To achieve a resilient cybersecurity infrastructure, an organization needs a well-trained, highly skilled workforce. Some cyber leaders are breaking with convention to pursue new ways to get what they need.
According to Accenture’s “Third Annual State of Cyber Resilience” report, leading organizations are already using some best practices that lead to cyber resilience. The report’s survey shows that some leaders have been able to stop attacks and find breaches four time faster, fix breaches three times faster and reduce the impact of a breach twice as fast as other organizations.
These results are due in part to cyber training. Leading organizations report that they provide needed training to their workforce to improve their knowledge and skill set. Building the next generation of cyber defenses requires training the next generation of cyberwarriors and providing them a robust training environment that is agile, scalable and tailored to their unique learning needs — and available globally.
A ready cyber force must be supported by highly trained individuals who can access a variety of training tools on demand with intuitive interfaces. Moreover, this training environment must be able to accommodate team dynamics — either for a full team or a diverse range of smaller teams — for high fidelity training and mission rehearsal.
Many organizations within the Department of Defense are leading the charge on a modern approach and have taken positive steps to address their workforce cyber needs. Among these steps:
- The Army’s new “People Strategy” includes an initiative called Quantum Leap that aims to re-skill or upskill as many as 15,000 current IT and cyber workers so they are better prepared for requirements five to 10 years in the future.
- The U.S. Cyber Command established consistent training standards for its Cyber Mission Force teams and, in 2018, achieved full operational capability for all 133 of those teams.
- The Army, on behalf of U.S. Cyber Command, is standing up the Persistent Cyber Training Environment to provide a web-based cyber training environment where cyberwarriors can remotely plug in around the world to conduct training at the individual, team and force levels.
- The DoD launched the Defense Cyber Exchange as the department’s one-stop portal for cyber information, policy, guidance and training.
- The National Security Agency’s National Centers of Academic Excellence in Cyber Defense program certifies and collaborates with more than 270 designated colleges and universities around the country to educate future cyber first responders.
While they are putting innovative approaches into practice, they still foresee a gap in the numbers of skilled people they need. More than 60 percent of respondents in the Accenture survey of 200 federal executives indicated they lacked the ability to forecast the skills they need in the next one to five years. Also, more than 60 percent said they need to improve their ability to: identify skills gaps; identify critical roles needed for the next one to three years; and address learning and skills needed in the next one to three years.
With this in mind, we believe DoD organizations can improve their cyber resilience from a workforce perspective by taking four steps:
Re-imagine the work: Conduct a careful needs assessment of the talent your organization will need in the next one to five years and then undertake a gap analysis to understand exactly which skills — and how much of those skills — you will need.
Re-skill the workforce: Strategize how you will source the skills you will need. There are four basic sourcing options: build (through training and re-skilling); borrow (obtain via contractors); buy (through recruitment); and “bot” (through automation). To make training resonate more effectively, apply human-centered design principles. HCD principles focus on employee experience and use collaboration, data-driven insights and engagement with all relevant stakeholders so that the resulting training programs address the critical needs of all affected user groups.
Recruit smartly: Recruiting success often begins with effective collaboration between an agency’s chief human capital officer and its information security officer or program manager to produce creative approaches for reaching and messaging to potential recruits. The people you are targeting have the hot skills in the job market, and they know it, so be creative in finding compelling ways to connect with them. Our research shows that three critical messaging themes are especially important when recruiting cyber talent: mission delivery, training with digital dexterity and compensation.
Develop your employee value proposition: Many of the people you are targeting are Gen Z-ers, those born between the mid-1990s to 2010 who are far more familiar with the social media giants they access on their smartphones than with your organization. That means you will need a compelling brand strategy for your organization. How you compete with those companies to reach and connect with sought-after candidates will be critical to your success. Part of “connecting” with them involves thinking hard about retaining the talent you are working so hard to recruit. Define ongoing training opportunities and career development paths for your employees so they have a clear sense of the value that comes with joining and staying in your organization.
Finally, be mindful that building an effective cyber workforce is a journey that relies upon continuous growth and improvement. Any cybersecurity training program should have flexibility to adapt to rapidly-changing situations, new missions and adaptive threats.
Cyber resiliency for any organization is about much more than designing the right cyber architectures and investing in the right tools and technologies. It is also about ensuring that the workforce has the right mix of talent and capabilities to be ready for whatever comes their way. These steps can help DoD organizations do just that.
Retired Maj. Gen. George Franz served as the director of operations for U.S. Cyber Command and commanded Army Intelligence and Security Command. He is currently a managing director and defense cybersecurity lead for Accenture Federal Services’ national security business. Kristen Vaughan is a managing director at Accenture Federal Services, leading the human capital practice.