Evolving DOD’s Cyber Workforce From Within

Revising DOD 8140 to Stay Ahead of Threat Actors

DOD 8140 aligns closely with the thinking of Pentagon tech officials, who have recently highlighted the need for a highly skilled and adaptable cyber workforce that must not only be qualified in their respective roles but also be able to integrate those skills into dynamic, real-world scenarios. 

The latest version of the evolving guidance, DOD 8140.03, established a comprehensive framework for developing a resilient, capable cyber workforce. The framework not only standardizes the department’s approach to cybersecurity but also promotes continuous learning and professional development to keep pace with industry and facilitate career progression.

To stay ahead of threat actors, DOD 8140 is expected to be revised again soon with new educational requirements, as part of ongoing efforts to refine and standardize cybersecurity roles across the department.

Cybersecurity certification training will be essential to this process by strengthening the workforce through efforts such as upskilling current professionals, reskilling IT personnel and preparing the next generation of cyberdefenders.

Click the banner below for the latest federal IT and cybersecurity insights.

Upskilling, Reskilling and Training as a Tool

Since hiring a contingent of cyber analysts isn’t an option, DOD must make the most of what it has. Thankfully, the Pentagon and its components have people who can quickly adapt to take on these added responsibilities.

Private sector recruiters have long hailed military members as valuable candidates for cybersecurity positions after they leave service, to the extent that many organizations have developed specific training programs to help veterans transition into cyber careers. Active-duty personnel, even those not currently working in cyber positions, possess those same traits — giving DOD a deep talent pool from which to pull.

One easy way to draw from the ranks is to mine for internal candidates within IT departments. I’ve heard time and again that the best source of cyber talent is internal candidates who know IT and already understand how the organization works.

Because each military branch has different processes and operations, transitioning someone in the IT department and reskilling them to do cyber work is a lot more efficient than looking for external candidates. You don’t need to integrate internal hires because they already understand the workflows and culture of their respective components.

DISCOVER: These are DOD’s and the IC’s top priorities for 2025.

Beyond that, broadening the skills of the current cyber workforce acts as another effective way to bolster DOD’s cyber posture. Upskilling tracks with the administration’s push for more efficient operations across government.

Giving cyber employees the ability to serve in rotations and gain on-the-job experience creates a stable of workers with diverse skill sets that can jump into just about any job when the situation calls for it. A side effect of upskilling is that it also helps with retention by showing you’re willing to invest in employees’ educations and keep them interested in their jobs.

Both solutions described above require training to be truly effective, but not all programs are equal. For DOD to take advantage of reskilling and upskilling, it must invest in performance-based training led by instructors who are active security practitioners and consistently aligned with the evolving threat landscape.

Real-world experience is essential because teachers can tailor lessons to address the newest cyberthreats and arm cyber workers with the skills to defend against those challenges. To that end, training programs should also include classes that put students in high-pressure situations that mirror what it will be like to identify and address cyberattacks in real time. That way, instructors can evaluate students on how they perform, rather than simply how good they are at taking a test.

UP NEXT: The Asus ROG Ally resolved a Navy training challenge.