KEYPORT, Wash. (NNS) -- A small training team at the Naval Undersea Warfare Center (NUWC) Division, Keyport has taken cybersecurity certification training to the next level in an effort to speed up the process and save the federal government thousands of dollars.
In 2007, the Navy mandated that all active duty information systems (IT) personnel must have credentials that meet standards such as the Certified Information System Security Professional (CISSP) certification maintained by (ISC)2, the leading cybersecurity certification agency in the industry.
Daryn Bartlett, cybersecurity branch manager for NUWC Division, Keyport, said the Navy only had five percent of the active duty force certified by 2010. In order to meet the shortfall, Bartlett said he and other reservists began teaching the certification courses in order to qualify the IT warfighters.
“In 2012, I came to Keyport and started working in the cybersecurity branch and found there were still DoD civilians who also did not have their cybersecurity certifications,” Bartlett said. “So, I raised my hand and said I’d be happy to help. I started teaching these classes for NUWC Division, Keyport in 2014.”
By 2019, the Department of Defense recognized the need for not only certifying all its active duty and civilian cybersecurity professionals, but also recognized the need to utilize the highest level certifications in the industry. Naval Sea Systems Command (NAVSEA) set a tight schedule to bring its workforce into alignment with the DoD’s direction.
“All warfare center personnel were mandated to be qualified by the end of 2019,” Bartlett said.
Although the mandate was set by NAVSEA, there was no additional funding put in place to send cybersecurity personnel to the civilian schools. Bartlett began looking inside NUWC Division, Keyport for a way to fulfill the mandate.
Jamal Knox, an IT Specialist at NUWC Division, Keyport, has partnered with Bartlett to launch a pilot program teaching the required courses to enable the NUWC Division, Keyport cybersecurity workforce to obtain the required certifications at a substantial savings to NAVSEA and the Navy.
“Right now we’re teaching the CompTIA Sec+ course, which is pretty much the basic level certification,” Knox said. “Our first course was taught in July, and that was the CISSP course. The Sec+ course costs about $2,400 per person, and the CISSP course can cost upwards of $5,000 per person if we send people out for the company to teach them. For us to be able to teach them here saves time and money.”
The current Sec+ class has 18 students. By teaching those 18 students in-house at NUWC Division, Keyport, Bartlett and Knox are saving the Navy nearly $35,000. The inaugural CSSIP course had 12 students in it. Knox said teaching those 12 students on board NUWC Division, Keyport saved the Navy over $30,000. In an era of tight budgets, Bartlett and Knox’s efforts are squarely in alignment with the NAVSEA Campaign Plan 2.0’s goal of maintaining a culture of affordability while also ensuring NAVSEA’s people are equipped with the latest tools necessary to do their jobs.
Bartlett said Knox spearheaded the design of the curriculum for the course. Knox is the most recent member of NUWC Division, Keyport to obtain the CISSP certification, and that placed him in the right position to know how to develop the course material.
“The CISSP exam is the hardest industry certification out there,” Bartlett said. “It has a very high failure rate. Jamal pulled pieces from different resources and found a great book we can use. With my experience in teaching we took Jamal’s curriculum and taught this course.”
Bartlett said the industry standard for failing the CISSP exam on the first try is 70%. In other words, 70% of those who take it have to take it at least a second time in order to obtain the CISSP certification. Bartlett said six students who took the inaugural CSSIP course have taken the exam, five have passed.
“Five of the six who have gone through the CSSIP course have passed, so that’s an 84% success rate,” Bartlett said.
Bartlett stressed these courses are not entry-level training for cybersecurity personnel. These courses are designed for those who already have an in-depth knowledge of the industry and are ready to begin moving forward to the high-level certifications.
“Students need to have a basis for the exam,” Bartlett said. “They need to have been preparing in some form or fashion, and we’re there to clear the picture, to prepare them for the types of questions and how the material is presented on the exam.”
Bartlett said the first course’s success rate justified his and Knox’s proof of concept. The next step is to have NAVSEA leadership look at the program. The significant savings obtained by teaching the certification courses in-house could potentially save NAVSEA hundreds of thousands of dollars, and the high success rate of students from Bartlett and Knox’s pilot course is evidence the program also produces highly equipped personnel.
“We’re ready to move forward, not just for NUWC Division, Keyport, but for NAVSEA and the other Warfare Centers,” said Bartlett.