Rey
CSIOS is a Maryland based veteran owned and small disadvantaged business provider of full spectrum cyberspace operations and cybersecurity services to U.S. Federal customers worldwide.The U.S. government consistently faces an ever-evolving array of cyber-based threats to its information systems and networks. Federal systems and networks are inherently at risk because of their complexity, technological diversity, and geographic dispersion. A key component of the government’s ability to mitigate and respond to cyber threats is having a qualified, well-trained cybersecurity workforce. However, shortages in qualified cybersecurity professionals have been identified which can hinder the government’s ability to ensure an effective workforce. In the following interview, Dr. Edmund Mitchell, Chief Business Development Officer of CSIOS Corporation, discusses some recommendations to address today’s cyber workforce challenges faced by federal agencies.NYB – What is the ‘one’ key component when establishing a cybersecurity workforce program for a federal agency?Dr. Mitchell – There are many components. If I had to pick one component to establish an enterprise level cybersecurity workforce program, it would be ensuring synergy between capability and capacity to support the federal agency’s cyber mission. Capability is the “what” and capacity is the “how much” of “what” is need to achieve a stated mission. Balance between capability and capacity is paramount to achieving full–spectrum readiness across people, operations, and technology. Achieving synergy in this area requires extensive strategic planning to ensure 100% alignment of the program with the agency’s organizational cyber mission and operational priorities.NYB – What principles would you recommend Federal agencies follow when defining their cybersecurity workforce program?Dr. Mitchell – A principle is an understanding about how to do things; a fundamental truth about the way things ought to be. In my opinion, key principles include (1) establishing a cohesive set of agency–wide cybersecurity workforce management issuances; (2) employing a multi–dimensional approach to recruiting; (3) institutionalizing continuous awareness, training, education, and learning; (4) retaining qualified personnel; and (5) expanding the organizational understanding of operational threat knowledge.NYB – Could you please elaborate?Dr. Mitchell – Absolutely. Principle #1. Establish a cohesive set of agency–wide cybersecurity workforce management issuances. The agency needs to adopt a single set of policies, plans, and directives. These issuances need to be reconciled with existing Executive, National, and Federal policies and directives (e.g., The National Initiative for Cybersecurity Education [NICE], Office of Management and Budget [OMB] Cybersecurity Strategy and Implementation Plan, Cybersecurity National Action Plan, Federal Cybersecurity Workforce Strategy, The Cybersecurity Enhancement Act of 2014, The Federal Cybersecurity Workforce Assessment Act of 2015) for building a qualified, adaptable, and compliant cyberspace workforce. Principle #2. Employ a multi–dimensional approach to recruiting. The agency needs to adopt innovative recruitment methods such as assessing aptitude and creating agency transition opportunities. The agency should also consider partnering with other more mature organizations such as DOD and DHS to better develop its cyberspace talent pipeline.Principle #3. Institutionalizing continuous learning with greater focus on evaluating the maturity of skills. The agency should combine diverse learning methods (skill–based, on–the–job, exercise–based, etc.) to maintain a qualified cyberspace workforce keeping pace with the evolution of activities and technologies within the domain. Principle #4. Retaining qualified personnel. The agency should consider developing and retaining cyberspace professionals by offering a wide range of career and training opportunities and compensation packages to transform agency into an employer of first choice. Retention is a key area that the agency monitors with the goal of constant and steady improvement. Principle #5. Expanding the organizational understanding of operational threat knowledge. The agency needs to ensure the cyberspace workforce has the understanding of current threats as they apply to the organization and the situational awareness needed to make responsible decisions when working in cyberspace.NYB – Now that we have discussed some principles, what best practices could you recommend Federal agencies to establish when defining their cybersecurity workforce program?Dr. Michell – A practice, of course, is what you actually do; each practice is as a result of a guiding principle. Practices are subjective and depend largely on context; CSIOS usually defines and tailors practices based on the agency’s organizational cyber mission and operational priorities. For instance if Principle #1 is establishing a cohesive set of agency–wide cybersecurity workforce management issuances, applicable practices may include: (1) standardizing lexicon for cyberspace work roles, responsibilities, skills, and competencies for key positions; (2) establishing overarching cyberspace workforce management issuances (e.g., policy, strategy, plans); (3) establishing workforce management requirements for the type of skills and number of staff needed for an agency to achieve its mission and goals and tracking personnel and qualifications within the cyberspace workforce; and (4) establishing position description criteria for cyberspace positions and personnel; and include in the appropriate guidance, etc.NYB – What other methods would you recommend for retaining and developing highly skilled talent?Dr. Mitchell – An important element of workforce success is employee retention and development.The key here is deploying a robust employee retention and talent management strategyto retain employees with expert knowledge in critical and underpopulated cybersecurity skill areas. Federal agencies have the authority to offer a variety of incentives to attract and retain personnel with the critical skills needed to accomplish their missions. These incentives may include: (1) recruitment incentives, (2) relocation incentives, (3) retention incentives, (4) superior qualifications and special organizational qualification needs pay–setting incentives, (5) scholarships, (6) student employment programs, (7) student loan repayment programs, (8) tuition assistance, and (9) annual leave enhancements. (www.csioscorp.com).
