How training fits into cyber workforce development

Training is a key part of maintaining a federal cybersecurity workforce in a tight market, said experts during a Billington Cybersecurity Summit panel discussion on Friday.

It's one of the four "pillars" to maintaining a cyber workforce pipeline, along with recruiting, hiring and retaining talent, said Jason Gray, the Department of Education's CIO and co-chair of the CIO Council's Workforce Committee.

Gray says that he's more than doubled his training budget at the Department of Education over the last five years.

"The important thing to me…is demonstrating to the federal workforce that we want to invest in them because we want to make sure that we're enabling them to sharpen their skills and their skill sets for a competitive advantage, for making themselves marketable in line with the needs of the government," Gray said.

He pointed to the CIO Council's Cyber Reskilling Academy and its more recent data reskilling work as examples.

It's critical that all feds, not just those in cyber-specific roles, are trained on cybersecurity practices, said Bruce Brody, Senior CISO Advisor at Cisco Systems.

The devices federal employees use are endpoints that could be compromised, so "hardening the workforce is a really important security control," he said. "Every human being is a threat vector, so the more you can add cybersecurity knowledge, awareness, capabilities to the entire workforce, the better off you'll be."

In terms of recruitment, Gray said government needs "focused recruitment efforts, whether it's targeted job fairs, whether it's hiring events, perhaps in schools or within the community, hackathons, as well as offering additional flexibilities, to attract talent."

The process of getting a cyber-workforce in place can be tricky, given chronic challenges in the government hiring and compensation practices.

Gray applauded recent work by the Office of Personnel Management on special flexibilities and hiring authorities. In 2019, the office debuted a rule easing the hiring process for IT and cyber positions. More recently, OPM published a rule change that eases the process of rehiring former federal employees at higher paygrades.