Information technology users in the Department of the Navy — that’s all 900,000 of you — have a great chance to hear about the DON’s plan for cloud migration, leveraging mobility, enhancing security and new credentialing opportunities for the cyber/IT workforce — directly from the DON Chief Information Officer Rob Foster.
Foster joined Federal News Radio host Jason Miller on Miller’s show, “Ask the CIO” in September in an interview that detailed new guidelines for the identification, management, development, and certification of the DON Cyber IT/Cybersecurity Workforce which includes military, government, civilian and contractor personnel. From there, the discussion centered on department IT priorities that impact every DON IT user — everyone who touches a keyboard, explained Foster.
New Credentialing Opportunities for the Cyber IT/Cybersecurity Workforce
The use of certifications, along with military training, academic degree programs and other relevant credentialing programs will be integrated into the new Cyber IT/CSWF Qualification Program, Foster said. Within the DON, this includes but is not limited to commercial certifications, foundational cybersecurity training and education, technical training and education, on-the-job training, and demonstration of acquired skills and abilities.
According to Foster, the DON has about 23,000 cyber professionals working hard to secure and defend networks.
Foster was joined by Jennifer Harper, the DON CIO's cyber IT and cybersecurity workforce subject matter expert, who said the new guidance will increase the number and type of certifications and qualifications accepted by the DON.
The DON is moving from the decade-old Information Assurance Category and Level model, outlined in earlier Defense Department information assurance workforce policy, and will now utilize the Category and Specialty Area methodology delineated in the National Initiative for Cybersecurity Education (NICE) Workforce Framework, Harper explained.
Foster said that by expanding the certifications, training and degrees accepted by the DON, the pool of qualified cyber workers will also expand. This is critical with both the public and private sectors competing for the same pool of skilled cyber/IT talent.
“The changes will lead to a better-trained, more capable workforce,” Foster said.
Harper explained that both the Navy and Marine Corps will issue implementation policies for the Cyber IT/CSWF Qualification Program. Position descriptions will be coded to specialty areas, mapped to the NICE framework, and changes will be reflected in the military and civilian personnel systems, she said. Policy guidance is expected to be released soon.
While this is a change, Harper said it will actually be an easier program to follow. For personnel already in the Cyber IT/CSWF, jobs will remain the same.
Key to the success of the new program is the stand-up of Cyber IT/Cybersecurity Workforce program managers who will play a critical role in program development and in identifying any problems during the transition. The aim is to have a program manager at each Echelon II and major subordinate command to maintain records, assist with the coding and workforce continuous learning — all the good parts of the program, Harper said.
Because the qualification matrix in the NICE framework clearly defines proficiency levels, Harper said someone looking to be a sys admin, or system administrator, for example, can easily see the proficiency levels required and work toward acquiring the skills for that specialty area. The guidance could also assist those who would be interested in making a career change to the Cyber IT/Cybersecurity Workforce because each specialty area is precisely detailed at each proficiency level.
“At the federal CIO level and most of the CIOs at the operational level, all have the same challenge and that is to recruit, retain, and reward cybersecurity professionals. We understand there is a big demand signal and in the Department of the Navy we actually changed information dominance to information warfare. So we have declared it to be an information warfare domain…This is an opportunity to reassess our current staff, align them with the NICE framework, and … put them in a position to be of most value to themselves and the organization in defending the network,” Foster said.
Harper said the challenge now is the transition to the new Cyber IT/CSWF Qualification Program and communicating changes to everyone that is in the Cyber IT/Cybersecurity Workforce — from senior leadership — to the lowest ranking members and across the Department of the Navy.
DON IT Priorities
In addition to the discussion about the Cyber IT/Cybersecurity Workforce, Foster talked about moving from PowerPoint training to “gamification” of the annual cybersecurity training courses that DON IT users must take. The goal is to make training more interactive, realistic and challenging so users better understand the importance of protecting the department’s networks.
In parallel, Foster pointed to the Acceptable Use of DON Information Technology memo as a reminder for IT users that everyone is responsible for the security of the department’s networks.
In response to a question about cloud computing, Foster said the Navy has been working on migration to the cloud for some time through the use of pilots. Moving to the cloud is a natural evolution in information technology, he said, but the Navy is working through the complexities of securing data in a cloud environment.
Foster explained that the department is working diligently to transition from the DoD Information Assurance Certification and Accreditation Process (DIACAP), the current certification and accreditation model, to the Risk Management Framework process which emphasizes continuous diagnostics and risk mitigation.
Other department priorities include improving data analytics for better business decisions and transforming the department’s networks to support mobile computing and increase workforce productivity.
Foster said he expects to see an explosion in mobility options in the next few years.
Listen In: “Ask the CIO” with DON CIO Rob Foster.
Cyber IT/CSWF Guidance
DoD Directive 8140.01, Cyberspace Workforce Management
Secretary of the Navy (SECNAV) Instruction 5239.20A, Department of the Navy Cyberspace Information Technology and Cybersecurity Workforce (DON Cyber IT/CSWF) Management and Qualification
Related CHIPS Articles
“DON Cyberspace (Cyber) IT and Cybersecurity Workforce Credentialing”
“DON Cyberspace (Cyber) IT and Cybersecurity Workforce — Who Are We?”