Cyber

VA developing cyber careers program to fill gaps in workforce framework

The department is in the process of identifying new work roles tied to VA-specific positions.

January 21, 2020

(Getty Images)

The Department of Veterans Affairs is developing a cybersecurity career program to fill gaps in the NICE Cybersecurity Workforce Framework.

VA’s Office of Information Security stood up a Cyber Workforce Management (CWM) program across the broader Office of Information and Technology (OIT), which determined existing NICE Framework roles didn’t meet all of VA’s mission needs. The NICE framework, developed by the National Initiative for Cybersecurity Education, prescribes knowledge, skills, abilities and tasks (KSATs) to work roles like a cyber defense analyst.

“There are gaps in the framework. Medical is not in there, med cyber — jack of all trades, master of medical devices,” Stephanie Keith, CWM program manager, said during a panel discussion at the 2020 Health IT Summit. “But where are the cybersecurity aspects of that? At VA we’re looking at how we develop what that work role looks like.”

The CWM program plans to identify work roles across every single position within VA and its IT office and establish qualification requirements for each role that all of government can use, she added.

“I’m not about unique requirements for an agency,” Keith said. “I’m about federal national standards.”

CWM is also standing up a cyber training academy pilot to teach employees baseline skills associated with the work roles. Baseline skills for, say, a cyber defense analyst should be the same at every agency so they’re portable, Keith said.

Training for new work roles covering positions like healthcare technology managers and informaticists should happen at the device level, not the network level, she added.

VA employees further removed from technical positions still require cyber training as well in areas like early detection and zero trust, said Paul Cunningham, chief information security officer at VA.

“We’re never going to get medical teams to be primarily cybersecurity. It’s not their mission; we shouldn’t expect it,” Cunningham said. “But we should make it very easy for them to help us as first-line defenders recognize when things are not operating correctly.”

VA developing cyber careers program to fill gaps in workforce framework

More Like This

Kiran Ahuja to step down as OPM director

NASA and OPM take steps to modernize astronaut applications

How Google Cloud AI and Assured Workloads can enhance public sector security, compliance and service delivery at scale

Top Stories

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

ICE pursuing privacy approvals related to controversial phone location data

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

More Scoops

Bipartisan Senate proposal calls for AI workforce framework from NIST

Report: Agencies ahead of industry implementing zero-trust security

Lack of identity engineers hinders agencies’ MFA adoption

Job-coding issues may hinder DOD’s cyber workforce recruitment, IG says

Department of Energy expands CyberForce program

Lawmakers look to create cyber training programs at CISA, VA

VA looks beyond multi-factor authentication to secure extended telework

Latest Podcasts

VA developing cyber careers program to fill gaps in workforce framework

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

ManTech leaders discuss innovation and security with Google technologies

Google’s Chris Hein on how AI is changing how citizens relate to government

Tech

Defense

Cyber

Acquisition