Setting Standards for Cyber Pros

A forthcoming report that will recommend new standards for testing cybersecurity skills and create cyber career paths in the federal government is a positive step for securing the talent necessary to ensure computer networks and systems are protected, an expert on cybersecurity issues said last week.

Jeffrey Akin, a principal at Booz Allen Hamilton, told Wired Workplace that effectively creating a certifying body to develop standards to test cybersecurity skills and creating career paths based on those certifications would help the government train, hire and retain an effective cybersecurity workforce. The recommendation to create such new standards will be part of an upcoming report by the Commission on Cybersecurity for the 44th President of the United States.

Critics have argued that it's not the job of government to create new career certification standards for cybersecurity, noting that such requirements would make it more difficult for the federal government to hire and retain talent. But Akin said the key will be for the federal government to have a plan in place to size the cybersecurity workforce over time. "When you're in a talent fight, ultimately, as the supply catches up, you have inflation of pay," Akin said. "Now you have an oversupply of people getting educated and trained in this area, and you're in a spot where you're looking to lower your costs."

Agencies also will need to ensure that cybersecurity managers, many of whom are fairly inexperienced, have the leadership skills to manage cyber workers effectively, Akin said. "We need to make sure we know what a cybersecurity manager looks like and feels like," he said.

Last July, Booz Allen Hamilton and the Partnership for Public Service released a report that identified four challenges that threaten the quality of the federal cybersecurity workforce, including a pipeline of new talent that is inadequate and fragmented governance and uncoordinated leadership that hinder the ability to meet federal cybersecurity workforce needs.

Booz Allen has been working with several federal agencies to help develop and define the skills that make an effective cybersecurity professional, Akin said. That work has evolved into a model that identifies 23 critical cyber skills broken down into entry, intermediate and expert levels and helps the government find proficiency gaps and training needs. Those skills include malware analysis, secure systems development, secure configuration management, information systems monitoring and testing, he said.

"One of the things I've seen in government is that in the absence of a definition, hiring managers hire people who know things that they know," Akin said. "That locks you into the old operating level and doesn't get you to the picture you envision in terms of the integrated cyber mission."