DON IT Workforce by fsy40675


									In contrast to the physical domains, in cyberspace a risk
accepted by one is a risk assumed by all – NMS-CO Dec 2006
• We must develop a “Fighting Strategy” for all areas of Cyber and
•The call to public service varies from generation to generation
and from person to person.
• Public law and direction place significant requirements on
Federal IT employees.
• How will the DON address the situation of maintaining and
operating state of the art and legacy systems concurrently?
• How must we train and educate our workforce to prepare for the
Pearl Harbors of cyber?
• How will we meet the challenge of helping to ensure that a
sufficient talent pool is available for DON IT work?
• We must also address the challenges of appealing to a diverse
multigenerational workforce.
   Federal CIO Council IT Workforce Committee
• Sub Committees:
   – Attracting Talent
   – Assessing Talent
   – Invigorating Talent
   – Managing Talent (DON CIO chair)
• Interchange of ideas and requirements between federal
• Path to organizations such as OPM
• Federal level review of legislative requirements
• Federal level path for new initiatives

           DoD IT Workforce Working Group
• DoD level interaction among Departments, Agencies, and
  Field Activities
• DoD CIO is the DoD IT Functional Community Manager
   – DON CIO is the DON Component Functional Community
• Direct contact with DoD CIO, OSD P&R and civilian
  personnel leadership
• Efforts include
   – Legislative reports
   – DoD level initiatives related to competencies, new hiring
     processes and tools
   – Civilian community management initiatives
   – Competency development
                DON IT Workforce IPT
• DON level group headed by DON CIO to address DON IT
  Total Force issues
• Strategic Plan development
• Competency development and validation
• Career path development
• Cyber Workforce
• Workforce Planning
• Issues identification and escalation as necessary
   – IEC
   – FMOC

          Draft IT Strategic Plan Goal


     Our emphasis will be to ensure that the collective
capabilities of the DON IT total workforce professionals
are fully supported throughout IT operations.

                       We are facing the most serious economic and national security challenge of the 21st Century
                       "cyber operations are crucial to the US military and intelligence and must be effectively managed in
                       terms of war fighting, not as an administrative or commercial operation. The threat cycle for cyber
                       attacks is 14 days." [Gen Cartwright, VCJCS, 23 Mar 09]

                                                                                                        New Normal
                             Strategic Guidance
                             • CNCI                                                    • Culture – Leadership Priority, Global
  Network Security Posture

                             • OPLAN 8010                                                Risk Perspective, For Mission Use Only
                             • DON Cyber Instruction                                   • Conduct – Inspections, Training,
                             • DON CND Road Map                                          Enterprise C2, Standard Reporting
                                                                                       • Capabilities – Proactive and
                                                                                         Automated Response
                                                        Transition Actions
                                             •   Increase Protection of Information At Rest
                                             •   Managing Risk w/ an Enterprise Perspective
                                             •   Augment our Defense-in-Depth Strategy w/ a Defense-in-Breadth Strategy
                                             •   Increase Assurance of User Authentication by Eliminating Usernames and
                             Old Normal Insufficient Network Security Posture
                                 Culture                       Conduct                            Capabilities
                                 • Not Command Priority        • Lack of Enterprise C2            • Personnel Shortages
                                 • Lack of Global Risk Focus   • Unenforceable Accountability     • Resources Misaligned
                                 • Personal Use mindset        • Inadequate Assessment Program    • Technology Not Integrated

                                                                         Time                                                     88
        Civilian Human Capital Planning
•   OSD Functional Community Managers
     • Analyze current and projected mission requirements
     • Includes expeditionary and non-expeditionary
     • Workload forecasts
     • Inventory analysis
     • Assess competencies
     • Develop and implement strategies for gaps and career
     • Assess functional training
• Component Functional Community Managers
    • Work with OFCM and have responsibility for the OFCM activities
    listed above within their component, and
    • Develop, implement, and operate job analysis programs
    • Integrate competency-based SHCP into life cycle management
• TFPM Goal 2 is also developing policy on roles and responsibilities of
DON Community leaders – DON CIO is the DON-Level Community
                     Draft NetOps Career Path
 Cross Area Development:

                Security                      Networks

   Asset                                                    Deployables


              Data         Customer Support          Apps

Config Mgmt                             Support

        Total Force Competency Development

• Working with OPNAV N11 to build competency models for the IT
  Series (2210, 1550, 0854, 1410, 2203, 2204, 0390, 0391, 0392,
• Will have general and technical competencies as well as
  knowledge, skills, and abilities
• Have already completed competency validation workshops for
  1550, 854, and 1410
• Competencies will be used for workforce planning as well as
  individual career planning

                       Online Training

• Access the training at https://ile- and click on DON IT 2210
  Competencies Matrix Spreadsheet
• Matrix Maps 2210 Parentheticals to Competencies to Courses
• Training can be accessed and used by anyone, not just 2210s
• If you have any feedback submit your comment to the DON CIO IM/IT

                 DON CIO Website


•DON IT Strategic Plan
•Policy and Guidance
•DON CIO Blogs and Podcasts
•DON IT Conference Information
•Ask an Expert
•Info Alerts
•Link to USMC ITM COI website

                            New “Anatomy” of Cyber Warfare
                                       Source: Scientific Advisory Board
                                              “Defensive” Side Thinking
                                             React to “Guests” Activities                          Title 10
                                                                                       Title 50
                                       Detect “Guests” Activities                                             Counter Attack
                                                                                     Title 18
                             Monitor Network and Systems                       Fight Through
                                                                    Title 40

                                             Ongoing Operation of Missions
                                                  & Network Timeline

   Find Access Paths                          Explore Net & Observe Ops

Find Vulnerabilities              Launch Exploit            Exfiltrate Information                Execute Attacks Against
                                                                                                    Net, Apps, & People

     Offline Test of Vulnerabilities                 Model Attacks Against
           and Access Paths                           Net, Apps, & People

                                              “Offensive” Side Thinking
                                                       Matrix Extract
Navy NSPS 2210 SkillSoft Content
Mapping Matrix
Click on the Recommended "R" or Core "C" link to view the SkillSoft courses aligned to the competencies listed in column A

                                                                                    2210 Job Role

                               Policy &                                                                     Data                   Systems     Custom
                               Plannin                   Systems      Applicati    Operati    Network     Manageme       Inter   Administrat     er
                                  g        Security      Analysis       ons          ng       Services       nt           net        ion       Support
Key: C = Core,                 (PLCYP      (INFOSE     (SYSANALY      Software     System     (NETWO      (DATAMG        (INE    (SYSADMIN     (CUSTS
R = Recommended                  LN)          C)           SIS)       (APPSW)      s (OS)       RK)          T)            T)          )         PT)

Technical Competencies

Accessibility                                 R             R             R                                                  R

Artificial Intelligence

Business Process
Reengineering                      R                        R

Capacity Management                                                                               C            C                     R           R

Capital Planning and
Investment Assessment              C                                                                                                                 16

• We have done the work needed to determine what positions we expect to fill
  by grade, skill and location for military and civilian
• Open and continuous recruitment and hiring and will continue across the
  next five years
   – Will be looking for internal and external talent
• Working with OCHR on recruitment and hiring – including additional
  Direct hire Authority (DHA) for IT 2210 series
• Organizations developing civilian position descriptions
• Announcements and recruitment efforts will begin this summer to meet FY
  2010 requirements
• NGEN training will be required for all members of the workforce
• NGEN is only a part of the total emerging and evolving requirements
• We will need to develop our current workforce and hire to fill gaps and
  ensure career progression

  Draft Beyond NetOps Career Path

            DOD CIO          OSD AT&L

            DON CIO           RD&A

 OPNAV N6             DCMO   DASN C4I

NETWARCOM                     PEO EIS

                               IT PM

      Draft Workforce Strategic Plan Goals

• Develop and oversee implementation of policy and
  processes that support disciplined workforce
  management through effective workforce identification,
  recruiting, sustainment, development, retention and
• Transition the civilian IT workforce to a formalized
  Functional Community Management (FCM) framework.
• Implement and manage the development and use of
  standardized and validated competencies within the IT
• Identify evolving training, education and certification
  requirements and maximize learning opportunities for the
• Empower the Cyber Security (IA) workforce through
  integration of CND/IA into Cyberspace operations           19
                 Cybersecurity Workforce
• Questions to be answered
   – What Skills are needed?
   – How many people are needed with those skills?
• Cybersecurity jobs
  – System administration, client systems and servers
  – Network administration and network security operations (network
    engineering, network security engineering)
  – Security assessment, security auditing and computer network defense
  – Intrusion and data analysis
  – Forensics investigation
  – Programmer
  – Security architect (security engineering), designer, developer
  – Program manager, IA Manager, and incident manager (handler)
  – Other cybersecurity work is classified

To top