Finding, building, hiring, retaining, and energizing our workforce has become one of the most challenging tasks in the cyber domain. Our challenge keeps growing as we get better sensors and collect more cyber intelligence to analyze, and all the while, our adversaries continue to get better at evading our defenses. There are never enough good, talented people to do the work that the cyber domain requires.
In this part of our series, we’ll take a look at where cyber staff come from today and discuss how Leidos supports the increase in qualified cyber experts to protect our company and our customers. Later in the series, we’ll discuss how Leidos is looking to redefine where we attract talent from and how that will disrupt the market.
It starts with STEM
One of the key success factors for increasing a workforce centers on engaging the next generation. This is true for the projected shortfall of the next generation choosing STEM careers, but even more so in cyber. Cyber as a domain is populated by talented people who, unlike many other STEM disciplines, can learn their craft without university education. Engaging, exciting, and helping employ these workers alongside those coming from the traditional university or military backgrounds is key. But it all starts with the kids.
Cybersecurity as a discipline is introduced to the next generation earlier than ever before. Google recently released its Interland website to teach primary school student cyber basics. From the time they start using computers, this generation is inundated with lessons on good basic security practices, how to avoid cyberbullying, and how to operate safely on the internet. These efforts build a bridge that many other STEM disciplines don’t get to enjoy. Chemistry, advanced mathematics, and mechanical engineering are concepts that are hard to explain to younger students and can feel like abstract options. Showing these students how what they learn to do on the internet can actually become a full-time job defending against ’bad guys’ provides the cyber industry a competitive advantage.
Starting in primary school, students today have many options to explore careers in cybersecurity. In the United Kingdom with the creation of the National Cyber Security Centre (NCSC), Her Majesty’s Government (HMG) created the CyberFirst program to engage young women in cyber. Leidos has been a key sponsor since the launch and supported some of the exercises that are part of the program earlier this year. These sorts of programs provide real-world access to challenges, tools, and experiences for the students.
In the United States, in partnership with educators, the National Security Agency (NSA) supports the NSA Day of Cyber which is an online program designed to teach kids about the type of cyber work the NSA does. There are also government or university-sponsored STEM camps focused on cyber, such as the Cyber STEM camp ran each summer at the University of Maryland. For high school students considering a career or degree in cybersecurity, there exist even more resources such as Hacker High School. This program and others like it seek to enrich the learning of those interested in the domain but without interest or the means to pursue a university degree. Finally, there are youth cyber competitions like Cyber Patriot — which Leidos sponsors — that allow students to explore exercises and test their skills. All of these opportunities help the cyber community as a whole to increase the capacity of our workforce to address future cyber challenges.
Colleges and universities take note
As strange as it may sound, degrees in cybersecurity or one of the specific disciplines are a fairly new phenomenon. Until recently, and frankly still all too often, cybersecurity itself or any of the sub-disciplines were focus areas for computer science or information systems bachelor degrees. Thankfully, universities have heard the call from industry and the government to make these changes. Today, there is a certification scheme in the U.S. called the Centers of Academic Excellence while the U.K.’s Government Communications Headquarters (GCHQ) certifies degrees from specific institutions. Even with both of these schemes, many of the degrees still don’t exist as options at the undergrad level. In a domain where so many of our talented workers have liberal arts, law, music, or other non-technical degrees, this does not make much sense.
Thankfully, there are multiple options for real-world experience that students can explore at the university level. While targeted at the computer science crowd, any group of students, from any background, can put together a team to compete in events like Cambridge 2 Cambridge, which Leidos supports. These sorts of events allow students to test their skills, universities to show off their students, and prospective employers from the government and industry to identify talent. These simulations help prepare university grads for the challenges they will find in the real world and are an extremely valuable element of growing the future workforce.
There are also emerging opportunities to provide access to university education in cyber that previously did not exist. In the U.S., the National Science Foundation recently launched CyberCorps®. The initiative is part of the Scholarship for Service (SFS) program run by the Federal Government. The program provides scholarships — in this case, stipends up to $22,500 per year — in return for service post-graduation in federal, state, local or tribal governments upon graduation. In the U.K., they go further with the CyberFirst Student Bursary Scheme sponsored by GCHQ. In addition to a bursary of £4,000 pounds for each degree year in a STEM subject, the program also offers paid summer internships with GCHQ and other government departments. Like its U.S. counterpart, a placement in the government post-graduation is expected. Both programs aim to open up a university education with a job post-graduation to learn the domain, which in both countries will help to increase the future workforce.
Military service another channel
Identifying, recruiting, and retaining high-performing cyber warriors for our military partners across the globe is a tremendous challenge. When it comes to many things cyber, there are specific roles, functions, and operational tasks that are inherently the military’s responsibility. This places a priority on ensuring that properly trained and seasoned staff are available to perform those roles after completing training. This is made that much harder when considering they are competing with the private sector, which can pay double or more for similar roles.
In the U.S., with the creation of U.S. Cyber Command (USCYBERCOM) and its 133 Cyber Mission Force (CMF) teams comprising 5,000 cyber professionals, the military has one central organization to look after the cyber efforts across the services. Each of these 5,000 CMF staff were selected, trained and then seasoned as cyber warriors to reach the initial operating capability (IOC) milestone USCYBERCOM achieved last year; no small feat in only three years! Adding to the complexity, the teams don’t all perform the same role, with some supporting military operations and the combatant commands while others support the ongoing defense of Department of Defense (DoD) information systems.
To support these aggressive capability growth requirements, USCYBERCOM relied on each military service as well as the National Guard and Reserve units. The Army started the process early, working with targeted universities to identify candidates for the 44 CMF teams they fielded to support USCYBERCOM. This included 11 National Guard teams and ten from the Reserves. To further bolster these ranks, concepts such as ‘lateral transfer,’ which involves direct placement for professionals with vital skills such as cyber into the officer corps at ranks as high at O-6, were floated to address the skills gaps. Regardless of the approach, each service has taken their own measures to retain these skilled members, including incentive pay, retention bonuses, and other sweeteners. While the services are doing their best to keep up, the Senate Armed Services Committee recently criticized the Air Force for not staffing their workforce appropriately.
Outside of the U.S., our Five Eyes partners have taken their own approaches to increasing the cyber talent available to the military. In 2013, the U.K.’s Ministry of Defense created the Joint Cyber Reserve to provide a mechanism for cyber professionals to work alongside regular forces to protect Her Majesty’s Government (HMG) networks. These Cyber Reserves actively target existing and former reservists with cyber skills as well as those with no previous military experience but the skills and willingness to contribute in the domain. Further increasing their pool of potential candidates, the MOD began waiving the fitness test requirements for cyber reservists as well as telling them they won’t require weapons training or be deployed overseas. In Australia, details emerged in June 2017 on the Australia Defence Forces plans for creating their own dedicated cyber forces. While details are scarce, it’s likely they will follow the U.K.’s lead, as well as advanced cyber countries such as Estonia, in their efforts to create cyber defense capabilities.
No matter how we build the workforce, what’s clear is that we need to do more. Leidos addresses these challenges not only through our STEM investments and talent sourcing processes but also by continuing to look for innovative ways to engage and grow our workforce. We’re exploring new ways to engage the ‘no collar’ workforce, as well as programs to enhance neurodiversity on our cyber teams alongside efforts to build capacity in new geographies.
The cyber future of Leidos is bright. If you'd like to join us on the cyber front lines, visit Leidos.com/careers.
To read this series in its entirety, please click below:
- Part 1: Where we are and where we need to be
- Part 2: How we build capacity
- Part 3: Striving for cognitive diversity
- Part 4: Successful candidates aren't one-size-fits-all
- Part 5: What does success look like?