Today's environment presents enormous challenges and unprecedented opportunities, not only to the Department of the Navy (DON) information assurance (IA) workforce charged with defending our cybersecurity interests, but also to the traditional training regimes that prepare Sailors and Marines to meet their operational commitments.
There are approximately 14,000 full-time and 6,000 part-time military and civilian personnel in the DON cybersecurity (CS)/IA workforce. CS/IA functions primarily focus on the development, operation, management and enforcement of security capabilities for systems and networks. Significant portions of the CS/IA workforce are technical individuals with privileged access who perform network operations and system administration tasks. A smaller portion of the CS/IA workforce is made up of IA management personnel, computer network defense service providers, certification and accreditation team members, red and blue team members, and information assurance system architects and engineers (IASAE).
Cybersecurity/information assurance competencies and work functions are mapped to training requirements. Personnel who perform CS/IA technical functions are trained in baseline skills through a multidimensional program that includes in-residence courses, distributed learning, blended training, exercises and certification testing. All members of the CS/IA workforce are required to obtain the appropriate commercial certification through testing to qualify as part of a standardized workforce; moreover, they are required to sustain and improve their knowledge level with continuing professional education.
Both the Department of Defense (DoD) and DON support free virtual/e-learning courses that prepare the total force to obtain commercial certifications. These commercial courses continue to integrate leading-edge data and information into the courses.
At the same time, cybersecurity training curricula in the traditional Navy and Marine Corps schoolhouses must be thoroughly examined. Once the training standards are validated, the schools must revise the training roadmap so that as Sailors and Marines matriculate in these schoolhouses, they acquire the requisite commercial certification to signify they meet DoD standards.
Plans for the Navy's information systems technician rating, called "IT of the Future," reveal that the rating is being revamped to be an advanced technical field (ATF). The ATF allows the Navy to recruit Sailors to both four-year and six-year obligations. Sixty-five percent of the new recruits will be recruited with a four-year obligation, get their basic training in "A" School, and then go to their first permanent change of station (PCS). Thirty-five percent will be recruited with a six-year obligation and receive advanced training in a "C" School before transferring to their first PCS.
Information Systems Technician "A" School will change from an 11-week course to a 19-week course with the pilot course beginning in July 2010 and formal training to start January 2011. Sailors enrolled in "A" School will graduate with CompTIA's A+ and Microsoft Certified Professional XP (MCP 70-270) certifications.
Thirty-five percent of the new Sailors will go right into "C" School and receive the new system administration (SYSADMIN) Navy Enlisted Classification (NEC). This training path includes additional certifications for Security+ and MCPs 70-290 and 70-291 (for servers).
The new "C" School training will pilot in January 2011. Fleet IT Sailors will have the opportunity to gain these new NECs with additional training that will be announced once the new training is fully in place. The information systems administrator, NEC 2735, will be phased out as a valid NEC. Sailors will be required to hold the new SYSADMIN NEC before being allowed to enroll in more advanced NEC training (i.e., NECs 2780, 2781, 2779).
All Sailors who hold privileged access to servers, routers and switches are required to have appropriate IA and operating system certifications in accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program. Therefore, current fleet and shore IT Sailors must attain commercial certifications as part of their daily training regimen.
The Sailors can complete the required courses via Navy e-Learning on Navy Knowledge Online; Carnegie Mellon University's virtual training environment at https://www.vte.cert.org/VTEWEB/; or via classroom courses sponsored by Naval Network Warfare Command (NETWARCOM) in fleet concentration areas. Certification for all IT Sailors will be paid for by Navy Credentialing Opportunity On-Line (COOL). Go to https://www.cool.navy.mil for more information. Under no circumstances should an individual in the IT rating pay for required certifications.
The DON's approach to cybersecurity/IA workforce training must remain flexible as the definition of the domain continues to mature and cyberspace capabilities evolve. Since the IT rating is designated as a core CS/IA rating, IT personnel should visit the NETWARCOM Web site, at www.netwarcom.navy.mil, for the most up-to-date information on all issues related to IAWF management news.
Mary Purdy facilitates the DON Cybersecurity/IA Workforce Management Oversight and Compliance Council.