Pentagon Develops Cyber Workforce Strategy to Address Shortages in Highly-Skilled Cybersecurity Professionals

The Department of Defense (DoD) is developing a cyber workforce strategy and implementation plan to address the shortages of highly-skilled cybersecurity professionals, said Mark Gorak, principal director for Resources and Analysis in the Chief Information Officer’s office at the DoD, during a Billington Cybersecurity virtual roundtable on Feb. 9. The plan will include initiatives for recruitment and retention of these professionals and will be released in the near future.^[0]

The Navy is currently leading the way among the services in terms of cyber readiness, and has recently released a Cyber Ready plan based on the 2020 information-superiority strategy.^[1] This includes a zero-trust security framework, cloud platforms and services, data ready-to-use for analytics and decision support, daily cybersecurity monitoring, and consolidating redundant IT systems and applications.^[2]

The Pentagon’s strategy and implementation plan will include four main pillars to guide DOD’s cyber-related staffing efforts: identification, recruitment, development, and retention.^[3] It will also rely on predictive analytics to more effectively identify which type of cyber professionals or cyber workforce roles are lacking within the DoD, and then work to incentivize hiring for those positions to meet high-risk needs.^[0]

For current DOD cyber professionals, the implementation plan will require “an annual type of assessment performance, where we then measure each individual, based on their level of skill that’s based on the current requirements.”^[3] This approach, coupled with the adoption of mentorship and apprenticeship programs to bolster digital skills, and offering additional incentives, will help the Pentagon’s cyber workforce better adapt to changing threats and vulnerabilities—particularly for its non-military employees.^[3]

Gorak said the Pentagon also plans to change its requirements for cyber professionals—both for bringing new talent into the agency, as well as for ensuring that current DOD employees remain knowledgeable about evolving digital threats and vulnerabilities.^[3] In the future, hiring decisions should be based more on performance assessments and hiring assessments, rather than on degree requirements and certifications.^[3]

Ultimately, the Pentagon’s strategy and implementation plan will help address the shortages of highly-skilled cyber professionals in the public and private sectors, while fostering stronger partnerships between the private sector and the Pentagon.

0. “DoD to Release Cyber Workforce Strategy ‘Any Day Now'” MeriTalk, 10 Feb. 2023, https://www.meritalk.com/articles/dod-to-release-cyber-workforce-strategy-any-day-now/

1. “Navy IT Strategy Head on Cybersecurity: ‘We’re Doing It Wrong’” Bloomberg Government, 15 Feb. 2023, https://about.bgov.com/news/navy-it-strategy-head-on-cybersecurity-were-doing-it-wrong/

2. “Can a New Information-Security Approach Save the Navy $1B a Year?” Defense One, 15 Feb. 2023, https://www.defenseone.com/technology/2023/02/can-new-information-security-approach-save-navy-1b-year/382984

3. “Pentagon to Release New Cyber Workforce Strategy ‘Any Day Now'” Nextgov, 9 Feb. 2023, https://www.nextgov.com/cybersecurity/2023/02/pentagon-release-new-cyber-workforce-strategy-any-day-now/382788/