5 Things I Learned at AFCEA

I recently returned from my first-ever AFCEA event with all the insights, takeaways, and feelings — and I’m excited to share them with you! For context, on 9 May, the AFCEA organization hosted a Cyber Education and Training Symposium — otherwise known as AFCEA CERTS — which includes three days of main stage/sidebar events, breakout sessions, and an exhibition, all focused on enhancing workforce development through recruiting, training, preparedness, and retention.

In other words: If workforce development is your jam, this was the place to be. This was not a tech flea market of hard-bargain peddlers; exhibitor booths didn’t have “landfill” swag. Instead, participants came to engage. Fierce opinions were shared openly. Attendees were involved and thoughtful. Conversations were lengthy and meaningful, and the connections forged were genuine.

In case you’re wondering, here are a few main takeaways from my AFCEA CERTS experience:

1) NOBODY Talked About Certifications.?

?CERTS featured prominent leaders from the workforce development community, and the consistent themes focused on identifying and aligning the workforce throughout one’s entire career lifecycle. Kicking off the symposium, Brigadier General Paul Stanton, CCoE, opened with this gem: “What does it take to operate in the future? Computer Science fundamentals. So — you can write a python script? Big deal. The entire workforce is beyond scripting and exploit development. It’s great that you can do that. But do you understand the algorithms to do these things efficiently? None of it works if you can’t get to the target. The skills necessary to execute the mission are more broad.” Boom. Minutes later, someone asked Brigadier General Terrence Adams, Space Force, what keeps him up at night? He echoed (and cited) General Paul Nakasone, NSA/Cyber Command, with a one-word retort: “Talent.”

How refreshing! Gone are the days spent evaluating the capabilities of our personnel by the number of 8140 awards a person has. Instead, the conversation centered around DoD Cybersecurity Workforce Framework (DCWF) — providing a common lexicon across Military Occupational Specialty (MOS) codes, organizational hierarchies, and even the different services. This view allows for a more diverse workforce rather than an assembly line “operator factory” proscribed by some overarching organization that may or may not know the unique needs of the mission executing units.??

2) Measuring the Workforce Against the DCWF Had Consensus.

Though no talks were dedicated explicitly to DCWF adoption, the event’s speakers consistently spoke about the drive to understand workforce competency, with insights concentrating on how to execute this drive. They spoke about providing outlets for continual improvement and about tracking individuals as they move in and out of service. Recurring themes included how difficult it was to take a person out of the Army and put them in an identical role at say, the Navy, or in civilian service. Or conversely, how to tap into civilian talent that hasn’t been honed through a formal schoolhouse experience. On that note, Col Broome of USMC referenced lateral entry as something he supports (though he indicated that the position is controversial). “Let people move in and out of service; let people come into mid-rank officer roles from the outside,” he suggested. When asked about the strategy behind this, his answer was succinct: “We need superior talent management.”

Placed in the perspective of talent identification, Brigadier General Paul Craft of The US Army Cyber School pointed out that there, they “value high school level Capture The Flags (CTFs) like Cyber Patriot,” and that they “just crated 10 cyber-focused JROTC programs as a pilot.” This echoed earlier comments from General Stanton and others that recognizing talent earlier — even pre-military — should be considered, and that any worthwhile solution should follow the individual through schooling, training, mission-producing units, and transition out of service. Framing talent tracking in terms of retention, Rear Admiral Stephen Donald, TENTH Fleet, noted that it’s imperative “to capture their skill sets in case we can place them elsewhere, and also to know what we are losing.” Mr. Dave Frederick, Cyber Command, spoke of a new Tailored Strategic Retention Incentive Program that connects troops with guard and reserve units so we “don’t lose them entirely.” One speaker used mic time to mention that Army Recruiting Command could play a role in developing a cyber ASVAB model, while a person who attended our exhibition booth described a program at Army Futures Command that loans out capability developers throughout the Army. A DCWF-measured tool to track upskilling and provide a shared method for these forward-deployed individuals to reach back, too, is powerful, and consistent with the belief we are one nation rather than hundreds of discrete HR pools.

3) The Vendor Community Is Strong.?

There are several exciting solutions out there, already on the market, each tackling a part of the overall problem with high energy. There was also a fierce commitment to this issue at the symposium. Hack the Box sent a team of four. Offensive-Security was represented by six, including their CEO and Chief Strategy Officer. TSI and partner CyberStronger showcased their partnership. P3F (in full disclosure: my company) was asked by CCoE to present at the AFCEA Solutions Exchange. Why the heavy investment by these vendors, to name just a few? Because these vendors exist to solve this specific challenge set. The passion for genuine solution-building is there, because it’s more than a business — it’s a calling. No one here was selling “cyber solutions”; instead, the booths had actual demos with actual products. Unlike most trade shows I’ve attended or those at which I’ve presented, this event was distinguished by the open exchange of ideas between government, academia, and industry, with each constituency not only talking — but also listening.

4) Leaders Aren’t Only Aware of the Problems at Hand — They Have Ideas for Potential Solutions.

It was an absolute pleasure to be part of an audience that was not only presented with the existing challenges, but with the ideal solutions. One such solution? Cultivating talent through continuous learning opportunities. Mr. Wendel Foster Jr of DODIN, for instance, noted that his shop of 500 people is composed of nearly all contractors because he’s found it too challenging to develop and retain talent. “At the end of the day, it’s all reps and sets. We want someone who puts the time in.” According to Rear Admiral Stephen Donald, they “value the puzzle solvers, constant little puzzles, one per day. If you partake, then we want to talk to you,” he asserted. In General Stanton’s big-picture view, “we need distributed learning models to support the requirement for lifelong learning.” Lieutenant General Maria Barrett, Army Cyber, had a similar remark: “We can’t focus on recruiting and say we are done. It’s an ecosystem. Retention and development is a process. The default assumption is formalized training, but I don’t think that’s true. Maybe for specific technologies, but other ways exist, like experiential learning opportunities and internships.”??

Identifying talent through gamified, modular design had enormous support at CERTS. The notion that tracking progress might allow some to advance faster was raised, too. Rounding out this perspective was Mr. Dave Frederick, US Cyber Command, who posed a multifaceted question: “Can we offer qualification exams to student populations, spot the talent, ID and engage them early? Can we have virtual and modular training that allows those who ‘get it’ to accelerate through the curriculum more quickly and get on keyboard sooner?” He ended his remarks with the astute observation that “The key is skills and knowing what you're doing. They play with computers regardless of their degree. If there were an assessment, we'd love to issue it. I've seen culinary prep personnel excel in cyber. We need an objective assessment in the hiring process.” Right on.

5) The Appetite for CTF Events Was Apparent to All.??

At the same time, AFCEA CERTS also held a high school-focused Capture The Flag (CTF). As it wrapped up, participants were given access to the exhibition hall. Though it was a local event, there must have been nearly a hundred competitors present. Greenbrier High School Coach Ty Abero noted how vibrant this next generation of practitioners truly is. He said to prepare the students, he actually built his own lab — and now he can’t even keep up with the demand. So far, Abero’s students have conquered all of the challenges he’s set and still have an appetite for more, proving that a gamified approach resonates with this generation and has paved the way for a more diverse, engaged participant population.

Despite its many valuable takeaways, I have no idea whether another CERTS is in the AFCEA’s future. The cyber workforce is a growing yet intimate community, so it’s understandable if AFCEA sticks to bigger events for the time being. But in the event that it does happen again, I’ll say this: AFCEA CERTS was strikingly different from so many other conferences where the main event is collecting business cards to be harvested for a future email drip campaign. At the end of the day, this symposium was about progress, not sales. It was about people who continually confront complex problems getting the chance to connect with people who have built market-ready solutions to address them. The bottom line? If you’re in the cybersecurity workforce development space, then this is the event for you.