Can federal programs address cyber training?

The government is beginning to tackle the need for cybersecurity professionals through training and education efforts aimed at all levels.

computer and books

The government is trying to increase the pool of talented cybersecurity professionals with programs aimed at education and training. (Stock image)

The constantly evolving landscape of cybersecurity makes it difficult to stay ahead of the recruiting curve for skilled cyber professionals, but the dearth of such experts in the federal government has roots in the earliest levels of education. Now a handful of federal programs are tackling the issue, from elementary-school education to advanced professional training, with the hope of eventually alleviating a top worry of security executives across the government.

Despite significant growth in the cybersecurity workforce in recent years, managers are still feeling the personnel pinch, a new study from Frost and Sullivan and (ISC)2 indicates. According to the report, more than half – 56 percent – of information security professionals who responded believe there is a workforce shortage. It is creating a burden for existing personnel that stems from a narrow career pipeline, the report noted.

"You can spend a billion dollars on security hardware and software, but the problem is human," Montana Williams, director of the National Cybersecurity Education and Workforce Development Office, said at an (ISC)2 event on May 7. "So where does education and training come into that? How do we set a national standard that gives people a pathway of success, taking them from hiring to retiring?"

Williams said one issue is demographics, noting that 79 percent of federal IT workers are over the age of 40, while only 5 percent are under the age of 30.

To confront the issue, his office is focused on increasing awareness, broadening the pipeline and growing the profession, Williams said. Among the initiatives is a National Initiative for Cybersecurity Careers and Studies portal, launched in February, that Williams hopes "will become one-stop shop for the nation when it comes to cybersecurity careers and opportunities." Other plans involve academic centers of excellence updated for modern standards and requirements, and collaboration with educators to incorporate cybersecurity into early learning.

"It's hard for the federal government, even Department of Education, to dictate formal education all the way down to elementary level," said Williams, who stressed the need for engagement in STEM education at local and state levels. "We're teaching teachers to integrate cybersecurity into math, into history, into government, into biology – where is the nexus of cybersecurity in those basic disciplines?"

The efforts also include higher levels of education, including in college, but federal officials and others involved also are ramping up workforce-targeted plans.

The National Institute for Standards and Technology is making measurable progress with its national cybersecurity workforce framework, which has created a reference point for federal agencies working to identify gaps in skills in their workforce and to hire accordingly.

"It uses language that's general enough that government, private sector, military or academic can relate to it...we're seeing a lot of synergy," said Dr. Ernest McDuffie, lead for the National Initiative for Cybersecurity Education at NIST. "For the first time this allows federal managers to go in and look at job codes for IT specialists in the federal government...and identify exactly what those people are doing so then they can help establish a baseline to do some real gap analysis."

The framework, along with a new cybersecurity maturity model and diagnostic tools for determining staffing and security requirements – including risk assessments that Williams said agencies sorely need – are key for the emerging emphasis on workforce planning.

"We tend to peanut butter-spread our personnel and our resources across the entire organization, and that mindset needs to change...and focus on what most needs to be protected and what doesn't," Williams said. "That's what cybersecurity workforce planning does, that's what the maturity model is and that's what the diagnostic tool does – it puts that in human terms. How do you put those key human resources in the right spots, and what does that look like?"

According to the (ISC)2 report, more than half of those surveyed believe the most important resources center on people, including management support, qualified staff, policy adherence and staff training. That pattern likely will be reflected in the coming year as more than a third of C-level executives plan to increase spending on personnel and education and training, the report noted.

"Changes in IT and evolving IT norms on how, when and where business operations occur – such as BYOD, cloud computing and social media – remind us that information security professionals must be highly adaptable...in order to manage a dynamic range of risks," the report noted. "Consequently, information security professionals have no downtime; there are always new risk management challenges to address."

NEXT STORY: Richard Spires resigns

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.