The Department of Defense just pushed out its 2023-2027 Cyber Workforce Strategy, detailing its way ahead on how the agency plans on tackling a profession in which 25% of the 150,000 positions relating to cyber remain unfilled. While the document is only 23 pages long, here’s how the DoD plans to approach hiring and retaining a cyber workforce.
Focus Areas for the DoD Cyber Workforce Strategy
There are two focus areas of the strategy: pillars and goals.
1. Pillars
The pillars are as follows:
Identification — The processes of determining workforce needs or requirements and the potential or incumbent workforce to meet them.
Recruitment — Identifying and attracting the talent needed to meet mission requirements and the process of evaluating the effectiveness of recruiting efforts.
Development — Understanding individual and team performance requirements and providing the necessary opportunities and resources to satisfy those performance requirements.
Retention — The incentive programs the Department employs to retain talent and the process of evaluating the effectiveness of the incentive programs.
2. Goals
The goals of the workforce strategy are as follows:
GOAL 1 – Execute consistent capability assessment and analysis processes to stay ahead of force needs.
GOAL 2 – Establish an enterprise-wide talent management program to better align force capabilities with current and future requirements
GOAL 3 – Facilitate a cultural shift to optimize Department-wide personnel management activities.
GOAL 4 – Foster collaboration and partnerships to enhance capability development, operational effectiveness and career broadening experiences.
Zeroing in on the Proposed DoD Culture shift
Of particular interest to me and perhaps this audience is Goal 3, which is broken down into several objectives.
Goal 3 Objectives:
3.1 Establish a Cyber Workforce Development Fund to accelerate implementation activities and enable training throughout to match demand.
3.2 Champion remote work flexibilities and policies to expand opportunities across the cyber workforce.
3.3 Review the application of existing authorities to include and attract a broader pool of talent. 3.4 Apply security clearance requirements appropriately for cyber positions, billets and personnel to increase positional flexibility.
3.5 Establish a mechanism for part-time surge support based on emergent mission need.
3.6 Expand Cyber Excepted Service (CES) authorities to optimize program capabilities and increase attractiveness for talent.
While there are specific details, according to DoD that will be rolled out later, some questions instantly bubble to the surface.
- How much work can someone really do remotely in DoD Cyber Positions within the limits of security and data protection?
- What do they mean by reviewing the application of of existing authorities to include and attract a broader pool of talent?
- Will this affect medical and physical qualifications of the uniformed services in that cyber operators will have different standards and routes to commissioning?
- Finally does “applying security clearance requirements appropriately for cyber positions, billets, and personnel to increase positional flexibility” mean that Top Secret clearances are not necessarily needed for many of the cyber jobs and a Secret clearance is satisfactory (which according to many DoD cyber operators and contractors I have talked to seems to be the case.)?
Not sure when these details will be converted to new policy or pushed into action, but it will be interesting to see how much culture will really be shifted going forward.