Falling Waters, W. Va., Is the location of the VA’s National IT Training Academy. The federal act on the expansion of cybersecurity provides for the federal cyber workforce to be strengthened through basic and advanced training. (Veterans affairs)
Infosec’s education and training professionals welcome a recently proposed bipartisan bill that, when signed into law, will encourage federal cyber workers through a training program at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and one of the Veterans Affairs Department.
However, one expert said the deadlines this law would give agencies are too generous to generate the much-needed short-term workforce recruitment. And cyber experts said that success or failure depends on the structure of the program while familiar with the concept.
In late June, Sens. Maggie Hassan, DN.H., and John Cornyn, R-Texas tabled bipartisan bill, the Federal Cybersecurity Workforce Expansion Act, which would add a new section to the Homeland Security Act of 2002 to create staff programs based on the recommendations of the Cyberspace Solarium Commission.
By law, CISA would have two years to establish at least one Department of Labor-approved apprenticeship program that would result in full-time or contract employment with the government agency. The program would need to focus on developing the specific skills needed to meet CISA’s staffing needs and, in order to provide adequate training, the Agency should work with “Eligible Bodies” who have knowledge and experience in the development of Cyber staff.
In the meantime, the VA would be given a year to set up its own pilot program for former members of the armed forces who would like to qualify in the cyber field and move on to a professional Infosec career. The program would need to be aligned with the NICE framework (National Initiative for Cybersecurity Education Cybersecurity Workforce) and include virtual courses / training, hands-on labs and assessments, and work-based learning opportunities at the federal level.
“It’s exciting to see the federal government viewing apprenticeships as a way to grow their workforce,” said Tony Bryan, executive director of St. Louis-based apprenticeship organization CyberUp. “The model is similar to something I experienced during my military service. Shortly after September 11th, the US air posts attempted to increase their workforce by transitioning veterans. A program has been designed to recruit veterans into the program and successfully bridge the military-to-US marshals gap and meet federal employment needs. If done right and with the right partners, CISA should have the same success in growing its people over the next few years. “
Several experts noted the high demand for cybersecurity specialists in the public and private sectors. However, the former in particular have difficulties in recruiting and retaining talent, as they usually cannot pay as well as companies. But this new law would help open up new talent pools.
“I think it’s a great idea. It’s innovative, out-of-the-box thinking, ”said Roger Grimes, data-driven defense evangelist at KnowBe4. “It’s a shame we didn’t start 10 years ago. It’s a super simple, obvious solution to a problem we have. “
While Grimes admitted that he is suspicious of government-backed solutions and can find that federal agencies tend to be too slow, he said that CISA is a significant exception to the rule. “It’s only been around for a few years, but it was the most impressive cybersecurity government organization I could ever imagine.” And combining the efforts of CISA with the Department of VA is a great two-for-one.
A legislative summary states that CISA “requested sufficient lead time to set up the program so that it would be effective rather than myopic because it was created in a hurry”. This was an area that several experts were critical of.
“Anything that is meant to get more educated people into the [cyber] Jobs is a good thing, ”said Lamar Bailey, Tripwire’s senior director of security research. “The problem with this act is timing. CISA has up to two years to implement this program. We have several private organizations, universities and colleges that already have programs. If these can be viewed as ‘Authorized Entities’, this program could run much faster. “
Bailey shared a similar opinion for the proposed Department of VA program, saying, “The schedule needs to be accelerated and can be done in phases with different training certifications – that will make a difference in the near future.”
Grimes offered his own take on what he hopes the CISA and Department of VA programs would teach aspiring cyber professionals should the law ever pass through Congress and be signed by President Joe Biden. First and foremost, he wants a focus on risk management and prioritization, including “looking at the most likely threats and combating them first and best”.
“The reality is that three or four types of attack are responsible for almost all computer security attacks today: social engineering, unpatched software, weaknesses in authentication passwords, and problems with remote access control. Those three or four things are responsible for almost all attacks, ”Grimes said. Yet, “The problem with a lot of these programs is that they’re trying to cover 200 things and they’re going to spend money [only] 30 minutes of social engineering ”, which is so important to understand.
“So when you teach these students, you make sure they understand the principles of risk management – and that they are not only focused on how businesses are most likely to be attacked, but also trained in that way themselves. [So] that they spend more time on social engineering, more time on patch management, more time on identity management and authentication. Because that is our problem now: We have a lot of people who are great generalists, [but] We really need an army of people who focus on the most likely threats first. “
source https://collegeeducationnewsllc.com/proposed-law-seeks-to-boost-federal-cyber-workforce-thru-apprenticeships/
No comments:
Post a Comment