The Defense Department is poised to implement some changes that could dramatically expand the options available to current and prospective employees who need to get certified in one of DoD’s growing number of cyber and IT specialties.
As of now, for each of DoD’s work roles, there are only a relative handful of accredited training courses to choose from — mainly because of the slow, manual process that’s currently used to ensure the programs meet the department’s requirements. But in the coming weeks, DoD plans to roll out an automated process that should make it significantly easier for training providers, both in and outside the department, to show their programs meet the rigor DoD wants.
“It takes about six months, and we can do about 60 to 100 [programs] at a time with a third party assessor,” Patrick Johnson, the director of the DoD CIO’s Workforce Innovation Directorate told attendees at AFCEA’s recent TechNet conference in Augusta, Ga. “A new system relying on AI has been turned on, and the service providers are already starting to go in it … I want thousands of different offerings in that course catalog.”
The faster accreditation process for training providers is part of a bigger revamp of the Pentagon’s procedures for certifying its cyber and IT workforce, known as the 8140 process. In February, the department published DoD Manual 8140.03, which both expanded the number of employees at least a basic level of certification, and also aimed to make those certification requirements more flexible.
It replaced a previous regime, now-defunct DoD 8570 process, which focused only on the “information assurance” workforce and required all of its members to meet certain training requirements.
The new version, on the other hand, applies to the much broader cyber and IT community the department has been mapping out in its new Defense Cyber Workforce Framework, which now includes 73 different work roles that are supposed to reflect a person’s actual duties, not just their formal job title.
In many cases, it also gives DoD components the discretion to substitute on-the-job experience or education in lieu of formal training to grant the certification a particular employee or job candidate might need for his or her work role. Johnson said DoD components will still have the freedom to layer on their own additional training requirements if they want to.
“From a DoD level, I wanted to lift that,” he said. “So for both civilian and military, it can be training, it can be education, and in certain instances, experience. The experience piece is coming along, we’ll be publishing that, but we want to limit that, because there has to be a standard.”
As part of the 8140 update, DoD has laid out the baseline qualifications employees will need at different levels of proficiency for their work roles — basic, intermediate and advanced — but in many cases, getting certified will require more tailored “residential” qualifications provided by the military services.
But Johnson said employees won’t have to meet separate training requirements at both the DoD level and the military service level. Once those service-specific residential requirements are met, the department feels safe in assuming the employee has more than enough competency to check the box on DoD’s more foundational knowledge requirements, and those will trump an 8140 qualification.
“I use our cyber mission force as an example, because frankly, when we do competitions across the federal government, our people are good — we win about 90% of those things at the federal level. So knowing that, why would I go back and reinvent the wheel and say, ‘Oh, Army Cyber Command, you’re an operator, but I’m going to say you need to take this cert,’” he said. “That doesn’t work for them, and it doesn’t work from a top-down position.”
The new 8140 process also plays a large role in the detailed implementation plan DoD published earlier this month to lay out the next steps for the Defense Cyber Workforce Framework.
Under the “development” pillar of that plan, the department aims to have 90 percent of the workforce whose jobs touch on the cyber and IT worlds formally qualified under 8140 by 2027. The cybersecurity workforce is the first priority: DoD hopes to have most of the population qualified by 2025. The IT workforce, “enablers,” and portions of the intelligence community are planned to follow by the next year.
At that point, Defense officials think they’ll not only have better ways to offer relevant career development training to individual employees. They’ll also have an enterprise-level view, in DoD’s Advana data analytics platform, of how many experts are working in each narrowly-tailored work role, how proficient they are, and which specific areas have the biggest gaps.
“However, right now, each of the services are running their own learning management systems, and each one collects that data in a particular way. So we’re going back out in the next couple of months and asking, specifically, where they’re putting that information, because we need those to filter up to Advana. Right now, everything’s tied to separate systems of record,” Johnson said. “And when we start basing incentives and other things on those qualifications, that also becomes critical. You want to make sure that you pay everybody that needs to be paid, and you’re not paying people that don’t need to be paid.”