Today's plan for tomorrow's cybersecurity workforce: using metrics to ensure compliance.
[ILLUSTRATION OMITTED] A primary challenge for the Department of the Navy Chief Information Officer (DON CIO) is planning and preparing for future workforce roles and training. As stealthy assaults on DON systems and networks multiply, much is expected of the cybersecurity workforce (aka Information Assurance and Computer Network Defense Service Provider (CND SP)). Therefore, it is essential that IA professionals be equipped with the skills they need to be successful. From the IA systems architect, to the system administrator, to the computer network defense analyst and incident responder, the team must work together across cyberspace in the development, operation, defense and security of information systems. The teams must be given time to prepare and do their work with the tools to accomplish the mission, the training to enhance their skills, and the technical information to do well in their jobs. To standardize and improve cybersecurity workforce skills, the Defense Department directed the services to implement DoD 8570.01-M, "Information Assurance Workforce Improvement Program (IA WIP)." The program requires the DON to identify IA positions, identify the IA workforce (IAWF) and ensure members are appropriately trained and commercially certified to fulfill their job functions. In addition to the DoD IAWF improvement mandate, service IAWF commercial certification status must be reported to Congress each year in compliance with the Federal Information Security Management Act (FISMA). Recently deceased DON Senior Information Assurance Officer, Mr. John Lussier, chartered the IAWF Management Oversight and Compliance Council (IAWF MOCC) to ensure compliance with DoD 8570.01-M and FISMA. Led by an executive board, all Echelon I and II and major subordinate command IAWF managers and stakeholders are invited to participate as we work collaboratively to bring IA, CND SP and Information Assurance System Architecture and Engineering (IASAE) certification and training requirements into compliance. In its oversight role the MOCC membership will: [check] Sustain discipline in IAWF management implementation plans, processes and procedures; [check] Review Budget Submitting Office manpower requirements to ensure the enterprise is resourced to effectively deliver the cybersecurity mission; [check] Oversee the health of the IAWF and support improved hiring practices that allow the services to hire the best personnel; [check] Develop career path recommendations to include enhanced training and rotational plans for developing leaders in cybersecurity; and [check] Ensure FISMA compliance. Services are required to meet certain implementation milestones over the next two years with full sustainment by 2011. Access to accurate IAWF electronic data is critical to ensuring the workforce is appropriately trained, mentored and commercially certified. User friendly workforce management tools will not only free personnel from annual hand counts, but also validate command self-reported implementation status. To accomplish stringent oversight and compliance capability, the MOCC uses metrics tools such as compliance checklists, IAWF management assist visits, audits, inspections, red and blue team visits, the Defense Readiness Reporting System (DRRS) and a total workforce management dashboard. The workforce management system pulls data from authoritative sources and displays military, civilian and contractor information in one view. These management tools allow leadership to clearly view IAWF status and enable better analysis for future workforce needs. As George Bieber, from the Defensewide Information Assurance Program (DIAP) office recently stated, "I applaud the DON for standing up the MOCC. Its oversight capability and compliance authority is a major step that will ensure its IAWF, as a whole, can achieve the cybersecurity mission, and that each individual has the opportunity to achieve his or her personal growth leading to a successful IT career. This is especially important because once the IAWF improvement program is fully implemented, personnel will require certification if they are to continue doing their job, and this applies equally to uniformed personnel, government civilians and contractors." The DON's vision of a highly skilled cybersecurity workforce is attainable. Through command visits and electronic data transparency, the IAWF MOCC will have a clear understanding of the IA workforce skill level and will be able to shape workforce modernization. The MOCC governing board will initiate an ongoing conversation with Navy and Marine Corps command information officers and IA managers about the commercial certification status of their individual IAWF members. This two-way communication will be very important as we all work to ensure Information Assurance Workforce Improvement Program compliance. For more information, go to the DON CIO Web site: www.doncio.navy.mil. Mary Purdy supports the DON CIO as the IAWF MOCC facilitator. |