National Guard Relies on Outside Experts to Train Cyber Workers

Members of the National Guard wear multiple hats. They can be called up at a moment’s notice to support the full-time military overseas, to assist first responders during a natural disaster or other emergency at home, and most of them have civilian jobs as well.

With those wide-ranging duties on their plates, National Guard members who work in cybersecurity must be prepared for any number of possible threats. That requires a “more holistic approach” to cybersecurity training, says Army Brig. Gen. Terin Williams, vice director of operations (CYBER) for the National Guard Bureau.

But the National Guard, like many other federal agencies, doesn’t have the broad expertise and institutional knowledge to train cyber workers for every scenario, especially because the threat landscape changes daily. The Guard looks to third-party vendors to fill in those training gaps.

“That's where I think third-party training is really valuable, in the sense that we are getting those folks who are on the ground,” Williams says.

Click the banner to get the expertise you need to strengthen your ransomware protection.

What Is the Value of Third-Party Cybersecurity Training?

The third-party teams are made up of experts who have the time and bandwidth to keep up with the increasing number of threats. They’re also knowledgeable about technology and software that are used to protect against threats or that need to be protected. They can give federal workers the education they need to earn current cyber certifications and to know what to do to counteract advanced threats.

This training helps the Cybersecurity and Infrastructure Security Agency, among others, meet the goal of providing up-to-date information quickly, says Sam Maroon, CISA’s chief of curriculum evaluation and support. It also helps build a broader, stronger federal workforce of diverse, educated and skilled professionals.

READ MORE: How managed detection and response relies on automation to enhance cybersecurity.

“By employing third-party training, we are able to fill training requirements with industry-proven courses that provide instructional skilling and best practices to trainees,” Maroon says. “In most cases, government-procured third-party training can be implemented rapidly, which ultimately helps agencies and organizations to fill cybersecurity workforce needs.”

The third-party instructors bring real-world expertise and the newest information to Guard students, Williams notes.

“In cyber, and I know this from my civilian job, the tactics and techniques that the adversary uses against us in one month may be very different a couple of months later,” she says. “When you have vendors bringing in instructors that are up to date on that, it provides us a lot more value.”

The timely training also assists guard members who may have civilian cybersecurity jobs but who may be assigned to unrelated fields during their Guard duties.

“Let's say you work in the electrical sector as a civilian. You may be called up to go to the water sector as a guardsman.” Williams says. “Or you could be called up to go on a federal mission that's much larger than either one of those sectors.”

Third-party providers bring “the totality of training to us,” she adds. “In my mind, that’s what is really value-added.”

For the Guard, third-party training also opens the door to networking and potential partnerships across its various sectors, which may not interact in the military-focused educational setting, Williams says.

“When you're sitting in a commercially provided training classroom, you're sitting with a lot of folks from cybersecurity in a lot of different walks of life who you're building relationships with and learning from,” she says. “So, there's absolutely value just in the environment itself.”

What Do Third-Party Cyber Training Teams Teach?

In 2020, the Army National Guard, with the assistance of the Air National Guard, conducted its annual Cyber Shield network defense training as a virtual event for the first time because of the pandemic. More than 800 guardsmen from more than 40 states competed.

Cybersecurity trainers from Microsoft, the SANS Technology Institute and Focal Point Academy (now part of CDW•G) set up hands-on exercises in cyberthreat analysis, systems analysis, information control systems and information operations.

“We bring in some of the top vendors across the country to provide the training to the individuals,” Williams, who was the officer in charge of Cyber Shield 2020, said at the time. “A lot of times, the states don’t have the ability to contract some of the high-end vendors. So, this exercise gives us the ability to get soldiers and airmen the training that they otherwise would not get in their individual states.”

DIVE DEEPER: Learn why cybersecurity training is key to establishing a zero-trust environment.

The Air Force and Army determine the third-party training that’s needed for National Guard members to meet military education requirements. Once the required training is complete, individual guardsmen can take part in training to learn more specialized skills. The Air Guard allows for one-time opportunity training, and the Army offers opportunity training once a year, Williams says.

CISA uses third-party training for its Federal Cyber Defense Skilling Academy, which started in 2022 to help civilian federal employees develop cyberdefense skills and knowledge to work as a cyberdefense analyst. It’s an intense, full-time, accelerated program over three months for those looking to make a career change or build cybersecurity skills.

Participants learn a range of skills, including basic network and protocol analysis, and how to identify common hacker techniques and vectors, correlate attacks with advanced data analysis and use Python for security analysis.

Expert Training Upskills Workers into Cybersecurity Jobs

When the National Guard has a gap in training, it works closely with certain vendors that specialize in those areas or looks for those who have that specialty, Williams says. “There are definitely some folks out there that stand out,” she adds.

One of those areas of shortfall is security for operational technology, which supports functional, tangible processes: “When you drink your water, when you turn on your electricity, even X-ray machines and things like that, when you need something to actually happen,” Williams says.

The federal government in general needs more cyber skills for the OT side, she says. Such training is ideal for third-party providers because there isn’t a mandate from the Army or Air Force in that area, she added. In the Guard’s civilian, stateside role, its cyber teams are more likely to respond to an OT incident.

DISCOVER: How robust data protection better defends critical infrastructure.

“So, we need to have the guardsmen ready, trained up for that sort of thing,” she says. “That's a great example of something that we leverage from the commercial sector.”

COVID-19 was a wake-up call that highlighted the value of third-party training. The immediate shift to remote work forced the federal government, in multiple areas, to figure out how to do cybersecurity differently and improve the knowledge of its workforce quickly.

“They were out there fighting the good fight, and they're continuing to help with incidents, or they're doing assessments to prepare resiliency,” Williams says of the outside vendors. “They have a unique viewpoint of that problem set and can help push us forward in a shorter amount of time.”