5 Goals to Improve Infosec Skills at DHSDefining Mission-Critical Cybersecurity Jobs and Tasks
Top Department of Homeland Security officials, including Secretary Janet Napolitano and Deputy Undersecretary Mark Weatherford, over the past few days have been emphasizing the need for the department to increase its IT security workforce and skills.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
and Tasks Below
Speaking Oct. 25 at a symposium on building a cybersecurity workforce through diversity, held at the Center for Strategic and International Studies, a Washington think tank, Napolitano said DHS has a number of initiatives underway to strengthen its IT security workforce, including a joint program with the National Security Agency to train college students in cybersecurity skills through their National Centers of Academic Excellence program. She also emphasized the need for the government and business to develop programs to encourage students to pursue studies in science, technology engineering and math, the so-called STEM fields.
"We need a dependable pipeline for the future for engineers, scientists, analysts, IT specialists, you name it," Napolitano said. "That's why we have embarked on a very concentrated effort to develop the next generation of cybersecurity and try to foster an environment for our talented staff to grow in this field and see their career path at the department and its important role in securing the networks of the United States."
A few days earlier, Weatherford emphasized the same points in a blog posted on the DHS website: "DHS is committed to recruiting, training and retaining cybersecurity professionals that are vital to the effort to make the Internet a safer and more secure place for everyone."
Among specific skills DHS seeks are cyber incident response, cyber risk and strategic analysis, vulnerability detection and assessment, intelligence and investigation, networks and systems engineer and digital forensics.
In the blog, Weatherford referenced a report Napolitano received this month from the Homeland Security Advisory Council Task Force on cyber skills to improve DHS's ability to build a world-class cybersecurity team and a strong pipeline of talented new hires for the future. The task force offered 11 recommendation grouped under five objectives:
1. Ensure that the people given responsibility for mission-critical cybersecurity roles and tasks have demonstrated that they have high proficiency in those areas.
- Adopt and maintain an authoritative list of mission-critical cybersecurity tasks (see table toward end of this article).
- Develop training scenarios that evaluate mission-critical cybersecurity talent for each of the mission-critical tasks.
- Adopt a sustainable model for assessing the competency and progress of the existing and future DHS mission-critical cybersecurity workforce.
2. Help DHS employees develop and maintain advanced technical cybersecurity skills and render their working environment so supportive that qualified candidates will prefer to work at DHS.
- Establish a department-level infrastructure with direct responsibility for the development and oversight of the cybersecurity workforce.
- Make the hiring process smooth and supportive and make mission-critical cybersecurity jobs for the federal civilian workforce enticing in every dimension: in mission and service, skills, growth potential and "total value proposition."
3. Radically expand the pipeline of highly qualified candidates for technical mission-critical jobs through innovative partnerships with community colleges, universities, organizers of cyber competitions and other federal agencies.
- Establish a two-year, community-college-based program that identifies and trains large numbers of talented men and women to prepare them for mission-critical jobs in cybersecurity.
- Raise the eligibility criteria for designation as CAE and SFS schools to ensure that graduates are prepared to perform technical mission-critical cybersecurity jobs.
- Launch a major, sustained initiative to enhance the opportunities for U.S. veterans to be trained for and hired in mission-critical cybersecurity jobs.
4. Focus the large majority of DHS's near-term efforts in cybersecurity hiring, training and human capital development on ensuring that the department builds a team of some 600 federal employees with mission-critical cybersecurity skills.
- Until 600 employees are on board with mission-critical skills, apply the large majority of direct hire authority related to information technology in the department to bringing on people with technical mission-critical cybersecurity skills.
- Specify the mission-critical skills and level of proficiency needed in all cybersecurity-related contracting.
5. Establish a cyber-reserve program to ensure a cadre of technically proficient cybersecurity professionals are ready to be called upon if and when the nation needs them.
- Establish a pilot DHS cyber-reserve program that ensures DHS cyber alumni and other talented cybersecurity experts outside of government are known and available to DHS in times of need and determine how this program may be implemented long-term.
[Story continues after table.]
Most Stimulating and Coolest Jobs
According to the task force, the first two jobs in the above table -- network and system penetration testing and application penetration testing -- provide an effective onramp for initiating a major skills development program at DHS. The tasks performed by people in these jobs have three characteristics that make them promising starting points for building advanced mission-critical skills.
According to the report's authors, these jobs serve as baseline tasks that produce better technical skills in the other task areas - that is, knowing how to penetrate an architecture allows for better security monitoring, event analysis, security engineering and architecture, and knowing how to find and exploit application vulnerabilities allows for better code reviews, forensics analysis, threat analysis and incident response.
Results of penetration tests are immediately relevant and motivating for the agencies and companies that DHS helps to support, enhancing trust in the department's reputation for cybersecurity excellence, the task report says.
"These are the most stimulating and 'coolest' jobs that candidates for employment consistently seek," the authors write. "Having significant numbers of these jobs reserved for federal employees will help DHS compete effectively with other employers for top talent and serve as a pipeline for the other skills the department needs to meet its cybersecurity mission."