The DoD Cyber Workforce Framework

The DoD Cyber Workforce Framework

Officials at the Pentagon have created a new program designed to address what officials consider to be one of their primary dod cyber workforce challenges – recruiting and retaining qualified personnel.

Direct Aim at the Department of Defense’s Biggest Challenge

Utilizing a structured taxonomy, this standard framework organizes 54 work roles into seven categories and 33 specialty areas using taxonomies – creating baseline qualifications according to proficiency level for each role.

What is the DoD Cyber Workforce Framework?

The Pentagon’s most significant challenge when it comes to its cybersecurity workforce is not recruiting personnel, but keeping them. Thus, it comes as no surprise that today they released their new cyber workforce strategy which takes direct aim at this problem.

The new policy series seeks to address four distinct challenges faced by the department, such as no common criteria for identifying cyber workforce requirements, limited ability to assess current employees’ capabilities and high attrition rate among highly skilled personnel. The plan, which extends through 2027, seeks to remedy those problems by initiating enterprisewide workforce development initiatives and providing employees with opportunities to hone their skillsets further.

As part of its efforts to do so, the Defense Department has initiated its Cyberspace Workforce Qualification and Management Program. This initiative includes all DoD civilian and military personnel; its aim is to codify cyberspace work roles into an existing taxonomy known as DCWF that provides structured lists of duties. Furthermore, this framework contains multiple levels of proficiency allowing DoD components to assign workforce positions by skill.

DCWF not only codifies workforce roles but also establishes cyberspace competency standards. Qualification requirements of DCWF’s qualification requirements encompass foundational knowledge, skills and abilities as well as residential qualifying areas and continuing professional development; DoD personnel must meet those for their assigned work role and level of proficiency to be able to perform their duties effectively according to slides released ahead of AFCEA WEST 2023 conference presentation this week.

Gorak announced that DoD plans to release its cybersecurity workforce implementation plan shortly, along with its cybersecurity strategy. This plan will contain an action list for over the next five years and performance indicators to measure their impact. DoD hopes its new effort will enable it to identify, recruit and develop top talent globally while creating a transparent process for setting requirements and developing cyberspace competencies. Furthermore, DoD plans on increasing partnerships with academic institutions and industry, which should help graduates graduate equipped with necessary skills as well as give employers a fuller picture of an employee’s qualifications.

What are the DoD Cyber Workforce Specialty Areas?

The Defense Department (DoD) is revamping its cybersecurity efforts in order to prepare for future battlefields in cyberspace. Their new cybersecurity strategy seeks to identify, recruit, retain and develop talent while meeting evolving security threats – this strategy centers around three main elements – identifying work roles; setting qualifications; and instituting policies and procedures.

DoD has developed the Cyberspace Workforce Framework (DCWF), an organizational-wide system for managing an effective cyber workforce. This document contains thorough descriptions of DoD cyber positions with their related qualifications as well as guidance for qualification processes for personnel assigned these roles.

DCWF also serves to unify military cyber community education and training efforts. It identifies specific work roles within each discipline, enabling instructors to develop courses to address multiple roles at once within one discipline and commanders to assign appropriate training based on workforce needs.

The Department of Defense (DoD) is in search of talented workers to protect its infrastructure against cyber threats. Recently, it unveiled a new initiative – known as Federal Cybersecurity Workforce Assessment Act 2015 (FCWAA ’15) – designed to identify and code federal jobs which form its cybersecurity workforce. The FCWAA ’15 initiative addresses the need for more streamlined management of its military’s cybersecurity workforce.

DoD’s new cyber workforce strategy utilizes the Cyberspace Workforce Framework to classify employees based on their actual job functions instead of military or civilian titles. Prior to its release, tracking employees who performed IT and cyber work was difficult because their duties often fell under other titles; with this new lexicon in place, tracking these workers is expected to become much simpler while assuring they receive proper training and certifications.

WillCo Tech’s proprietary CyberSTAR platform is a DoD 8140 compliant system designed to automate the monitoring, management, and alerting of cyber workforce credentials and compliance for use within the Federal Government. Since 2007, EC-Council has held multiple certifications that aid training and certification of DoD members worldwide – helping develop capability development of US military forces and DoD components alike.

What are the DoD Cyber Workforce Work Roles?

The Pentagon faces an uphill struggle when it comes to developing its cyber workforce: not attracting personnel but keeping them. With over 60% vacancies for Cyber Defense Forensic Analysts, Privacy Compliance Managers, and Target Network Analysts remaining vacant at any one time, hiring more isn’t sufficient; thus the 2023-2027 Cyber Workforce Strategy released today by Mark Gorak, DoD Chief Information Office Principal Director for Resources and Analysis takes a direct shot at solving this problem.

A key focus of the strategy spanning fiscal 2021-2027 will be to recruit, develop, retain, and mature the workforce through programs including expanding cyber education and training offerings, creating new pathways into employment opportunities, and expanding professional certifications such as Security+.

Goal of this strategy is to make it easier for civilian and uniformed workers, contractors, and consultants alike to gain the necessary skills they require for effective performance in their roles. It does so by identifying specific cyberwork roles within a department and standardizing qualification requirements; and improving talent development, analytics, and career management to support meeting its cybersecurity mission.

Another key element of the cyber workforce framework is moving away from job titles and occupational series towards roles. Instead of placing emphasis on an individual’s security clearance level alone, this strategy outlines 71 work roles ranging from “Cyberspace Mission Support” to “Control Systems Unique Work Roles.”

As well as taking a role-based approach, the cyber workforce framework will set enterprise baseline requirements that apply across departments. This includes outlining qualifications and requirements for each work role as well as specifying skillsets required to perform them successfully.

The Defense Department plans to use its framework for hiring and evaluation purposes as well as creating training opportunities and expanding partnerships. Furthermore, this strategy seeks to bring about culture change within the department to optimize talent management practices, foster continuous learning environments, and expand cybersecurity teams with diversity.

What are the DoD Cyber Workforce Qualifications?

The Department of Defense is responding to the growing cybersecurity skills gap by revamping its approach to recruiting, training and developing its workforce. Their new framework can serve as an inspiration for public and private organizations facing both a shortage of qualified personnel as well as threats from cyberattackers.

The DoD Cyberspace Workforce Qualification and Management Program establishes enterprise baseline requirements by work role and proficiency level to align the cyberspace workforce with mission capabilities. It identifies a series of education, training, personnel certification requirements for all work roles in DoD cybersecurity ecosystem. These requirements can be divided into foundational qualification areas; resident qualification areas; and continuous professional development (CPD) areas.

These requirements are established to ensure that all work roles are staffed with personnel who possess the competencies required for performing their assigned duties at the highest levels of competence. These requirements may include formal education and experience combined with industry certifications like EC-Council; nonformal courses from community colleges or technical schools may also qualify individuals. The Cyber Workforce Management Board allows this type of nonformal education as a qualification measure for certain cyberspace work roles; certifications like these from organizations like EC-Council are often accepted to meet qualification standards.

For those without degrees, the CWMB has established a process for them to demonstrate the equivalent of college-level academic degrees through continuous work experience in relevant disciplines. OSD and DoD Components must establish processes to document, review, validate, and approve cyberspace work to recognize those able to demonstrate expertise in this crucial security domain.

Resident qualification areas are an integral component of the Department of Defense Cyberspace Workforce Qualification and Management Programme. Their requirements are specifically tailored for each work role as per DoD Directive 8140 responsibilities, with particular attention paid towards cultivating key knowledge, skills, and abilities (KSAs) needed for performing each role successfully.

These requirements are overseen by OSD and DoD components and may include training, personnel certifications or on-the-job experience. At least 70% of core task and KSA content for each work role must be covered within each proficiency level to ensure consistency and that residents gain all of the knowledge required for fulfilling their responsibilities successfully.

Sam is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.