Few commercial enterprises, critical infrastructure entities and government agencies have a comprehensive cybersecurity workforce planning strategy in place. In fact, the increasingly sophisticated threat environment makes cyber workforce planning a formidable challenge and a mission-critical priority.
Now more than ever, technology alone cannot sustain a powerful cyber defense. People are the most significant component of cyber readiness, and that means the time is now for developing and implementing a cybersecurity workforce planning strategy for hiring and developing the best and brightest human resources. Government agencies are vulnerable points of entry into the nation’s critical infrastructure and therefore must vigilantly combat the cyber crisis, which President Obama recently called “one of the most serious economic and national security challenges we face as a nation.”
Chief information security officers and their teams are faced with a daunting challenge: developing a cybersecurity planning strategy aligned with agency performance goals and mission objectives. Talent acquisition and development expertise do not typically fall under the purview of information security infrastructure managers, and these information technology leaders are often unsure of where to turn for help.
But there is hope: Proven practices to develop, deploy and manage cybersecurity workforce planning programs often exist within your organization. Information security teams can bring their subject-matter expertise to human capital management experts, who can assist with workforce planning. CISOs who continuously collaborate with their chief human capital officer allies will ensure that they have the resources and infrastructure to build, develop and sustain a resilient and globally competitive organization.
To support your organization’s mission and objectives, you must develop an aligned human strategy. Will you be able to achieve your organization’s objectives with your current talent? Are there enough people with the right skills to address today’s and tomorrow’s challenges? A solid workforce strategy that supports your organization’s mission is required to accomplish objectives.
So how does one measure these skills and competencies against current and projected requirements and engage these next-generation cyber warriors? By conducting a gap analysis. After setting a strategic direction for your workforce plans, an effective workforce gap analysis assesses workforce capabilities, deficiencies and vulnerabilities.
The first step — defining the size of your cybersecurity workforce — is a challenging task for most agencies. Many of those responsible for cybersecurity sit outside the bounds of the traditional security organization. That and the lack of a government occupational series specific to cybersecurity make it difficult, but nevertheless necessary, to identify the job roles and work responsibilities that fall under the cybersecurity umbrella.
Consider asking some key questions: Is your workforce capable of preventing and mitigating vulnerabilities to maintain the security of federal information systems? How many and what kind of cybersecurity professionals will you need to hire to fill the gap? How will you ensure that your employees are consistently expanding their cybersecurity skills to effectively respond to the ever-changing threat?
Last year, PDRI helped construct the National Cybersecurity Workforce Framework as part of the larger National Initiative for Cybersecurity Education. This foundational framework defines the federal cybersecurity workforce according to a unified lexicon and taxonomy. Agencies able to leverage the standard definitions for cyber professionals and the framework implementation guidance can align their cybersecurity positions and practices to the common structure and use it as a launchpad. Once organizations develop targeted cybersecurity talent management strategies focused on mission objectives, they must quickly transition to integrating and implementing all the components — hiring, training, developing and retaining — to acquire and engage next-generation cyber warriors.
Mandatory for success is the ongoing measurement and evaluation of the impact of cybersecurity workforce planning and development programs. The number of reported security incidents during the past year may serve as a useful indicator of program value. If the number is high or growing, the right people with the right skills are not in the right place; revisit your cybersecurity workforce planning strategy and determine why you are not achieving desired outcomes.
Are you accurately assessing cyber capabilities within your organization? Are you attracting and hiring the right number of cybersecurity professionals with the requisite skills to meet current and future needs? Are you closing the gaps identified in the analysis?
Savvy security organization leaders will coordinate closely with human capital experts across the aisle. Together they will design a robust cybersecurity workforce planning blueprint, based on comprehensive assessments of current capabilities and future requirements. Resulting talent management initiatives will ensure the ability to acquire and retain high-caliber professionals for tomorrow’s federal cybersecurity workforce.
Maya Yankelevich is a senior human capital consultant at PDRI, a developer of human capital and training solutions for federal and private-sector organizations.