A cyber handbook for the c-suite exec and rank-and-file fed

data breach (LeoWolfert/ 

Two tech advisory bodies to the government have developed a new guidebook to train and educate federal cybersecurity professionals.

The CISO Handbook, released June 26, is an outgrowth of the recently released President's Management Agenda and its call for agencies to tackle their tech and cybersecurity workforce challenges.

Drafted by the CIO and Chief Information Security Officer Councils, it was designed to appeal both to the C-Suite executive as well as the rank-and-file fed, according to Trey Kennedy, an analyst at the General Services Administration and advisor to the CIO Council.

"The way we wrote the handbook and the way we structured it was really based around plain language….you don't need a deep technical background to understand elements of it," said Kennedy on a June 28 call with reporters.

The document lays out the role that both CISOs and CIOs play in executing out the federal government's cybersecurity mission, outlines best practices around agency risk management and offers guidance around cybersecurity workforce challenges and development, hiring authorities and how to build a team of cyber professionals.

Kennedy said that the councils determined at the outset of the project that with a range of laws and statutory guidance on federal cybersecurity roles already available, agencies would benefit more from an aggregation of best practices from existing resources, such as those offered through National Institute for Standards and Technology's Cybersecurity Framework, the Department of Homeland Security and various presidential executive orders.

"One of the things we consistently heard throughout the councils is that these resources are in various places and when you're onboarding a new employee, it would be really great if there was…a single document [to] say, 'Look, this may not be the totality of the universe, but it gets you that foundational knowledge,'" said Kennedy.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.