The Defense Department faces threat actors that are smarter, faster and more advanced than ever before. The Government Accountability Office reported that federal agencies faced 32,211 information security incidents in fiscal year 2023 — a nearly 10% increase over the previous year as noted in last year’s Federal Information Security Modernization Act annual report.
But even more alarming than that is the speed and scale of attacks. Threats from hacking groups like Salt Typhoon have targeted critical infrastructure. The Chinese organization breached at least eight U.S. telecommunications providers in November of 2024 as part of an international intelligence collection campaign. The Center for Strategic and International Studies said the attack likely started up to two years ago and still infects some telecommunications networks as of this writing.
While those attacks did not directly target the DoD, they did show that cyber attackers have been able to infiltrate some of the world’s biggest and most vital networks.
This situation, combined with the current administration’s mandate to reduce government headcount, has caused the Pentagon to rethink the way it hires and trains its cyber workforce.
At a recent cyber workforce summit, several DoD tech officials spoke about the critical need for a highly skilled and adaptable cyber workforce to effectively address the escalating complexity of threats. Defense Information Systems Agency Director Lt. Gen. Paul Stanton said that the cyber workforce must not only be qualified in their respective roles but also be able to integrate those skills into dynamic, real-world scenarios.
This mindset complements DoD 8140.03 — the latest version of evolving Pentagon guidance aimed at establishing a comprehensive framework for developing a resilient, capable cyber workforce. The framework, which was last updated two years ago, is expected to be revised again soon. The newest version will include new educational requirements as part of ongoing efforts to refine and standardize cybersecurity roles across the department.
Cybersecurity certification training will play a significant role in addressing all these challenges by bolstering the DoD cyber workforce through initiatives like upskilling existing practitioners, reskilling IT staff and training the next generation of cyber defenders.
Shifting to performance-based training
All too often cybersecurity training and certifications were designed around knowledge-based tests. This approach was effective at showing who could take a test well, but did not provide an accurate prediction of how practitioners would respond to or could thwart real-world cyberattacks. DoD 8140.03 was the Pentagon’s attempt to change this type of training mindset, require more “hands-on” instruction and equip the cyber workforce with skills they can put to the test.
The best way to achieve this kind of effective readiness is through performance-based training led by instructors who are active security practitioners and requiring in-class use of security tools in realistic scenarios. It’s essential that those teaching are also working professionals in the cyber field, as this ensures they stay aligned with the evolving threat landscape. Their real-world experience allows them to tailor training to the latest attack methods, giving students the practical skills they need to defend against new and emerging cyber threats.
Certification programs should also include scenario-based training. In fact, the participant’s grade should be determined by a test that puts them in the high pressure situation of identifying and addressing a cyberattack.
The best programs incorporate scenario-based training that mirrors real-world challenges. Ideally, a participant’s performance should be evaluated through a hands-on assessment that places them in a high-pressure situation — tasking them with identifying and responding to a simulated cyberattack or receiving new indications of compromise and making needed changes to maintain safety. This approach tests technical knowledge and measures critical thinking, decision-making and composure under stress.
Finding talent from within
Hiring freezes, tight budgets and the need to move quickly make it important for the DoD to leverage its existing workforce to cultivate talent from within. When asking hiring managers about their best source for cyber talent, I’ve found that they almost always respond by saying internal candidates with IT knowledge have outperformed those hired from outside the organization.
You don’t need to integrate internal hires into your existing workforce operations. Each military component does things differently, so if you hire someone from your own IT team, they already have a general understanding of internal processes, workflows and culture. In this way, it could also be beneficial to hire back some of the tech talent that took early outs and train them on cyber.
Upskilling the current cyber workforce
The new administration’s push for efficiency begs the question, “Do I need more people, or can I stay secure with the same staff, or even fewer people with more skills?”
A starting point to strengthen the DoD cyber workforce is by broadening the skills of your current staff. This gives them the ability to do more than one cyber job and has the effect of keeping them interested in federal cyber work. If you rotate cyber workers through different jobs and cross train them, it eliminates boredom and gives them a more robust skillset.
The Office of Personnel Management has endorsed this idea, saying “Cyber employees serving in rotations gain on-the-job experience and achieve higher or different skill levels in IT, cybersecurity, or other cyber-related functions.” This model also promotes both intra-and interagency coordination of cyber practices.
To redefine the DoD’s cyber workforce — making it leaner, more efficient and more effective — the agency and its components must make targeted investments in hands-on training approaches that increase skills, not just knowledge. Upskilling current practitioners, reskilling IT staff and preparing the next generation of cyber defenders will be critical components in defending against bigger, faster and more effective cyberattacks.
John Pescatore is director of emerging security trends at SANS Institute.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
