The Federal Cyber Reskilling Academy effort is part of the Administration’s commitment to developing a federal workforce of the 21st century, as outlined in the President's Management Agenda and the recent Government Reform Plan. The agenda calls for reskilling current federal employees as a means to fill vacant cybersecurity positions. To that end, the Federal CIO Council launched the FCRA, which just graduated its first Cohort.
The FCRA is a three-month program to provide hands-on cybersecurity training to non-IT federal employees. More than 1,500 government employees applied for 25 slots, according to the Department of Defense Chief Information Officer. The DoD had five individuals to graduate in the first Cohort. They ranged from an IT budget analyst to economist.
While these individuals are not guaranteed cybersecurity positions as a result of completing the course, some may be viable candidates for entry level positions.
The Academy training is offered at no cost to students. Individuals are responsible for obtaining their supervisor’s approval for participation and must comply with their agency’s specific policies related to training. The Academy does not cover travel costs.
The Office of the Department of the Navy CIO is eager to offer its congratulations to the DON graduate, Janet Marks, and to highlight the FCRA program and Ms. Marks’ achievement.
CHIPS senior editor Sharon Anderson interviewed Ms. Marks, who works in the Naval Air Warfare Center Aircraft Division of Naval Air Systems Command, in mid-July.
CHIPS: First, Janet, many thanks for agreeing to participate in an interview and congratulations on your accomplishment!
Ms. Marks: Thank you.
CHIPS: What is your current job and is this the position you were in prior to taking the FCRA course?
Ms. Marks: Yes, I am a payload engineer for Triton [MQ-4C Triton, an autonomously operated system that provides a persistent maritime ISR capability using multiple maritime sensors.]
CHIPS: And that is what you are doing now?
Ms. Marks: Right, because the FCRA was a three-month detail and then it turns you right back to your original job.
CHIPS: How did you hear about the Federal Cyber Reskilling Academy opportunity?
Ms. Marks: I was on a mailing list for the SANS [Institute] newsletter and I saw an announcement and I went to the CIO.gov website to check it out, and I said, yes!
CHIPS: Why did you apply, for example, to add to your current skills or are you interested in pursuing a new career field?
Ms. Marks: I had always been interested in networking and cybersecurity. Occasionally, I had brushed up against that in my job, but it is extremely difficult to shift technical disciplines without training and credentials. While I was always interested, there was no way I could break in without real credentials. So when I saw the FCRA [announcement], I jumped at it because it was a chance to get the cyber knowledge and credentials to add more to my electrical engineering skills.
CHIPS: Do you have an engineering degree?
Ms. Marks: Yes, I have an electrical engineering degree.
CHIPS: Can you describe the process to apply to the Academy?
Ms. Marks: First, I really appreciated the FCRA was open to a wide series of jobs and grade levels —wide open. You made your job application in USAJobs directly to the program. There was no pre-screening by command or agency. After the initial USAJobs screening, to make sure you met the minimum requirements criteria, the next step was taking a cybersecurity aptitude test, which was a vetted test to measure your problem-solving abilities and thought processes. The test scientifically measures an ability to have success in the cybersecurity field.
CHIPS: You didn’t need a command or supervisor recommendation for the application?
Ms. Marks: No, not at all. It was wonderful. Anybody across the entire federal government who was interested and met the minimum criteria could apply. That was the beauty of it. After doing well on the aptitude test, you moved on to the next phase. You had to submit a personal statement about why you want to take the program and what you would do with the training afterward. Then you went through an individual interview. Through that [process] we necked down to 24 folks in the Cohort.
CHIPS: Who interviewed you, someone from Human Resources?
Ms. Marks: No, individuals from the FCRA, the CIO’s office and the Department of Education.
CHIPS: Was the application process difficult?
Ms. Marks: No, the steps were laid out. Like any other USAJob application, you just followed the directions. The aptitude test was fun. It was a timed-test, not too long. You just followed the steps, and it wasn’t confusing at all.
CHIPS: Can you describe the training you received?
Ms. Marks: We had three bootcamp-style classes in Washington, D.C., sponsored by the Department of Education. We were in their building for two of them. Then we had one online class. All the classes were taught by SANS, they were under contract to provide this training. The classes were a mixture of lecture and labs. We brought our own computers; we were on virtual machines so we could practice real-world skills, practice what we were learning in class.
The SANS instructors were phenomenal. We had their top-notch instructors. At the last class session, we were actually at a larger training event in D.C., so I had the opportunity to participate in a SANS DFIR NetWars Tournament, which really hooked me on digital forensics.
Along with the training, we had weekly mentoring session phone calls and we had continual support from the FCRA, OMB (Office of Management and Budget), the CIO office and Department of Education folks.
In between the classes, we had study for the certification exams. Normally, after training, you would have four months to study for the exams but because of the pace of the program, we compressed to three weeks to study per exam.
CHIPS: Sounds pretty intense! Did you have to do a lot of studying and work outside of class?
Ms. Marks: Yes, it was. You were full-time learning and studying, probably more than eight hours a day. Even when you were not in class, you had four and five-hour exams to study for. It was an intense three months.
CHIPS: Can you name the specific certifications that you earned?
Ms. Marks: GIAC (Global Information Assurance Certification) Security Essentials (GSEC) and GIAC Certified Incident Handler (GCIH).
CHIPS: Were you satisfied with the training; did it live up to your expectations?
Ms. Marks: Absolutely. If you are doing something you really like, you don’t mind putting the time into it. The time goes by so fast. It actually exceeded my expectations.
CHIPS: Would you recommend the FCRA to other folks, and what advice would you give them?
Ms. Marks: Yes, I would absolutely recommend it to others. I would say to folks, if you are not a technical person, don’t limit yourself. My class cohort included many people with no technical background who were absolutely successful. If cybersecurity is something you are interested in, you can start from the ground up. You don’t have to be an engineer or programmer or IT professional. We had lawyers and biologists — people from all different disciplines — were able to succeed in this class.
The FCRA program was very supportive and we had support all the way around — the CIO’s office, Department of Education, SANS — they were all so invested in our success. That kind of support makes you feel like you can move mountains. How can I not succeed? My fellow students came from all different disciplines, job series, and we all quickly united in our quest to learn. It was just a great, great environment to be in.
CHIPS: Are there any other cybersecurity courses or certifications that you would like to take?
Ms. Marks: I would love to learn more about digital forensics and zero-trust architecture. I am looking for a position to utilize my new cybersecurity skills in conjunction with my experience in avionics and engineering. Ideally, either in intrusion detection plus digital forensics or cyber resilient system design.
CHIPS: Wow, you really gained a lot of knowledge!
Ms. Marks: Yes, I did.
CHIPS: Can any of your new skills be applied in your current job?
Ms. Marks: I have some ideas… but not much is applicable right now.
CHIPS: Are you looking for a career change?
Ms. Marks: I would call it a career shift. I think 29 years of avionics system engineering experience can be used in a cybersecurity-related job.
CHIPS: Do you want to apply your new skills at NAVAIR?
Ms. Marks: Right now, I am not in a position to physically relocate, but I believe there is a need for my new skills in NAVAIR. I haven’t quite found the billet yet.
CHIPS: Is there anything else you would like to add?
Ms. Marks: The CIO’s office is hoping that the FCRA will scale up and become a repeatable process to train more folks in the cybersecurity field. My personal hope is that the application process remains wide open to all job series, pay grades and commands — that no billet filtering, pre-screening or pre-selection occurs because you never know where talent may lie.
A similar program was done in the U.K. and had people come from the most unexpected places, for example, a bartender went into cybersecurity.
CHIPS: It’s amazing that people from different walks of life can succeed in such a highly technical field.
Ms. Marks: It’s the mindset, the problem-solving, the intrinsic ability — then it’s just a matter of quality training and the knowledge you gain from practical experience.
CHIPS: You are a very articulate spokesperson for the FCRA. Thank you for your time.