The Department of Defense (DoD) plans to release a cyber workforce strategy and implementation plan in the near future that will outline several initiatives for recruitment and retention of high-skilled cyber talent, said a Pentagon official during a Billington Cybersecurity virtual roundtable on Feb. 9.
Mark Gorak, principal director for Resources and Analysis in the Chief Information Officer’s office at the DoD, said the department has been working on this strategy for almost a year and that it “should be finalized any day now.”
“The strategy will include four pillars to guide DoD’s cyber-related staffing efforts, including identification, recruitment, development, and retention. The accompanying implementation plan, which is even more important, will help put into place the strategy’s broader pillars by outlining specific initiatives to meet current challenges in those areas,” Gorak said.
The public and private sectors are experiencing two workforce challenges – a shortage of highly skilled cyber professionals, and a failure to train up more of them.
This issue continues to be an ongoing problem for the Pentagon, and Gorak explained that the forthcoming strategy and implementation plan addresses the total cyber workforce – including civilian, military, and contractors.
“This ‘total cyber workforce’ approach relies heavily on leveraging data,” Gorak said. “With predictive analytics, we can more effectively identify which type of cyber professionals or cyber workforce roles are lacking within the DoD and then work to incentivize hiring for those positions to meet high-risk needs.”
In addition, the Pentagon is working to change its requirements for cyber professionals – in particular for onboarding new talent and ensuring current DoD employees remain knowledgeable about evolving digital threats and vulnerabilities.
“These new requirements will include a greater emphasis on performance assessments and hiring assessments, and less priority on degree requirements and certifications, to guide the DoD’s employment decisions as we move forward,” Gorak said.
This approach – and the adoption of mentorship and apprenticeship programs to bolster digital skills and offering additional incentives – will help the “Pentagon’s cyber workforce better adapt to changing threats and vulnerabilities,” he added.
“Right now, part of the problem we have is our workforce, on the military side, is really good with training,” Gorak said. “On the civilian side, once hired, there’s not much incentive to continue your training besides personal incentives. So, I want to incentivize that and change it over time.”
As for retaining cyber talent on the military side, Gorak said it’s unavoidable that DoD “could lose some of its more trained military cyber professionals to the private sector after investing significant time and money in their education.”
“From a DOD perspective, that could be a bad thing, but I think for national cybersecurity, that’s a good thing,” Gorak added. “We’re producing a lot of talent for the Federal government and the nation as a whole.”
He said that reality is both “a win and a loss because that lost talent can help foster stronger partnerships between the private sector and the DoD. We have to build and retain those partnerships.”