Page 81 - Cyber Warnings
P. 81
A Holistic Approach to Cybersecurity: Bringing Together Technology and Training
Department of Defense (DoD) security education, training, and certification programs, including
cyber awareness training, have been in place for years. Every military member, government
civilian employee, and contractor must complete annual security awareness training to continue
being granted access to DoD systems and networks.
There are a variety of mediums available for individuals to receive training; one of the more
recent approaches is the DoD Cyber Awareness Challenge offered online to DoD employees.
Everyone is required to take the Challenge and must pass an exam at the end in order to meet
their annual training requirement.
In addition, through the implementation of the DoD 8570.01-M Directive in 2005, the
Department established an Information Assurance Workforce Improvement Program that
provides guidance for the identification and categorization of positions and certification of
personnel conducting Information Assurance (IA) functions within the DoD workforce supporting
the DoD Global Information Grid (GIG). This program includes a list of DoD-approved IA
baseline certifications aligned to each category and level of the IA workforce.
Personnel performing IA functions must obtain one of the certifications required for their
position, category/specialty, and level. This program has been augmented by DoD Directive
8140, Cyberspace Workforce Management, which unifies the overall cyberspace workforce and
establishes specific workforce elements (cyberspace effects, cybersecurity, and cyberspace
information technology (IT)) to align, manage, and standardize cyberspace work roles, baseline
qualifications, and training requirements.
With these programs, the DoD maintains a total force management perspective to provide
qualified cyberspace government civilian, military, and contractor personnel to identified and
authorized positions. These personnel function as an integrated workforce with complementary
skill sets, and provide an agile, flexible response to DoD requirements. Although the DoD is not
perfect, the combination of these initiatives has improved the Department’s culture of
cybersecurity and demonstrably reduced the impact of the human stupidity factor.
From providing average employees with cyber awareness training to delivering sophisticated
specialized training (Bootcamps, SANS, CompTIA, ISC2, etc.) to Computer Network Defense
Service Provider (CNDSP) Cyber Operators, their efforts have helped mature DoD’s cyberspace
workforce.
Commercial companies can apply DoD’s approach and lessons-learned to enable or fast-track
their cyber awareness and workforce improvement initiatives. It is important to establish a true
culture of cybersecurity, and this needs to be driven from company leadership throughout the
organization.
81 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
