CISA last week released a Cybersecurity Workforce Training Guide that provides road maps for developing or launching cybersecurity career paths to state, local, tribal, territorial and federal agencies. The resource outlines capabilities and qualifications for different positions; helps current or prospective government employees identify their current skill sets and proficiency levels; and offers trainings and other resources to help staff level up.
“Our objective is to provide the right tools so this critical workforce knows where to find the available training that can help them be well prepared and skilled,” said Eric Goldstein, CISA executive assistant director for cybersecurity, in a press release. “This comprehensive guide will help individuals identify a job track and pinpoint areas for growth.”
Recruiting and developing cyber talent has long been an issue for state and local governments, as well as federal agencies. About 36,000 cyber positions remain unfilled at local, state and federal levels, according to The Washington Post, and Secretary of Homeland Security Alejandro Mayorkas spotlighted the federal government’s struggles in the area by naming the “cybersecurity workforce” as the focus of a 60-day sprint.
CISA isn’t the first to look to career pathway guides to help. Montana CISO Andy Hanks toldGovernment Technology in April that the state was working to develop half a dozen such road maps to help residents identify how they could transition into various science, technology, engineering and math (STEM) careers.
CISA is also pushing for more cooperation on cybersecurity across public and private agencies with the launch of a Joint Cyber Defense Collaborative (JCDC). The effort intends to help the country defend against and respond to cyber incidents in a more cohesive way through sharing knowledge and supporting joint exercises among state, local, tribal, territorial, federal and private organizations.
The JCDC is also charged with developing “whole-of-nation” cyber defense plans. CISA Director Jen Easterly said in a press release that the JCDC will focus first on tackling ransomware and a “planning framework to coordinate incidents affecting cloud service providers.”
While the press release calls for membership to ultimately include state, local and tribal governments, this participation will come later. The JCDC’s initial launch focuses instead on bringing together federal agencies such as the Department of Defense, U.S. Cyber Command, NSA and FBI as well as other parties with cybersecurity and tech firms including FireEye Mandiant, Microsoft and Palo Alto Networks.