Email this Article Email   

CHIPS Articles: Resources for Developing a Cybersecurity Workforce

Resources for Developing a Cybersecurity Workforce
Recommendations from an experienced cyber professional
By Lt. Cassandra Pristas - October-December 2017
The need for cybersecurity professionals over the last 10 years has increased throughout the Department of Defense and corporate America. Today, people and organizations are more concerned about data breaches, identify theft, security and maintenance of classified documents, and management of personally identifiable information (PII) than ever before. The demand for information security analysts is projected to grow 18 percent from 2014 to 2024, much faster than the average for all occupations according to a report by the Bureau of Labor Statistics.

Forbes Tech News reported there were 1 million cybersecurity job openings in 2016. With the high demand for cybersecurity professionals, there is an ongoing need to build and train a highly skilled national workforce for the future.

In 2017, President Trump signed the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure designed to improve the nation’s cybersecurity posture to defend our country’s networks and assets. However, to achieve that mission, more cybersecurity professionals will be needed, including building a cybersecurity military workforce. Today, all branches of the military are focused on cyber defense strategies and goals to help defend our critical assets to include grids, financial systems, communications and networks. The cyber force needs to make sure personnel are trained and able to perform their duties to monitor and engage in both offensive and defensive roles.

As an Information Professional Officer, a DoD contractor for the Defense Information Systems Agency (DISA), and a college professor who teaches computer security, information technology and cybersecurity courses, I have seen firsthand the enrollment of students in cybersecurity programs increase significantly.

Common questions that students and young servicemen and women ask include: Where can I get a degree in cybersecurity? How do I get a job in the cybersecurity field? What certifications are needed? What skillsets and training is required and what type of positions are available in the cybersecurity field?

Where can I get a degree in Cybersecurity?

A large number of universities across the country are developing cybersecurity programs to help students gain the foundational knowledge that will help train, educate and prepare them for the nation’s cybersecurity workforce. First, students must have the desire to go the extra mile to take classes that will provide the hands on skills they will need to be successful. You can read about cybersecurity but actually applying the knowledge with practical hands on experience in a simulated environment is crucial to understanding and working in a cybersecurity field.

Some trade and technical schools offer classes for various cyber positions; however, you must investigate the institution before expending money and time to ensure you are getting recognized training and education. Determine if schools are accredited, research the school online, check educational sites and reviews, assess the feedback from students who have completed the program. Ask potential employers or friends who are in the field for their recommendations on the schools and programs you are considering.

Ask the school about the success rate of their graduates. How many students are working in their chosen field after they completed the program? Do employers seek graduates from their program? These questions are important, so take the time and do your research. If a school can’t provide the answers to these questions, this is a red flag that the school may not be a creditable institution of professional cybersecurity education. You can verify accredited institutions by going to the U.S. Department of Education website.

How do I get a Job in the Cybersecurity Field?

For those who are seeking jobs in cybersecurity, consider the sector you want to work in. Do you want to serve in the military as a cyber professional? Do you want to work in corporate America or a government agency, such as the FBI, CIA, local law enforcement, or DoD? Once you decide, research the company or agency where you will seek employment. Many agencies have internship programs that allow students to work part time while attending school and offer employment in the summer. After students graduate, in many situations, companies or government agencies will offer full-time employment.

Another suggestion is to network and establish contacts in the field you hope to work in by attending cyber conferences, workshops and seminars. Getting your name out there is important. Volunteering in community cybersecurity programs is a good way to get your foot in the door. The federal government has a hiring program for interns and graduates called Pathways. This site has some great information if you are interested in federal government employment.

If you decide to pursue a DoD career path or work with a defense company, a security clearance may be required. Depending on the line of work, a Secret or Top Secret may be required. For those who seek employment in DoD, review Department of Defense Directive 8570 which governs information assurance for Department of Defense systems and those with access to them, according to advice from Anyone who plans to work for the Defense Department will need to review the policy as it provides guidance regarding DoD-approved baseline certifications.

What Skillsets, Training and Certifications are required?

To understand the big picture, cybersecurity professionals should have a well-rounded background in the many different fields in IT and security. Although not mandatory, to be successful in the cyber field, you should have fundamental knowledge of networking, servers and general computer security awareness.

For those individuals who are serving in the military, working as a government employee or a veteran, there are a number of sites that provide cyber training. The Federal Virtual Training Environment (FedVTE) is a free online, on-demand cybersecurity training system for government personnel and veterans. Managed by the Department of Homeland Security, FedVTE contains more than 800 hours of training on topics such as ethical hacking and surveillance, risk management, and malware analysis. FedVTE Online Training is a valuable training source for cyber skills and knowledge. Another helpful cyber training site is the Information Assurance Support Environment found on the DISA cyber online training portal. These sites will require a CAC login.

For those who are currently working for DoD or in the military, the SANS Institute has a Cyber Guardian program designed for those professionals whose role includes securing systems, reconnaissance, counterterrorism and countering hacks.

The National Initiative for Cybersecurity Careers and Studies (NICCS) Education and Training Catalog is a central location where cybersecurity professionals across the nation can find over 3,000 cybersecurity-related courses to help improve their cybersecurity skillsets. All of the courses are aligned to the specialty areas of the National Institute of Standards and Technology Cybersecurity Workforce Framework.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) guides a cohesive effort between government and industry to improve the cybersecurity posture of control systems within the nation's critical infrastructures.

The tools and knowledge that are most commonly used in cybersecurity professions are Splunk, Host Based Security System (HBSS), WireShark, Active Directory, and familiarization of scanning and patching methodologies. Knowledge of networks, topologies, familiarization of Windows Services, threat injections, and experience with data collection are also important skills to know.

Certifications in the cybersecurity field can vary depending on the job. If you plan to work for a Department of Defense agency, starting out with the CompTIA Security+ and Network+ certifications is essential. The DoD 8570.01-M will provide additional information for specific positions in DoD. Most jobs in the government sector will require other certifications to include: CISSP, CISA, GICSP, GIAC and CISM.

My recommendation is to research the company you want to find employment with, inquire about the required certifications, tools, applications and processes and learn as much as you can. If you see a common request for specific certifications, it might be a sign to pursue those certifications to give you a career advantage.

What Types of Positions are in the Cybersecurity Field?

In the cybersecurity field, there are a plethora of positions that are in demand. Individuals who can perform incident detection, analysis, coordination and response to computer and network attacks are essential. Many of those positions include: cybersecurity analysts, network cybersecurity administrator, network cybersecurity analyst, junior analyst, cybersecurity operations, cyber technologist (entry level), cyber information assurance analyst and cybersecurity engineer, just to name a few., and are just a few of the websites that list cybersecurity jobs. Visit local job fairs — there are many defense contractor companies who attend or hold job fairs looking for qualified, interested applicants. Some companies also visit schools to recruit students before they graduate. Ask your school advisors if your school has a partnership with local companies or government agencies who hire graduates.

Lt Cassandra Pristas is the N6 department head for Navy Information Operations Command (NIOC) in Pensacola, Florida and is crossed assigned to the N2 Intel/Security Department at Navy Reserve U.S. Naval Forces Southern Command/U.S. Fourth Fleet (USNAVSO/C4F) in Mayport, Florida.

The views expressed here are solely those of the author, and do not necessarily reflect those of the Department of the Navy, Department of Defense or the United States government.

Summary of Training and Education Links:
-- Check a school’s accreditation: Universities and Higher Education:
-- Pathways for Students and Recent Graduates to Federal Careers:
-- Department of Defense Directive 8570:
-- FedVTE Online Training:
-- Information Assurance Support Environment:
-- Cyber Guardian Program:
-- National Initiative for Cybersecurity Careers and Studies (NICCS):
-- The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT):

-- Kyzer, L. (2015). What is DoD 8570?
-- Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, 2016-17 Edition, Information Security Analysts
-- Morgan, S. (2016). Zero-percent cybersecurity unemployment, 1 million jobs unfilled. Cybersecurity labor crisis expected to continue through 2021

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy
CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988