How can we effectively enable the workforce to meet the ever-changing challenges in cyberspace? This was the question on everyone’s mind at the recent CompTIA NYC Cybersecurity Summit. Despite the variety of backgrounds and organizations represented there, we in the cybersecurity industry all face this same challenge.
As a Program Manager, I lead teams that develop and deliver cybersecurity education and training to CSRA’s federal customers. I emphasize education and training separately, because being educated in cybersecurity is not the same as being trained in cybersecurity.
Education alone will not prepare the workforce to meet and defeat current and future cyber challenges. To ensure our workforce is adequately prepared to manage the risks cyberspace presents, we need to provide foundational knowledge for all employees in an organization while continuously improving the practical application skills and expertise of our IT and cybersecurity practitioners.
How can we achieve this? To start, the public and private sectors can work together to leverage lessons learned from real-world operations to drive training, simulations, and performance-based assessments that will improve and measure the workforce’s knowledge and abilities in cyberspace. I’ve seen the positive results of this approach in the programs I lead and have watched cyber students grow their knowledge and capabilities to succeed in their roles.
Additionally, the challenges in cyberspace transform rapidly, and the needs of organizations also change and evolve. To keep pace, cybersecurity training must be customized and assessed over time to meet the specific needs of an organization. My team continuously analyzes and updates our training to incorporate the latest technologies, best practices, scenarios, and threats encountered by IT and cybersecurity professionals in the field.
When we collaborate with our public and private partners, provide hands-on training using real-world scenarios, and assess the outcomes of the training, we are helping ensure that our IT and cybersecurity practitioners are appropriately prepared to fulfill their missions.
I encourage you to examine your team’s cybersecurity training offerings—from basic security awareness to advanced-level courses—and understand the value offered. As Gen. George S. Patton said, “You fight like you train.”
Jonathan Sholtis is a Senior Program Manager in CSRA’s Defense Group where he leads CSRA’s Cyber Institute. The Cyber Institute develops, delivers and maintains cyber education and training courseware, simulations and continuing education materials for CSRA’s customers and internal employees. The Cyber Institute’s largest current customer is the Defense Cyber Investigations Training Academy (DCITA). On this Department of Defense (DoD) program, Jonathan is responsible for leading and managing the 100-person team; developing maintaining DCITA’s 30+ formal courses; building, securely operating, and maintaining all networks that support thousands of DoD students; and supporting all schoolhouse operations that delivered over 15,000 hours of training in 2016. Sholtis recently delivered the closing keynote speech at the CompTIA NYC Cybersecurity Summit on enabling the workforce to meet the challenges in cyberspace.