Cyber Reskilling Grads Gained Valuable Skills But Not New Jobs Yet

As the second cohort of the experimental Federal Reskilling Academy prepares to graduate in September, two members from the first cohort—which graduated in July—spoke with reporters about what they learned during the 13-week course and what these new skills will mean for their careers.

While both reskilling graduates agreed their new skills are invaluable—in both their personal and professional lives—the training has not translated into new jobs, one of the main promises of the effort.

When Federal Chief Information Officer Suzette Kent announced the reskilling academy in November 2018, the stated goal of the first cohort was to train non-IT employees as cyber defense analysts who could then be transferred to IT-specific roles. The federal government has a critical shortage of cybersecurity professionals and the academy was meant to be one way of filling those positions with internal hires.

Two graduates from the first cohort—who OMB made available to reporters during a roundtable Wednesday—lauded the course as an exceptional learning experience but said, for the time being, they will continue working in their current positions.

Mary Gabriel, who works in acquisition with the U.S. Coast Guard, said the training in the basics of computing, networking and programming has given her a much better understanding of what goes into an IT system, and her certification in incident response helps her see things from both the attacking and defending perspective.

For instance, mitigating potential cybersecurity weaknesses on a Coast Guard Cutter means carefully weighing costs and risks, Gabriel said. Having a better understanding of the real work that goes into hardening a system—and the tricks and tactics used by attackers—has given her a better idea of how to manage those tradeoffs when making procurement decisions.

But while the course has given Gabriel better tools in her current role, it has yet to translate into a cybersecurity job.

“I’ve had opportunities to apply what I’ve learned at work so far. But I’m kind of interested in finding a role that would take a greater focus on cybersecurity,” she said.

Unfortunately, that has been difficult, as her current level on the General Schedule—the strict hierarchy of federal employment—is too high to transition into entry-level cyber defense positions.

“At my current grade level, I don’t think I could get a cyber analyst role. If there’s a path, I haven’t found it,” Gabriel said, though she is still checking on some alternative avenues. “I think my best opportunity is to stay in my current role” and use her newfound cybersecurity skills to help with acquisitions.

For Shannon Riley, who works on privacy issues at the Education Department, understanding the intersection of cybersecurity and protecting individuals’ data privacy has been enlightening. For the time being, she plans to continue working at her current agency in her current role, though the course has given her some ideas for the future.

While Riley said she is not necessarily looking for a strictly cyber defense analyst position, “there are a lot more jobs that aren’t just sitting in a security operations center looking at this long line of logs,” she said.

During a tour of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, Riley said she learned there are various aspects of the work, including outreach to government and industry partners, and training for other federal employees.

While getting these people into cyber defense analyst jobs was the initial goal, Kent said having these skills at agencies is still a boon. More importantly, she said, the lessons learned from the first graduating class will inform the broader reskilling program going forward.

“As we look at the number of open positions and our needs in cybersecurity, we want to industrialize this process,” she said. “Whether it is directly with agencies or through other central mechanisms. Those are some things that we’re looking at now.”

Kent said her office, in conjunction with the Office of Personnel Management and the Federal CIO Council, is looking at options to help academy graduates get into cyber-related positions, whether through special hiring authorities or temporary details.

OMB was not able to provide numbers on how many of the initial 30 grads had moved into cybersecurity positions, as the first cohort just recently completed the course.

“The first Federal Cyber Reskilling Academy cohort graduated only three weeks ago with very encouraging results. It is entirely premature to quantify how many have secured cybersecurity-focused positions,” OMB spokesperson Jacob Wood told Nextgov. “What’s clear is that the inaugural class has achieved so much in a very short window. The administration will continue its efforts to reskill our dedicated federal workforce to improve our national security.”

OMB is also looking at expanding the reskilling model to other areas of need. The agency is currently running a pilot Data Science Reskilling Academy, which it hopes to roll out in full in the next year.

Whether or not they end up with new jobs in the near future, both Gabriel and Riley said the course was well worth the effort, as they now have important skills for the work they do, as well as future prospects.

They also have skills they can apply to their daily lives.

“I saw this as an opportunity to broaden my horizons in order to then strengthen my own privacy program” at Education, Riley said. “Personally, though, my entire life has essentially been on technology and on the internet. … So, from a personal standpoint, I wanted to be able to learn what this technology is. Is it possible to fully protect myself or are these companies able to protect my data that they have?”

“From a personal level, I behave differently on my phone and on my personal devices,” Gabriel agreed. “Now, every time I leave the house I turn off my Bluetooth and my Wi-Fi. I had heard that advice before but never saw how easy it was to actually find my information via those mechanisms.”

Those cyber hygiene basics—what the course referred to as “Cyber 101”—can be of use to everyone, Kent noted, and the team is working to make that information publicly available to any federal employee who wants to learn more.

Editor’s Note: This article has been updated to include additional comments from an OMB spokesperson.