The Division of Protection doesn’t primarily have a cyber recruiting drawback — it has a cyber expertise administration drawback. The navy already possesses severe qualification frameworks, scholarship packages, credentialing programs, and choice instruments. What it nonetheless lacks is a system tying evaluation, coaching, task, efficiency, and retention collectively throughout a whole cyber profession.
In March 2026, the division introduced at its Cyber Workforce Summit 2.0 an effort to reinvent the cyber workforce. Known as Cyber Command 2.0, this effort’s principal objective is enchancment in expertise administration by specializing in figuring out, recruiting, hiring, and retaining the appropriate folks. The hassle additionally emphasizes the necessity to handle career-long experience by way of versatile and responsive coaching pipelines and versatile profession paths. Such flexibility is required to accommodate a number of pathways to qualification — by way of a mix of schooling, coursework, expertise, and evaluation.
I spent 20 years within the U.S. Navy as an aerospace experimental psychologist, designing workforce improvement, competency evaluation, and personnel choice programs. I additionally served because the chief of workers for the Superior Distributed Studying Initiative, which fielded programs modeling protection learner, job, and competency necessities at scale. The Division of Protection has been attempting to unravel these issues for so long as I’ve been engaged on them. What makes Cyber Command 2.0’s ambitions so troublesome just isn’t an absence of fine concepts, however a difficulty of structural obstacles in connecting these concepts right into a single functioning system.
I now work within the non-public sector at IntelliGenesis, so I’ve a business curiosity in how the division solutions these questions. I wish to be clear about that. However these are issues I’ve labored on and cared about for my whole profession. What follows displays that full span of dedication, not simply my present function.
Figuring out the Finest Folks for Jobs at Scale Is Not Simple
Some cyber coaching pipelines run shut to 2 years. When a candidate washes out late or leaves for a greater provide as quickly as an obligation ends, the seat and coaching funding are gone, and the group begins over. On the time of writing, the programs the armed companies use to find out a candidate’s {qualifications}, credentials, and potential assignments stay extraordinarily inflexible and sluggish to alter — wholly unsuited for this expertise administration problem. The Cyber Command 2.0 initiative acknowledges that the required data, out there coaching assets, job duties (and jobs themselves), are evolving on a scale measured in months quite than a long time.
The Protection Division has a well-defined and environment friendly choice testing equipment already in place through the Protection Advisory Committee on Army Personnel Testing, managing personnel choice programs, procedures, and coverage throughout the companies. The division’s normal entrance examination was constructed to foretell broad tutorial and occupational success throughout the navy. The examination measures verbal, spatial, mathematical, and science and technical aptitudes. Whereas helpful, it’s a lot broader than the query of who will excel in cyber protection, intelligence, or results, in addition to software program improvement and extremely technical upkeep roles. Cyber work calls for totally different blends of reasoning, studying velocity, persistence, sample recognition, and luxury with ambiguity. It additionally rewards folks otherwise over time. Somebody who can get by way of an preliminary schoolhouse should still be a poor match for a selected specialty. Another person could look peculiar on the entrance finish and develop into distinctive as soon as given the proper of labor.
This is the reason higher specialty screening and placement matter. Authorities and personal sector purpose-built exams and native choice instruments have existed for years, they usually do clear up a part of the issue. However these instruments stay erratically carried out and disproportionately out there throughout organizations, and even the very best entry evaluation solves solely one side of the problem: serving to determine possible potential for early efficiency.
Deputy Chief Info Officer for Sources and Evaluation Christine Codon has undertaken well timed efforts to construct extra tailor-made, efficient personnel screening instruments. That is necessary for expertise onboarding within the cyber communities because of the velocity at which these job necessities could also be evolving, and the dimensions and timeline of the Protection Division’s hiring wants. Giant-scale personnel choice device validation — following historic business tips and non-public sector authorized necessities — sometimes takes years, which the division merely doesn’t have.
However the very best choice programs on this planet can not by themselves inform leaders tips on how to assign a brand new operator, when to reclassify somebody, tips on how to sequence coaching for the very best return, or what incentives will maintain high performers from strolling away. An important query is now not how we determine cyber expertise and expertise, however quite how the Protection Division shepherds that expertise after its onboarding. Treating evaluation as crucial element ignores the a lot bigger administration problem following accession.
Items of the Expertise Administration Equipment
The Protection Division has accomplished actual work right here. Its 2023 cyber workforce qualification handbook units department-wide timelines for qualification. The division’s cyber workforce framework now describes the sphere by way of seven workforce components and over 70 distinct roles. The chief data officer has additionally supported a scholarship pipeline by way of the Cyber Service Academy, in addition to profession broadening by way of business rotation and trade packages. The broader governance mannequin shares accountability and accountability through roles throughout the companies, the joint workers, navy departments, and element heads.
These efforts deserve credit score, however don’t add as much as a real expertise administration structure. The qualification coverage itself acknowledges that this problem crosses organizational boundaries and requires upgraded personnel programs. The framework supplies a standard language for work roles, and the qualification matrices present a catalog of acceptable schooling, coaching, and certifications — each of that are vital. But the official steering for these matrices says the authoritative variations are nonetheless housed in Excel paperwork. Whereas programs do exist for monitoring Division of Protection Directive 8140 cyber workforce credentials and compliance, the effectiveness of those programs is constrained by the extent of element within the present model of the qualification program itself, in addition to their lack of flexibility. We’re nonetheless managing a strategic workforce by way of restricted artifacts, quite than a residing, built-in information setting.
A mature cyber expertise system ought to enable leaders to see, in a single place, how a person’s entry traits, coaching historical past, demonstrated efficiency, work function coding, qualification standing, task document, and retention outcomes relate to 1 one other. The system wants to assist reply sensible questions that matter greater than compliance checkboxes. Which screening measures predict success during which specialties? How a lot element is required in monitoring ability and competency improvement over time, and throughout job households and profession fields? How will we assess the match of early profession {qualifications} and achievements to late profession alternatives? How will we seize ability and data retention and atrophy within the cyber workforce? Which capabilities and {qualifications} are actually predictive, and that are merely simple to rely?
Taking Motion
On the aforementioned Cyber Workforce Summit 2.0, all 4 service chief data officers collectively known as on their chain of command to construct precisely this type of enterprise-wide, built-in cyber expertise administration system, and Deputy Chief Info Officer Principal Director for Sources and Analyses Mark Gorak dedicated to pursuing it. Gorak will face super obstacles. For one, accountability for this activity is fragmented by Title 10 itself (10 U.S. Code § 3013, § 5013, § 8013), which duties the navy departments individually with their very own group, coaching, and equipping features. Even inside companies, it’s nonetheless too frequent to see particular workplaces targeted on accessions, schoolhouse throughput, coding billets, qualification compliance, and retention incentives, respectively. Every is doing competent work, but when the information and choices don’t join, the Protection Division just isn’t managing a pipeline. It’s managing handoffs.
The stress to streamline the method of recruitment, choice, accession, task, analysis, retention, and administration is additional difficult by the query of safety clearances — a close to ubiquitous requirement for presidency cyber workforce members. The clearance pipeline will be argued to be pushed virtually completely by forces outdoors the personnel administration cycle. This makes it a wholly separate drawback: There could also be virtually zero overlap between data that may derail a clearance — reminiscent of adverse habits, associations, or different pink flags — and the abilities evaluation, {qualifications}, credentials, and schooling data wanted to handle profession development. This implies the clearance pipeline will possible stay a bottleneck for Cyber Command 2.0, and one which have to be managed in sequence by separate companies.
What the Pentagon Ought to Do Subsequent
Predictive evaluation is most precious when it’s embedded in a bigger system containing significant efficiency and qualification information. The true return on funding for such psychometric instruments comes when evaluation outcomes are mixed with downstream proof, together with coaching efficiency, supervisor scores, goal efficiency, and long-term retention. That is how a corporation learns which alerts matter and which of them don’t.
The present coverage setting makes this much more pressing. The 2023 qualification handbook gave the division a phased timeline to qualify this workforce, and the framework has develop into extra detailed and extra bold. Whereas a optimistic, it additionally means leaders now want a method to handle careers at scale. Some parts of this method are there, however not but built-in. A task-based framework is useful provided that it informs actual task choices. A qualification matrix is helpful provided that it extra successfully locations folks, develops them quicker, and spends coaching {dollars} extra intelligently.
To make issues worse, cyber expertise just isn’t solely laborious to recruit however laborious to maintain. The non-public sector gives cash, flexibility, technical focus, and an typically cleaner path for individuals who want to stay deep specialists, quite than broad managers. Division management has constructed scholarship and trade packages, that are glorious steps, however retention in a discipline like this can not relaxation on patriotism alone — it requires seen technical profession paths, higher matching of individuals and specialties, and incentives tied to an precisely outlined labor market which acknowledges the salaries a few of these positions can command externally.
Personnel Choice
The Protection Division seems to have correctly deserted the concept that entry-level screening is the top of the choice drawback. There are a number of further modifications to the personnel choice coverage that may assist.
Cyber expertise screening at profession entry may doubtlessly be exempted from the time restrict necessities positioned on entrance assessments throughout the division. Traditionally, the time required to manage an ever-changing battery to over 50,000 examinees per yr necessitated aggressive administration of simply how time-consuming that battery may develop into. Such an issue necessitates revisiting this constraint for cyber neighborhood assessments — further testing time may very well be allotted for these both expressing an curiosity in cyber profession testing, or these assembly a minimal element rating on the doorway examination itself.
The division may additionally go additional when it comes to post-accession and mid-career testing. It already incorporates reliance on post-training certification exams as a part of its credentialing course of (e.g., CompTIA Safety+, AZ-900, and many others.), that are designed to evaluate the examinee’s mastery of coaching simply accomplished. That stated, a mid-career applicant making use of for a well-defined job whose data necessities are established may definitely be given a brand new examination designed to foretell success in that particular job. The credentialing proof described in Directive 8140 is the very best out there, but it surely has not been empirically validated in opposition to downstream job efficiency.
This speaks to a different crucial limitation of the ability of choice exams in predicting downstream efficiency: traditionally, the federal government’s out there information on such job efficiency is woefully insufficient. If we can not measure job efficiency, this efficiency turns into nearly unattainable to predict. This drawback has traditionally been created by the need to generate comparable job efficiency and profession development information constant throughout giant swaths of the power (e.g., health experiences and evaluations), however the excellent news within the case of cyber jobs and job households is that it must be doable to create comparatively secure, goal metrics for efficiency on many related duties. The narrower the set of jobs to be predicted is, the less complicated this activity turns into. If jobs will be well-defined, and the efficiency of a big variety of their duties will be objectively measured, it turns into a lot simpler to predict efficiency inside them.
Qualification Administration
The shortage of aforementioned predictive energy for credentials doesn’t imply they’re poorly outlined. It solely implies that, thus far, we can not present proof that they work as predictors. Even when they’re discovered to be predictive, they’re hardly ample — the division wants a greater method to seize incumbent {qualifications}.
The 8140 qualification matrix outlines the federal government and personal sector coaching, coursework, and certification necessities acknowledged as ample for qualification for particular certifications and work roles. The mannequin assumes these work roles will be mixed, in some restricted portions, to outline jobs. This can be a optimistic, because it permits stakeholders to trace the evolution of competency and expertise throughout a sequence of associated jobs, utilizing a static taxonomy that has been deemed ample at current.
The system does have appreciable shortcomings: The 8140 matrix says nothing concerning the applicability of different certifications throughout profession fields or job households, nor does it assist translate the extent of overlap between doubtlessly associated jobs in numerous job households. In defining how {qualifications} will be met, this mannequin has no mechanism to accommodate any mixture of schooling, expertise, or certification exams. The 8140 additionally implicitly assumes the continued relevance and accuracy of a static listing of competencies used to explain these jobs, and assumes these competencies are outlined with ample granularity to distinguish amongst related positions. The construction of the 8140 necessitates that any modifications to its parts will doubtlessly require handbook revision to the hundreds of competency-credential-job-family relationships outlined by it.
These can, and will, be addressed. Underneath the Protection Human Sources Exercise, the Superior Distributed Studying Initiative offered steering and oversight relating to a sequence of Institute of Electrical and Electronics Engineers requirements that outlined how human efficiency (9274.1), learner data (P2997), competency definitions (1484.20.3), and studying metadata (2881) have to be outlined and captured to allow a complete studying structure. These requirements stay present, as do the repositories and supply code used to develop the group’s reference implementations (i.e., working variations) which are hosted at Affect Stage 4. These instruments used graph programs to hyperlink learner, coaching, and job data at scale utilizing a zero-trust structure. This technique, or one structured in response to the identical necessities, can accommodate cascading modifications to relationships amongst components within the competency-job graphs if one of many components within the graph is modified. In different phrases, if one competency information ingredient is modified — say if its definition is up to date, or it’s cut up into two totally different competencies — every part related to it should replace mechanically. Most, if not all, of the shortcomings listed within the earlier paragraph may very well be mitigated by way of the implementation of a studying structure mannequin of the 8140 system. This must be carried out as an enterprise information layer for cyber workforce choices.
Not one other workbook. Not one other static repository. Even a stay connection of the static components of the present system could be inadequate. An enterprise information layer constructed in response to studying structure necessities as an growth of the prevailing 8140 framework, would do an excellent many issues. It might measure job necessities with much more accuracy, and would accommodate partial matches throughout jobs, work roles, and certifications. Most significantly, with a zero-trust construction, it may accommodate the inevitable modifications and updates to all the competency and job information the Protection Division defines in the present day as “present.” This mannequin has existed for seven years, and it’s thought of ample as of this writing. How will it look 5 years from now?
Bringing It All Collectively
Leaders of the cyber workforce ought to be capable to hint the relationships amongst choice inputs, qualification timelines, function assignments, and efficiency predictions throughout the total life cycle of a cyber skilled. Till that is doable, senior officers will proceed to make strategic workforce choices with partial visibility.
The system described right here would propel the Protection Division towards higher seize of applicant/incumbent capabilities, competencies, and job necessities. This may, in flip, allow higher candidate matching, intentional profession design, and quicker course correction for unsuitable matches — a mediocre match wastes scarce expertise, whereas a powerful match develops it.
Lastly, the division ought to decide success by operational and workforce outcomes, not by compliance optics (the acknowledged objective of Cyber Command 2.0). The precise measures usually are not simply how many individuals maintain a qualification on paper, however whether or not the division is decreasing washout, shortening time to efficient contribution, bettering placement high quality, retaining high performers longer, and constructing depth inside the specialties that matter most.
The Division of Protection doesn’t want to begin from scratch on cyber workforce reform — it already has severe folks, strong frameworks, and helpful packages in movement. Nevertheless, it should acknowledge that personnel screening, task, credentialing, job necessities definition, and efficiency prediction are all a part of the identical drawback. They can’t be tackled individually.
Henry Phillips, PhD, is director of strategic development for analysis and improvement at IntelliGenesis and a retired United States Navy commander. A naval aerospace experimental psychologist with a doctorate in industrial-organizational psychology, he has designed and fielded evaluation instruments utilized by hundreds of navy candidates per yr. His areas of experience embody choice, evaluation, workforce coverage, coaching programs acquisition, and personnel placement. He additionally served because the chief of workers for the Superior Distributed Studying Initiative. The views expressed listed here are his personal.
**Please be aware, as a matter of home type, Struggle on the Rocks is not going to use a distinct identify for the U.S. Division of Protection till and except the identify is modified by statute by the U.S. Congress.
Picture: Maj. Christopher Vasquez through Wikimedia Commons
