Can federal programs address cyber training?

computer and books

The government is trying to increase the pool of talented cybersecurity professionals with programs aimed at education and training. (Stock image)

The constantly evolving landscape of cybersecurity makes it difficult to stay ahead of the recruiting curve for skilled cyber professionals, but the dearth of such experts in the federal government has roots in the earliest levels of education. Now a handful of federal programs are tackling the issue, from elementary-school education to advanced professional training, with the hope of eventually alleviating a top worry of security executives across the government.

Despite significant growth in the cybersecurity workforce in recent years, managers are still feeling the personnel pinch, a new study from Frost and Sullivan and (ISC)2 indicates. According to the report, more than half – 56 percent – of information security professionals who responded believe there is a workforce shortage. It is creating a burden for existing personnel that stems from a narrow career pipeline, the report noted.

"You can spend a billion dollars on security hardware and software, but the problem is human," Montana Williams, director of the National Cybersecurity Education and Workforce Development Office, said at an (ISC)2 event on May 7. "So where does education and training come into that? How do we set a national standard that gives people a pathway of success, taking them from hiring to retiring?"

Williams said one issue is demographics, noting that 79 percent of federal IT workers are over the age of 40, while only 5 percent are under the age of 30.

To confront the issue, his office is focused on increasing awareness, broadening the pipeline and growing the profession, Williams said. Among the initiatives is a National Initiative for Cybersecurity Careers and Studies portal, launched in February, that Williams hopes "will become one-stop shop for the nation when it comes to cybersecurity careers and opportunities." Other plans involve academic centers of excellence updated for modern standards and requirements, and collaboration with educators to incorporate cybersecurity into early learning.

"It's hard for the federal government, even Department of Education, to dictate formal education all the way down to elementary level," said Williams, who stressed the need for engagement in STEM education at local and state levels. "We're teaching teachers to integrate cybersecurity into math, into history, into government, into biology – where is the nexus of cybersecurity in those basic disciplines?"

The efforts also include higher levels of education, including in college, but federal officials and others involved also are ramping up workforce-targeted plans.

The National Institute for Standards and Technology is making measurable progress with its national cybersecurity workforce framework, which has created a reference point for federal agencies working to identify gaps in skills in their workforce and to hire accordingly.

"It uses language that's general enough that government, private sector, military or academic can relate to it...we're seeing a lot of synergy," said Dr. Ernest McDuffie, lead for the National Initiative for Cybersecurity Education at NIST. "For the first time this allows federal managers to go in and look at job codes for IT specialists in the federal government...and identify exactly what those people are doing so then they can help establish a baseline to do some real gap analysis."

The framework, along with a new cybersecurity maturity model and diagnostic tools for determining staffing and security requirements – including risk assessments that Williams said agencies sorely need – are key for the emerging emphasis on workforce planning.

"We tend to peanut butter-spread our personnel and our resources across the entire organization, and that mindset needs to change...and focus on what most needs to be protected and what doesn't," Williams said. "That's what cybersecurity workforce planning does, that's what the maturity model is and that's what the diagnostic tool does – it puts that in human terms. How do you put those key human resources in the right spots, and what does that look like?"

According to the (ISC)2 report, more than half of those surveyed believe the most important resources center on people, including management support, qualified staff, policy adherence and staff training. That pattern likely will be reflected in the coming year as more than a third of C-level executives plan to increase spending on personnel and education and training, the report noted.

"Changes in IT and evolving IT norms on how, when and where business operations occur – such as BYOD, cloud computing and social media – remind us that information security professionals must be highly order to manage a dynamic range of risks," the report noted. "Consequently, information security professionals have no downtime; there are always new risk management challenges to address."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.


  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Wed, May 8, 2013

Real training based on actual job duties, please. Not the one-size-fits-all diploma mill certification racket, done via boot camps that teach to test and have a very steep knowledge decay curve.

Wed, May 8, 2013

Retirement.... Here I come!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above