For most organizations the answer is a resounding no, according to Department of Defense’s Office of Inspector General (IG). It’s another progress report on DoD security efforts that point to how long it has taken the government to adapt to today’s threats.
The report noted the importance of security structure in addressing persistent threats, including preventing the next Wikileaks or Fort Hood. But while security reviews and audits of security training and education have been done, “the process for training and certifying DoD security professionals remains fragmentary with no standardization across the security enterprise.”
Security managers surveyed in the report noted that most training occurs on-site, on-the-job, or online. While two-thirds of respondents felt that security training prepared professionals for their responsibilities, the fact that most of the training occurs on-the-job means there is lost time in building up security skills. And with military rotations forcing some individuals to move onto new assignments after as little as 18 months on the job, organizations go through frequent cycles of having to re-train security staff.
Training funding was also cited as an issue. With training funds considered a low priority, commands often reallocate those dollars to meet other needs.
The undersecretary of intelligence has been developing the Security Professional Education Development (SPeD) certification program since 2009, but there are fears that program may never be implemented. The SPeD program isn’t a requirement until 2017, with program officials advocating that a slow build-up period allows for lessons learned to be implemented as the program progresses.
The Defense Advanced Research Projects Agency (DARPA) was listed as one of the few bright spots in DoD security training. DARPA utilizes contract and civilian security experts, with an average of 24-years of security experience. Unlike many agencies, DARPA’s security personnel perform security as a primary, rather than a collateral duty.
