After successful first cohort, CIO Council looking to expand, sustain cyber reskilling academy

The first cohort of the Cybersecurity Reskilling Academy has helped the administration identify some promising successes and some tough challenges, which federa...

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

For Coast Guard employee Mary Gabriel, the word “cybersecurity” was one she noticed had become a common fixture in more and more procurement requirements over the years.

She knew cybersecurity was important to the acquisition projects she was working on but didn’t truly understand why.

But when she heard about the Federal Cybersecurity Reskilling Academy through a Tweet from the Office of Management and Budget, Gabriel saw the program as a chance to broaden her knowledge.

“I was happy to get this opportunity to learn more,” she said. “But through the class, the training was incredible.”

And after graduating from the reskilling academy earlier this summer, Gabriel said she has the tools to incorporate cybersecurity into her daily work.

Her experience is also prompting her to explore potential career paths in cybersecurity — even if her opportunities in the federal government aren’t immediately clear.

It’s stories like Gabriel’s that have shown the Trump administration just how much promise reskilling initiatives could have — and how many challenges it will encounter along the way.

“Our goal was: does the program work? Is there interest, and is this something that is meaningful against any of those things that we’re trying to fill in the federal government? Our overall answer was yes,” Suzette Kent, the federal chief information officer, told reporters Wednesday.

Demand to join the first cohort was overwhelming, she said. More than 1,500 federal employees submitted applications for the program, prompting the CIO Council to find a way to add more students.

The class, made up of 30 students from the 11 different agencies, achieved one of the highest passing rates the SANS Institute, the vendor that provided the initial assessment and coursework for the first cohort, had ever seen, Kent said.

Most of the first class passed their examinations and earned two certifications: GIAC Security Essentials and GIAC Certified Incident Handler.

“I didn’t know what to expect at all. I saw it as an exciting opportunity that sounded really cool,” Shannon Riley, a reskilling academy graduate from the Education Department, said. “I had never heard of the certifications. I didn’t really understand the subject matter that was listed.”

Now, Riley said she understands the basics — and much more.

The academy courses covered cyber hygiene skills, coding languages and networking, among other essentials. Incident handling was the topic of the second set of lessons. Together, the graduates worked through war game scenarios and learned how to defend and respond to a cyber attack.

“It was far more technical than I expected,” Gabriel said. “I didn’t expect to learn Linux or Python coding, but it’s very cool that I did. I didn’t know if I would like it. I learned that I liked it.”

Both Riley and Gabriel said they’ve come back to their agencies with a new set of skills that apply to their work in their existing roles.

For Gabriel, the program gave her the skills to ask better questions, direct resources and prioritize activities when working on acquisitions for the Coast Guard. Her peers don’t have the cybersecurity skills she recently gained, which she said gives her a leg up in her organization.

For Riley, cybersecurity is a natural companion to the kind of work she does in Education’s privacy office. She said she plans to contribute to a training guide the Education Department is preparing for cybersecurity awareness month in October.

“I saw this is as an opportunity to broaden my horizons in order to then strengthen my own privacy program,” Riley said.

The ability for graduates to translate their new cyber skills across multiple disciplines and into their existing skills is an easy win for the reskilling academy, Kent said.

But placing recent graduates into completely new cyber positions is a tougher challenge to tackle.

Gabriel said she’s interested in perhaps pivoting to a cybersecurity position in the future, but the 70-year-old General Schedule places a few limitations on her ability to move. The cybersecurity positions that she’s qualified for are set at a lower grade level than her existing position, meaning Gabriel may technically need to take a demotion to switch fields.

“At my current grade level, I don’t think I can get a cyber defense analyst role,” she said. “If there’s a path, I haven’t found it. I’ve been trying to talk to people in my agency and see what’s available. [There’s] a few more avenues to explore, but I certainly haven’t found it yet. My best opportunity is to stay in a program management role and get closer to that cyber adjacency.”

Reskilling pilot points to new challenges

The challenge that Gabriel described is a familiar one for other students in the cohort. Kent said she, the CIO Council and the Office of Personnel Management are exploring whether the reskilling graduates could be detailed to cybersecurity positions — or whether their success in the academy could carry some additional weight in the job selection process over years of experience.

The cyber reskilling academy was initially billed as an opportunity to provide federal employees with the training necessary to become cyber defense analysts.

But it’s the second cohort, which is made up of only IT professionals, that will focus more intently on a curriculum that will prepare them to become cyber defense analysts.

“We started this class focused on certifications that align with cyber defense analysts, yes, because we have a lot of gaps,” Kent said. “But we also know … that this is an area for programs where this type of front end screening in an intense course has been successful and has a successful track record. The content is directly and broadly applicable.”

The second cohort is taking classes now, with “graduation” scheduled for September.

Finding the funding necessary to expand and “industrialize” the cybersecurity reskilling program and others is another challenge. The CIO Council sponsored and funded the first cohort. Other communities of interest or even individual agencies themselves could spearhead future programs.

For the graduates, maintaining their newly earned certifications will be another challenge.

“This was a set of investments in these individuals. But when we look at the amount of funding that is available just broadly, generally across much of our community, this exceeds what’s normally available. How we maintain it [and] how we make this type of opportunity available is a real thing that we have to figure out. [For] some of the agencies, their ongoing training budgets are very small.”

There are other challenges too, which Kent said the administration will address in future cohorts of the reskilling academy.

Though the training courses had some virtual components, students who lived outside the Washington, D.C., metropolitan area often had to travel to participate.

Even still, Kent said she was especially impressed and inspired with the dedication the students — and their agencies — showed throughout the program.

“They did have to get approval from their supervisors,” Kent said. “There was one time it was pretty intense for studying, so they had to agree to that. A lot of the graduates shared, they had to make some personal commitments. It was a lot of studying. For some that were outside the D.C. area it also meant travel, and their agencies covered those travel costs. At times people in their departments had to shift other things around. It was a big personal commitment, and an agency level commitment.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.