I recall being put on a cyber contract and wanting to pull my hair out when it came to IAT certifications. Perfectly amazing candidates who just had not obtained the required certification yet were immediately a hard no.
Hearing a ‘no’ based on a certification alone, when the candidate matches every other piece of the puzzle like location, salary, or experience can be frustrating or discouraging.
The DoD 8570 has been the manual that lists the baseline IT certifications that the DoD requires of its workforce. Any DoD IA or cyber professional needs one of the certifications for their job category or level. This chart may look familiar to any recruiter trying to identify a cleared cyber candidate:
DoD 8570 Approved Certifications
| IAT Level I | IAT Level II | IAT Level III |
| A+ CE CCNA-Security CND Network+ CE SSCP |
CCNA-Security CySA+ ** GICSP GSEC Security+ CE CND SSCP |
CASP+ CE CCNP Security CISA CISSP (or Associate) GCED GCIH CCSP |
| IAM Level I | IAM Level II | IAM Level III |
| CAP CND Cloud+ GSLC Security+ CE HCISPP |
CAP CASP+ CE CISM CISSP (or Associate) GSLC CCISO HCISPP |
CISM CISSP (or Associate) GSLC CCISO |
| IASAE I | IASAE II | IASAE III |
| CASP+ CE CISSP (or Associate) CSSLP |
CASP+ CE CISSP (or Associate) CSSLP |
CISSP-ISSAP CISSP-ISSEP CCSP |
| CSSP Analyst | CSSP Infrastructure Support | CSSP Incident Responder |
| CEH CFR CCNA Cyber Ops CCNA-Security CySA+ ** GCIA GCIH GICSP Cloud+ SCYBER PenTest+ |
CEH CySA+ ** GICSP SSCP CHFI CFR Cloud+ CND |
CEH CFR CCNA Cyber Ops CCNA-Security CHFI CySA+ ** GCFA GCIH SCYBER PenTest+ |
| CSSP Auditor | CSSP Manager | |
| CEH CySA+ ** CISA GSNA CFR PenTest |
CISM CISSP-ISSMP CCISO |
While there are many more programs helping candidates obtain these certifications now, companies may want to start thinking more about certification benefits as a tool to attract or retain cyber talent.
Last month, the Chief Information Officer (DoD CIO), released the 8140.03 Cyberspace Workforce Qualification & Management Program, AKA DoD 8140, which replaces DoD 8570. Peter Suciu, ClearanceJobs, noted, “DoD 8140 was designed to be more flexible and inclusive than DoD 8570, and DoD 8140 included initiatives such as NIST NICE (National Initiative for Cybersecurity Education), which identifies critical KSAs (Knowledge, Skills, and Abilities).”
The new and improved 8140 will certainly help to build out a cyber ready workforce and DoD cyber defense capabilities. But what does it mean for recruiters getting fresh candidates in the door?
Where it was important to understand the baseline certifications that are approved for candidates according to your cyber contract requirements, it would be best to brush up on the newly released manual here. One thing that may give recruiters a sigh of relief is that experience may be accepted as an alternative to foundational qualification requirements, according to the manual. Time will tell, especially as the Pentagon prepares its new cyber workforce strategy to manage staffing and recruitment efforts.
