As the Trump Administration approaches 100 days in office, (ISC)2 has announced a set of cybersecurity recommendations for the Trump Administration to consider.
The recommendations were delivered to White House Chief of Staff and others on President Trump’s team in order to urge prioritization of workforce development within the pending cybersecurity executive order and beyond.
During a December 2016 gathering sponsored by the (ISC)2 U.S. Government Advisory Council (USGAC), participants, including former Federal Chief Information Security Officer (CISO) Gregory Touhill and federal agency CISOs and executives, discussed transition planning from the cybersecurity workforce perspective. The following is an abridged list of areas that (ISC)2 has since identified as critical for the new administration to address:
Time Is of The Essence. The widespread and damaging effects of cyber threats are revealed on a daily basis. At the same time, the demand for skilled cybersecurity workers is rapidly increasing.
Consider the Progress Already Made. Cybersecurity is a bi-partisan issue. Critical work has been done over the last eight years to advance the cybersecurity workforce.
Harden the Workforce. Everyone must learn cybersecurity. We have to break the commodity focus of simply buying technology and stopping there, without focusing on training all users.
Incentivize Hiring and Retention. In today’s world, a sense of mission doesn’t always override good pay—incentives work.
Prioritize Investment in Acquisition, Legal and Human Resources (HR) Personnel. Acquisition, legal and HR professionals are essential players within the federal cybersecurity ecosystem.
Prevent Getting Lost in Translation. The government needs effective communicators who can translate technical risk to business leaders.
Civil Service Reform. The civil service system is broken and does not meet the government’s needs.
Compliance Does Not Equal Security—Embrace Risk Management. In the government’s quest for cyber resiliency, a risk management perspective will be essential.
A Standard Cyber Workforce Lexicon. Once finalized, the NICE Cybersecurity Workforce Framework should provide an excellent resource for workforce development.
“In a recent congressional hearing, (ISC)2 had the opportunity to present these recommendations in an effort to advocate for our members and the broader cybersecurity profession during the presidential transition and beyond,” said Dan Waddell, (ISC)² managing director, North America Region. “Significant progress has been made over the past decade to advance the federal cyber workforce; our recommendations reflect the importance of building future cybersecurity policy—including the pending executive order—on the existing foundation.”