Attraction and training: The keys to developing cybersecurity talent (Part 2)
By Rohan Amin
Editor’s Note: Part One of Lockheed Martin’s three-part post for Cybersecurity Awareness Month explained why an effective cyber strategy must be driven by professional cyber analysts rather than by vendor-supplied technology tools. Part Two addresses the need to increase the ranks of well-trained cyber analysts.
A common observation among organizations trying to defend their networks against cyber intruders is that the adversaries are remarkably skilled and endlessly inventive. That’s certainly true in regard to the most dangerous of the cyber adversaries.
But, at the same time they represent a formidable threat, the adversaries also reveal the answer to defeating them: Just as they rely on their skills to penetrate target networks, we must focus on building the cyber tradecraft and elevating the skill of the cyber professionals in our own ranks.
As a cyber community, we need to devote additional effort and resources to attracting students to the profession, to recruiting talented individuals into our field, and to providing them with relevant training both before and after they arrive in our operations centers and forensics labs.
Many organizations are beginning to recognize and act on these imperatives. Lockheed Martin has been among the first to do so because of the nature of our business in the defense, intelligence and civil government industries. To ensure we have qualified analysts to support our cybersecurity practice, we pursue several talent-development strategies, starting far back in the pipeline.
We support a wide range of educational programs to interest elementary and secondary students in science, technology, engineering, and mathematics. For example, we sponsor cyber challenges and career days in high schools and even hire high-school students as interns for our cyber programs.
We also devote considerable resources to college scholarships and to recruiting top computer science and engineering graduates. At the college level, we engage with professors to sponsor projects that will be meaningful for their students and introduce them to the rewards of a career in cybersecurity. We also offer doctoral candidates shooting for careers in academia an opportunity to spend a year with us, so they can bring an industry perspective to their future classrooms.
For our employees, we differentiate cybersecurity as a career track of its own and offer reimbursements for technical certifications and tuition to advanced courses in cyber-related subjects.
We also provide extensive free internal training through the our cyber university, which offers formalized training and certification programs to support several cyber career tracks: cyber intelligence, which encompasses forensics, incident response and intelligence analysis; cyber engineering, including architecting and engineering secure IT systems; and traditional information assurance through system, database and network vulnerability and compliance management.
Our EXCITE program is an experiential immersion program that lets students learn analytical tradecraft in a hands-on lab environment, featuring a mock attack against a fictional company’s computers network. This program is being made available to organizations outside Lockheed Martin, as well.
The point here is not that every organization needs the same level of cyber-career development as Lockheed Martin, but enhancing expertise of professionals across the cyber community represents the key to protecting our national and corporate data and infrastructure. Each organization must elevate cyber tradecraft to a level commensurate with the importance of cyber security to its mission.
Part 1: People and technology: Rethinking the cybersecurity challenge
Part 3: Knowledge management and collaboration: Key traits of robust cybersecurity
What do you think? Tell us in the comment box below.
Lockheed Martin IS&GS-Defense‘s Rohan Amin is the program director of the Department of Defense Cyber Crime Center (DC3) located in Linthicum, Maryland. The company thwarts the efforts of cyber criminals by delivering a full range of technical, functional, and managerial support to the DC3, which provides vital assistance in the investigation of criminal, counterintelligence and counterterrorism matters, as well as cyber security support to Defense Industrial Base partners.