Government
,
Industry Specific
,
Professional Certifications & Continuous Training
Panel Calls for Modernization of Recruiting Processes for About 225,000 Cyber Jobs
The Pentagon’s years-long cyber workforce overhaul needs a Department of Defense-wide talent management system to ensure interoperability and consistency across the entire DoD enterprise, said the CIOs of four military services at a panel last week. The Pentagon’s CIO representative expressed commitment to the objective.
See Also: Skills Gap: A Major Cyber Risk Not to Be Ignored
This remarkable, unified call – the military services are legally responsible for recruitment, training and management of their service members and have in the past jealously guarded those prerogatives – brought a round of applause from an audience of military cyber operators and defense technology contractors at the Armed Forces Communications and Electronics Association Cyber Workforce Summit.
“I’d like to ask the question of why we don’t have an enterprise solution to manage this from stem to stern?” said Jeff Hurley, acting director for information, command, control, communications and computers for the U.S. Marine Corps.
The military has wrestled for years to find the best way to recruit and retain cyber specialists, who can often earn three or four times their government salary by moving to the private sector.
Hurley expressed frustration with the status quo of separate, manual systems in each service. “Right now what we have is an Air Force solution, which I’m sure is amazing. I’m sure the Army’s got folks out there doing it. I’ve got Marines out there spending cycles trying to figure out how we’re going to track and manage all this,” he said to applause.
Army CIO Leonel Garciga jumped in to back him up. He called on the department to “grow up and do this the right way.”
“Stop playing with building all these [different] systems. We can’t afford it, number one, and it’s a waste of time,” he said to another round of applause.
“We can play this game and build all these systems and do all this Gucci stuff, which won’t integrate, by the way, because we don’t actually end up ever integrating anything … or we could just do it the way that anybody in any company would do this.” In other words: Adopt an enterprise-wide solution.
Garciga noted that DoD had recently developed an enterprise-wide identity system and asked why data about an individual’s cyber qualifications couldn’t be included in that.
“Why are we even building a separate system?” he asked. “If you want to have an identity [system], have the identity and put the [cyber] roles in there and get it done,” he said.
Acting CIOs for the departments of the Navy and the Air Force backed these calls for the DoD to step in. Inter-service rivalry is often as fierce on the network as it is on the sports field, so the unanimity was notable.
And the recommendation was noted by Mark Gorak, principal director for resources and analysis at the office of the DoD CIO. Gorak moderated the panel and served as the face of the Pentagon at the summit.
“So, here’s what I heard on the record,” he responded, “All of the [military] departments are asking the Department of War to dictate to them an enterprise-wide … cyber talent management system that will actually be integrated across the whole department … and also the [combatant commands], to get all the talent to be consistent across the department.
“I will commit to do that,” he said.
But once the applause died down, there was caution from some in the audience about the prospects for such an outcome. “Everyone’s being nice up there,” said one defense official, who was not authorized to speak to the press. But the official stressed that the devil is in the details. “When you start negotiating, that’s when you find out” where their institution really stands.
Nonetheless, the strong words from the service CIOs reflect a degree of frustration with the slow-moving process of reform that gestated for years before finally achieving sign-off in 2023 and moving to implementation the following year.
Since then, the five military services and the many dozens of agencies and offices in the sprawling DoD have spent endless hours painstakingly categorizing every existing position in their cybersecurity and IT workforce, the ongoing information collection phase of the reform.
The responsibilities and duties of as many as 225,000 cyber jobs in DoD must be lined up with one or more of the 76 work roles coded in the magisterial DoD Cyber Workforce Management Directive 8140. Each position also matches with a set of knowledge, skills and abilities, or KSAs, that the role requires.
It’s an effort to standardize an understanding of the qualifications required for any given job to help ensure that precious cyber talent can move freely across the department and to rationalize recruitment and remuneration.
But one official from a defense agency told ISMG that the work, though important, was repetitive and could be laborious. The work role codes and associated KSAs had to be applied manually three different times: to the billets, the budget-funded slots provided to the agency; to the job descriptions the agency had developed to fill those billets; and finally to the individuals themselves, based on their training, qualifications and experience.
“Then we have to put it all in a spreadsheet and send it to the CIO’s office,” said the official, who was granted anonymity to speak without management clearance.
As difficult as the information collection phase is, noted Barry Tanner, acting CIO for the Department of the Navy, which encompasses both the Navy and the Marine Corps, the result was an essential picture of cyber force capabilities, which could be the basis for decisions about where to direct training and other resources.
“The coding effort has been hard, but it has generated quite a lot of value for us, because now we have a good site picture of the force,” he said, “Where everybody sits and what they’re supposed to be doing.”
“We’ve gotten a lot of value out of using that data and that effort,” Tanner added. “I can use that to determine where my gaps are, and how I need to change things like incentive structures. I want more of this, so I’m going to prioritize that. I can make decisions now based on that data.
“Now we’ve gotten that [data] foundation in place, we’re starting to look at how we upskill, how we fill those gaps in readiness,” he said.
The data was helping the move “from a compliance mindset to a readiness mindset,” he said.
“That’s a nice set of buzz words,” Tanner acknowledged. But he stated that in practice, readiness depends on measuring “delivery and outcome, as opposed to a checklist that somebody gave me.”
Keith Hardiman, acting CIO of the Department of the Air Force, which includes the Space Force, highlighted the need the move to skills-based hiring. He emphasized the value of hands-on skill and noted that certificates and other paper qualifications that may belong to candidates he dismissed as “paper tigers.”
“There’s a lot of educated fools out there,” he said. “And so we just can’t base it off of just saying you have a credential, you have a certification.” He said the Department of the Air Force is trying to rapidly test out and iterate assessment systems to measure hard cyber skills.
But Hardiman insisted soft skills are also important, especially for leadership roles.
“We’re looking at a balanced approach, where we’re of course taking in that assessment piece, we really want to understand … what people can actually do from an operational standpoint. … But we’re also looking at leadership, looking at character, looking at how people can work together with each other, and then how they respond to adversity,” Hardiman said.