Transforming cyber talent development for a Transformational Age

We are living in a transformational age, which has only been accelerated by the pandemic, where digital connection and cyber enablers have been helping us navigate through one of the most challenging times humanity has ever seen.

With this incredible challenge comes the opportunity of reinventing ourselves in every way we can. While digital transformation has forged ahead, supporting this transformation with cyber capabilities and considerations has fallen short. Most of the cyber capabilities have focused on technology alone, which albeit required, it is time to refocus and restrategize our approach for developing, nurturing, and expanding the cyber talent base.

This transformational age now needs to be matched with a transformational learning and talent development framework that can support the growth, secure the digital assets being built in cyberspace, and provide durable employment and long term career opportunities for many. This will not only serve as a model for addressing the talent need for the industry, but also expand opportunities, and career pathways for engaging the underserved, underprivileged and underrepresented (3Us of the society). 

Recently in alliance with Safal Partners, Cyber Future Foundation was entrusted by the U.S. Department of Labor with the responsibility of developing and expanding the Cyber Apprenticeship Model. We feel quite fortunate to have recognized the need ahead of time and with a very capable and committed community behind it, Cyber Future Foundation jumped right into executing a long-envisioned plan. The CFF Global Commission on Cybersecurity Education (Estd. 2018) and the Cyber Workforce Development Program (Estd. 2019) has been ready from the word go, to put its workforce development engine into high gear.

In 2019, the CFF Global Commission on Cybersecurity Education working with a number of industry stakeholders identified areas of engagement with the industry to bridge the demand and supply gap. Considering that the educational curriculum for cybersecurity professional courses is not necessarily built with industry need in mind, it was recommended that a Cyber Workforce Development Program be built which has direct participation of all stakeholders, including the industry, in the learning and talent development process. It was also recommended that employers and industry stakeholders engage with the candidates prior to their entry into the workforce, and thus left shifting the employer engagement. This led to the development of a comprehensive learning framework for advancing cyber talent, and thus cyber capacity.

It is worth noting that the GCCE did not limit it to the entry-level workforce, but quite thoughtfully painted a big picture view of education, enablement, and awareness at different Levels of Society and Workforce. However, the immediate gap that needed to be filled was with the industry entry-level and early-stage practitioners who desperately needed some capacity support. Many practitioners in the absence of sufficient capacity support continue to work long hours and the industry is barely keeping up with the cyber threats by the sheer commitment of many of these early-stage practitioners and mid-career professionals. While automation is assisting with some of that capacity a lot of the actual security and risk decisions as well as managing legacy infrastructure still needs to be done manually, and may continue to be needed.

This was more than enough motivation for the CFF community to come together and prepare an industry informed and demand-driven cyber education framework. This was unveiled in January 2020 in Davos at the Cyber Future Dialogue.

What followed since then and through the ups and (mostly) downs of the pandemic challenged 2020 was the pursuit and development of a framework that could address the need for a long term overhaul of the learning process, and end to end and vertically integrated model, that can support the need of the digital transformation and pandemic-led acceleration of a remote-connected business environment. This pursuit led to the many ideas discussed during the Cyber Future Summit.

This demand led us to immediately realize this vision into a comprehensive framework. With this, we are introducing the Transformational Learning Framework and we chose not to limit it to cybersecurity as we feel this framework can be adapted to any professional field. Along with the framework, we are introducing a sequence of connected implementation model that is aimed and transforming cybersecurity talent development for the longer term.

This Transformation Model comprises of a learning model that captures the entire breadth of Learning Stages and Skilling opportunities that can be put to use by the workforce development program at various stages.

• Foundational Learning - This corresponds to 'Start-skilling' (term thanks to Katie Adams, Workforce Development Director at Safal Partners), a process where the sills are taught early at entry-level, aligning with the needs of the digital transformation that the current industry and society at large is experiencing.
• Incidental Learning - This corresponds to 'Cross-Skilling' - expanding hands-on learning opportunities to adjacent skills that a practitioner gets exposed to while delivering their primary jobs. This helps them in understanding their contributions relative to others in a more holistic way. For example, someone who is working in the field of identity and access management (IAM) gets to learn, appreciate, and apply the essentials of data protection and privacy (DPP). While the practitioner may still be engaged as a subject matter expert with delivery responsibilities of IAM, and assisted by a DPP practitioner, but knowing and adjusting their engagement deliverable with respect to DPP (and other requirements) essentially leads to a better outcome. Eventually the IAM Practitioner may be able to expand their skillset to DPP and other areas, enhancing their career growth opportunities.
• Incremental Learning - This corresponds to 'Up-skilling' opportunities - providing practitioners to become more seasoned professionals in their respective areas of expertise. While a few professionals get the opportunity to explore a wider array of technical options, many practitioners are stuck to the legacy technologies and hardly get the chance to work on newer and more innovative solutions that the industry offers. This limits not only the learning experience but also the career potential of the practitioners. The up-skilling and incremental learning opportunities, not only keep the practitioners learning current but also give them an opportunity to advance to becoming full-fledged professionals in their specific cyber function. 
• Transformational Learning - This corresponds to advancing a full scale ‘Re-skilling’ where the whole stack of practitioners, professionals, and executive leadership of an organization get abreast with the newer skill set aligned with the transformational age. Many leaders and professionals are struggling to keep up with the dynamic technical environment. Various technical innovation continues to disrupt business and upend the established models of engagement. The opportunities associated with digital transformation are to be balanced with the risks and challenges associated with cyber security. This is not only required but is an essential consideration for the current workforce to be re-skilled into a modern workforce that can not only coexist with large scale automation but also secure the digital infrastructure at all levels. 

This Transformational Learning Framework is not only applicable for expanding cyber capacity and talent development but also equally relevant for the broader technology landscape.

At Cyber Future Foundation, we are supporting this framework with a full delivery model, and a comprehensive ecosystem which includes:

• A left shifting model of employer engagement - including early engagement with the entry-level workforce prior to their entry into the professional workforce
• A compatible Curriculum and financing structure - including a free (CFF program funded) training program with the support of the CFF community and programs
• A career engagement and enablement lifecycle - considering appropriate intake and output models aligned to industry expectations
• A program intake model - casting a wider net for the cyber capacity development with aptitude testing and career fitment analysis
• A program output model - providing a full career coaching and career maturity index ascertaining that the cyber candidates have a clear career path
• An engaged cyber ecosystem model - providing a fully inclusive model of industry supporting the career engagement and enablement model
• An innovative cyber talent pod model - providing a full stack cyber capability for the members of this program

We welcome you to explore the initial version of this model at the CFF website Cyber Workforce Development Program Learning Framework and provide the community with your valuable input. This is version 1.0 of the framework and we believe with the support, input and feedback of the CFF and broader professional community we can evolve this to fulfill the mich needed transformation in learning and reskilling our workforce at all levels.

The Cyber Workforce Development Program Transformational Learning Framework V1.0 is being applied directly towards the Cyber Future Foundation's contribution towards the Safal-CFF alliance delivered Cyber Apprenticeship program as part of US Department of Labor's Registered Apprenticeship Program across the entire nation.

Cyber Future Foundation is also supplimenting this program, with the intent of providing direct job related experience with it's securing small business program nationwide, through its Cyber Care Package program.

There are 30.2 million small businesses in this country, which comprise a whopping 99.9% of all United States businesses. Small businesses employ 58.9 million people, which makes up 47.5% of the country’s total employee workforce.

Cyber threats do not spare small businesses, in fact they can be devastating. 

82% of SMB owners saying they're not targets for attacks and an estimated 60% of all SMBs fail within six months of a cyberattack.

Cyber security industry has the potential to serve as a twofold economic development opportunity. It can enable the economy by protecting businesses and organization, as well as reduce unemployment by creating new jobs both in cybersecurity and the sectors it protects. The CFF Cyber Care Package, intends to serve this dual purpose of addressing the demand for cyber talent, as well as that of advancing the need for securing small businesses.  

We expect that this comprehensive framework, the resources supporting the framework execution and deployment, and the support of the widespread Cyber Future Foundation community will advance the overall cyber security posture of the nation.