Cyber reskilling grads grow skills but may not be headed for cyber jobs

The first cohort of the Cyber Reskilling Academy designed to retrain current feds for cybersecurity positions graduated from their three-month training course on July 14.

Federal CIO Suzette Kent told reporters at an Aug. 21 press roundtable that she was "thrilled" with the results – both the quality of the class of 30, selected from an applicant pool of more than 1,500, and the high pass rate for the group.

The graduates tested and obtained two Global Information Assurance Certification (GIAC) credentials: GIAC Security Essentials and GIAC Certified Incident Handler.

The certifications required intense study to obtain, two graduates who spoke to reporters at the Office of Management and Budget event said, and were eye-opening in terms of the risks technology users take every day on their personal devices and on their work computers. The students learned some networking basics, some coding and participated in cyber defense exercises. But it's not clear whether this training will generate a cadre of new cybersecurity specialists.

Mary Gabriel, an acquisition specialist at a Department of Homeland Security component, said that an entry-level cybersecurity job would be a step down in terms of pay and seniority.

"At my current grade level, I don't think I could get a cyber-defense analyst role," she said. "If there is I haven't found it." Gabriel said she was interested in growing her cybersecurity knowledge as part of her career path and is thinking about obtaining more-advanced certifications.

Kent noted that job placement was an area that generated feedback points. The first cohort consisted of feds in the GS-12 to GS-15 level.

"Usually cyber-defense analyst is a lower grade in many cases," Kent said. She added that she's working to address this on multiple fronts, including trying to account for the subject matter depth that the newly minted cyber reskilling grads bring to the table from their current assignments.

"Our overall intent…was to find ways that we can reskill the current federal workforce in the direction of the things that are priorities," Kent said. "We started this class focused on certifications that align with cyber defense analyst because that's where we have a lot of gaps, but also [because] this is an area where this type of front-end screening and an intense course has been successful and the content is directly and broadly applicable."

Shannon Riley, who works in the privacy office at the Department of Education, is ready to apply her new skills to her current job. She told reporters she was interested in expanding her knowledge of cybersecurity because her group works closely with cyber incident response teams whenever there is a report of a data breach at her agency.

"When the security operations center has an incident or an event that has occurred, I now have that background of understanding of what they can look at and what they may be capable of doing to investigate more. And I can use that on a weekly basis," Riley said. "I'm hoping I can use more of my skills I learned in my second certification to help expand our incident response capabilities from a privacy perspective but also to aid the cybersecurity perspective as well."

Kent wants the program to steam ahead, whether graduates are enhancing their own job performance or looking to fill a needed gap in the federal cybersecurity workforce. A second cohort, consisting of applicants drawn from IT professions, started July 8 and is expected to finish on Sept. 20.

"We want to industrialize this process whether it is directly at agencies or through other central mechanism," Kent said. The budget for the Cyber Reskilling Academy exceeds what's normally available for on-the-job training, she noted, and future funding is something officials are wrestling with. "How we maintain it and how we make this type of opportunity available is a real thing that we have to figure out because some of the agencies, their ongoing training budgets are very small."