The cybersecurity labor market, DoD edition.

The ever-changing cyber labor market has seen stormy seas as 2023 has begun, and the US federal government and military have not been free from the effects. Today we continue our series on the state of the cyber labor markets, with particular attention to the Defense Department’s new cyber workforce management strategy.

The US Defense Department issues manual on cyber workforce management, and moves toward a cyber workforce strategy.

The US Department of Defense (DoD) last week released a DoD manual on the Cyberspace Workforce Qualification & Management Program, the third installment in a policy series focused on cultivating cyber personnel. DoD CIO John Sherman explained, “The [policy series] will require workforce members to demonstrate a foundational understanding at the work role level while also addressing personnel capability and continuous professional development at the work role level. Through these mechanisms, we will be able to track and manage cyber workforce capabilities across the DoD enterprise.” 

The intention behind the new manual is to provide a modernized approach to talent management, giving DoD components more flexibility when it comes to developing a qualified cyber workforce. The manual covers cyber roles in the areas of information technology, cybersecurity, cyber effects, cyber intelligence, and cyber enablers. Patrick Johnson, Director of the Workforce Innovation Directorate, stated, “The manual will guide the Department’s ability to verify and advance capabilities for all 225,000 DoD cyber workforce civilians, military personnel, and contractors. Together, the upcoming DoD Cyber Workforce Strategy and DoD 8140 will enable the DoD to develop and deploy an agile, capable, and ready cyber workforce."

The DoD’s highly-anticipated cyber workforce strategy is still in the works, but it’s said to create new job roles as well as updating existing ones. Breaking Defense reported last week that the policy’s implementation will include development of positions that specialize in data and AI. “This strategy utilizes four human capital pillars – Identification, Recruitment, Development and Retention – to identify and group cyber workforce challenges,” according to AFCEA WEST 2023 conference slides seen by the outlet. “The four pillars also serve as a catalyst for targeted workforce development goals, which aid the Department in achieving the mission and vision of this strategy.”

Background to US Federal workforce requirements.

The Cybersecurity Enhancement Act of 2014 created the requirement that the federal cybersecurity research and development plan must see updates every four years. The time has come for the federal government to refresh it once again, as the last update came in 2019. The 2019 plan, Nextgov reports, was created to “coordinate and guide federally funded R&D in cybersecurity, including development of consensus-based standards and best practices.” The outlet wrote of the plan’s detailing of four defense capabilities, “deter, protect, detect and respond” and six prioritized federal focus areas for cyber research and development, “artificial intelligence, quantum information science, trustworthy distributed digital infrastructure, privacy, secure hardware and software as well as education and workforce development.” The government has published a request for information, in the Federal Register on the 7th of this month, seeking public input for the 2023 iteration of the R&D strategic plan. The Federal News Network predicts the strategy’s focus areas to include expanded regulations for the private sector, more attention to international cyber threats, and an attempt to address the cyber talent gap. Priorities such as improvements to cybersecurity education, enhanced data privacy and protection, and the capabilities of encryption are likely to remain on the back burner this time around, but these may be addressed as the strategy evolves.

For more on the cyber labor market, see CyberWire Pro.

For more on the US Military Services' approach to cyber staffing, see CyberWire Pro.