OMB Launches a Popular Pilot
In an effort to beef up the cybersecurity workforce, the government last year launched two Cybersecurity Reskilling Academy pilots, organized by the Office of Management and Budget, the Education Department and the federal CIO Council. One, a more traditional program, was aimed at upskilling current IT staff; another aimed to train workers who had a high aptitude and a passion for learning but little or no IT experience.
Among the latter group, who were a less sure sell than those who already had the skills, the response was enthusiastic. About 1,500 applicants submitted personal essays and took aptitude tests. In interviews, candidates explained why they’d be a good fit for the program, described their career goals, and talked about why they’re passionate about cybersecurity, for example.
From there, the list was whittled down to 50 candidates and, based on practical considerations such as getting their manager’s buy-in, 30 were selected to participate in the intensive four-month program run by SANS, an online cyber and information security training and certification company. Over 30 years, SANS has gathered a lot of data on what it takes to be a good cybersecurity practitioner, says James Yacone, SANS director of mission and partnerships.
“What we think is the missing piece, not just in the federal government, is there are a lot of people walking around that have the psychometric makeup to be very good IT security practitioners,” he says. “They have aptitude, but they don’t have any skills, and therefore they’re intimidated and probably sometimes reluctant to come forward. So we really want to focus on finding them.”
Cybersecurity Academy Graduates Return with Valuable Skills
Aptitude is measured by a number of traits, Yacone says, including passion, tenacity and inquisitiveness. Other useful talents include a knack for logical extrapolation, comprehension and technical problem-solving, and parsing information quickly. They’re the kind of people that, as children, might have taken apart their toys to figure out how they work, he adds.
But they don’t have IT experience, not even as hobbyists. The point of the pilot was to grow the cybersecurity workforce, and that meant discovering hidden IT talent.
Participants came from a variety of government roles and had different career goals, such as technology acquisition professionals who wanted to get more hands-on, Kent says. “Some folks would even tell you librarians and paralegals make some of the best cybersecurity analysts because of the way their minds work.”
The first 2019 program kicked off with a four-day workshop in April, with participants taking 120 hours of online learning modules and labs in a live environment, where they learned the building blocks of cybersecurity: VMware, CPUs and computer hardware, plus Linux and Windows operating systems, for example.