The Defense Department is set to release a new cybersecurity workforce strategy early next year, John Sherman, the department’s CIO, said Tuesday.
Sherman said the new strategy, likely out in the “next month-and-a-half or so,” will not only build off of existing DOD policies, programs and legislative authorities — such as the Cyber Excepted Service program — but it also sets into action “the hard blocking and tackling kind of stuff we need to do that’s not glamorous that makes sure that we have the knowledge we need to manage this very modern workforce.”
“All the technology in the world is nothing without people,” Sherman said at the Department of Defense Intelligence Information System (DoDIIS) Worldwide Conference in San Antonio, Texas. “People are our foundation — the women and men who make up our workforce that come into DOD, whether it’s military or civilian, and ensuring that we stay where we need to be in the most modern thinking about careers, upskilling, recruitment and training.”
At the foundation of the strategy will be the Defense Cyber Workforce Framework, a tool the DOD uses to characterize different cyber and IT work roles, he said, noting that the department recently added artificial intelligence and data roles to the framework list of roles.
With the new strategy, the Pentagon acknowledges in some ways that the traditional career path associated with the government is largely shifting, Sherman said.
“We have to think differently about how folks come in and out of the government,” he said. “And most importantly, I want a workforce that looks like America. That we don’t keep going to the same place to recruit. We think differently about degree requirements” through new avenues, such as apprenticeships.
Sherman likened this challenge to recruit cyber and technical talent to serve the DOD to the Space Race in the mid-20th century.
Cyber “has got to have that same motivating influence that it did on our parents and grandparents in the ’50s and ’60s when that really launched after Sputnik a push on STEM and other areas,” Sherman said. “I’m gonna need your help with that to make sure we’re doing this as smartly and as diversely and with the greatest push that we can on it.”
This strategy comes on the heels of DOD’s Zero Trust Strategy released last month that calls for the department to adopt the enterprise cybersecurity architecture by 2027.