Eleven tips for building a stronger cybersecurity workforce

October marks National Cybersecurity Awareness Month, and as part of that effort, an advisory council at the Homeland Security Department has put forth 11 recommendations for the government in how it can best develop, recruit and retain sophisticated cybersecurity talent.

The Homeland Security Advisory Council’s Task Force on Cyber Skills on Tuesday released its recommendations, which include creating a dedicated cybersecurity career path, improving training, streamlining the hiring process and improving opportunities for veterans to be trained and hired for mission-critical cybersecurity work.

The report cites several recent cyber attacks at government agencies like the Commerce Department and private companies like Google and Exxon-Mobil as reasons why having a top-notch cybersecurity workforce is critical to not only respond to emerging threats but also get ahead of the new attack tempo. “Finding the people with the needed skills, however, poses a dilemma,” the report states. “The numbers of professionals with these mission-critical skills are so limited that government contractors and federal agencies compete with one another and the private sector to hire them.”

The task force recommended that DHS:

• Adopt and maintain an authoritative list of mission-critical cybersecurity jobs, particularly in areas like penetration testing, security monitoring and incident response, and modify that list in the face of changing threats and technologies.
• Develop training scenarios that allow it to properly evaluate cybersecurity talent for each of the mission-critical tasks.
• Adopt a sustainable model for assessing the competency and progress of existing and future cybersecurity talent.
• Establish a department-level infrastructure that oversees the development of the cybersecurity workforce.
• Streamline the hiring process and make government cybersecurity jobs more enticing by emphasizing the service, skills and growth potential in the federal government.
• Establish a two-year, community-college-based program that identifies and trains large numbers of students for in-demand cybersecurity jobs.
• Raise the eligibility criteria for schools that participate in the Centers for Academic Excellence and Scholarship for Service programs to ensure that graduates are better prepared to perform in-depth cybersecurity work.
• Launch a major initiative to enhance the opportunities for U.S. veterans to be trained for and hired in mission-critical cybersecurity jobs.
• Use the large majority of its direct hiring authority to bring on people with critical cyber skills, until at least 600 of those workers are fully on board.
• Specify the skills and level of proficiency needed in all cybersecurity-related contracting.
• Establish a pilot DHS CyberReserve program that ensures former DHS cybersecurity workers and other cyber professionals outside of government are known and available to DHS in times of need.

The task force, which is co-chaired by Jeff Moss, chief security officer at the Internet Corporation for Assigned Names and Numbers, and Alan Paller, director of research at the SANS Institute, was announced in June as part of an effort to better develop, recruit and retain the mission-critical cybersecurity talent, or “hunters,” needed to perform effective cybersecurity work. The task force gained broad access inside DHS to gather data and better understand what has already been done and what needs to be done to meet those goals.

“If implemented, [these] recommendations will not only expand the national pipeline of men and women with advanced cybersecurity skills,” the report states, “but will also enable DHS to become a preferred employer for the talent produced by that pipeline, positioning the department to help make the United States safer, more secure, and more resilient.”