Tactics of the Ideal Cyber Workforce

With constant emerging technologies and our increasing dependence on electronic devices, cybersecurity affects everyone. Whether it is highly confidential data that you handle at your workplace or your personal banking information, you probably have some form of electronic information that you’d like to keep private and secure.

We all need cybersecurity knowledge. For cyber professionals, understanding and practicing appropriate security measures is even more necessary. Keeping up on current cyber tactics will help you develop a successful cyber career. At Wednesday’s GovLoop event “Cyber Playbook: Meet the Players,” audience members were given the chance to ask professional experts questions about cybersecurity. Our panel included:

• Diana L. Burley, Professor at the Graduate School of Education and Human Development, George Washington University
• Tom Conway, Director of Business Development – Government, FireEye

Developing the Cyber Workforce

When discussing the ideal workforce candidate, Burley referenced the CyberCorps Program. The CybercCorps Program is a publicly funded scholarship co-sponsored by the Department of Homeland Security and the National Science Foundation. Students receive scholarships for tuition funding. In exchange for those scholarship dollars, recipients enter the federal workforce for as long as they received scholarships. The CyberCorps Program has been around since 2001, and it has placed 1100 students into federal positions.

When searching for ideal people for the federal workforce, Burley said students in the CyberCore Program had an even balance between technical and nontechnical skillsets. She emphasized that the individuals that make the best cyber professionals have a broad-based background. A CyberCore Program member has a combination of technical and nontechnical skills that are determined by the requirements of their ultimate position of employment.

Burley said the CyberCore Program has evolved from being more technically focused with programs based in computer science and computer engineering to now having more programs that are based in areas such as public administration. Additionally, programs that are based in computer science are now including courses on ethics and techniques for how students can acclimate to what it is like to work in the government. She said the courses enable students to develop analytical abilities as well as have a well-rounded background.

Successful Cyber Tactics

For one best practice, Conway suggested taking advantage of third-party help. Bringing in a third party to evaluate your organization’s potential for breaches will allow your agency to improve cybersecurity practices in areas that may have been overlooked. You can bring in external people to test its network and see if it has already been infiltrated and compromised.

Conway also suggested focusing further on application development rather than solely the data. He explained how many developers create applications without malicious intentions but have products that are still at risk for security breaching because of the development process. Most work involves the use of mobile devices, which come in a multitude of shapes and forms. To better tackle cybersecurity issues surrounding devices, Conway said the root of the problem lies at securing app development rather than the devices.

Burley stressed how everyone in an agency’s workforce needed to have some knowledge of cybersecurity. She stressed that organizations should not have cyber awareness programs but rather cyber engagement programs to better inform and engage their staff about cybersecurity processes.

Measuring Cybersecurity Success

Conway At the end of the day, an organization is not successful if it fails to reach its mission goals. If cybersecurity practices are working within an agency, the organization will continue to be serving its community members while fulfilling the agency’s goals, and cyber policies must enable the agency to reach these goals.

For one question about how a company can stand up to a nation state, Conway’s response was steadfast: “You can’t. It’s impossible. How can a government protect all of industry? It can’t.”

Collaboration and information exchange between government and private industry is required for the most successful cybersecurity approaches. Private industry has knowledge about cyberseurity and vice versa. By sharing best tactic practices, both private industry and government can further prevent instances of hacking.

Finally, organizations need to shift to a model where they expect a cybersecurity breach. According to Conway, a large majority of some organizations using the most sophisticated security tactics have still experienced breaching. Cyber threats are inevitable, and accepting this inevitability is an agency’s first step to successfully defending itself.

For more recaps of GovLoop’s recent cybersecurity training, click here.