Are US Federal Cyber Workers Good Enough?

Uploaded on 2018-06-18 in JOBS-Training, JOBS-Careers, FREE TO VIEW, NEWS-Cybersecurity News

Federal agencies have made mixed progress at ensuring their cybersecurity workers are properly trained and credentialed, according to a watchdog report released Thursday.

In some cases, agencies haven’t determined exactly who counts as a cybersecurity worker and who doesn’t, according to the Government Accountability Office report. In other cases, agencies haven’t determined which certifications are appropriate or necessary for the cybersecurity employees they do have, the report found.

There’s no standard certification requirement for cybersecurity professionals, such as the bar degree for lawyers, but employers often require certifications offered by professional organizations—such as the Certified Information Systems Security Professional certification—or use those certifications to judge an applicants’ qualifications.

The Federal Cybersecurity Workforce Assessment Act, a 2015 law, required the Office of Personnel Management to develop a coding structure that defines government cyber jobs and the qualifications and certifications required for them.

The law also mandated agencies to apply those codes to their cyber workforces and to report back to Congress on whether their cyber workers were properly credentialed and, if not, what the agencies were doing about it.

After the law went into effect, however, the personnel office was late in developing the coding structure because of earlier delays at the Commerce Department’s cyber education office and that delayed agency assessments.

As of March, only 21 of the 24 major federal agencies had completed their assessments and four of those were missing important pieces of reportable information, the accountability office found.

Some of the reports that included all necessary information were likely partially inaccurate, because of incomplete cyber worker counts or inconsistent use of the codes, the office said.

“This diminishes the usefulness of the assessments in determining the certification and training needs of these agencies’ cybersecurity employees,” the report found.

Overall, 23 of the 24 agencies “had established procedures to identify their civilian cybersecurity positions and assign the appropriate employment codes,” but six of those agencies failed to address at least one of OPM’s coding or assessment requirements, the report found.

The accountability office made 30 separate recommendations to the 13 agencies that fell short in some way, most of which the agencies agreed with or, at least, didn’t disagree with.

The one exception was NASA, which disagreed with a recommendation that it should assess how ready its cyber workers who don’t hold certifications are to get those certifications.

“The agency stated that there is no federal or NASA requirement for employees in cybersecurity positions to hold and/or maintain a certification, and therefore the agency has no plans to assess the readiness of its cybersecurity personnel to take certification exams,” the report stated.

The accountability office stands firm in the recommendation, it said.

Nextgov:

You Might Also Read:

In Demand: Cybersecurity Specialists

« World First Police 3D Security Scanner
EC-Council Sets New Application Security Training Standards »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

Certus Software

Certus Software

Our Secure Data Erasure solutions protect customer data confidentiality by completely erasing it from data storage devices.

7Safe

7Safe

7Safe has been delivering hands-on digital security training courses since 2001 and offer e a portfolio of university and industry-accredited courses.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

CyberWarrior

CyberWarrior

CyberWarrior deliver training and consulting for some of the world’s top brands and also partner with national systems integrators to augment their teams with our expertise.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

Clario Tech

Clario Tech

Clario is a simple, comprehensive, personalized protection app. It comes with a full suite of intelligent security software and intelligent people to help you live a better, safer digital life.

Senteon

Senteon

Senteon is a turnkey cybersecurity platform designed to make securing confidential data affordable, understandable, and streamlined for small-to-mid sized businesses and MSPs.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

Cyber & Data Protection

Cyber & Data Protection

Cyber & Data Protection Limited supports Charities, Educational Trusts and Private Schools, Hospitality and Legal organisations by keeping their data secure and usable.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.

Aprio

Aprio

Aprio is a premier business advisory and accounting firm. We deliver advisory, tax, managed, and private client services to build value, drive growth, manage risk, and protect wealth.