Cyber Workforce Training

Transcription

1 Cyber Workforce Training Mr Steve Jurinko DISA/PEO-MA 13 May

2 DISA Cybersecurity Workforce Initiatives Cyber Workforce Coding DOD CIO initiative To identify the Cyber Workforce (CWF) across DISA in accordance with the DoD Cyber Workforce Framework, to allow for prioritization of efforts towards Role based training, assessments, tracking, management and reporting of the CWF in a standardized way across DISA & DoD. JIE Role-Based Training Will increase knowledge, skills and abilities of the DISA and DoD Cybersecurity workforce and improve the DoDIN and Defensive Cyber Operational status. Cyber Protection Team Training DoD Information Network training program consisting of classroom instruction and lab exercises. Targeted security training Cybersecurity Workforce Assessment & Certification Level 1 (11 Roles) To establish an Assessment and Certification Methodology to Professionalize the DISA Cyber Workforce. JIE/JRSS Cyber Security Range Virtual Training Environment (VTE) To provide a VTE integrated into the CSR, scalable in capability and capacity, ISO anticipated growing demand in DISA/DoD training support requirements. Risk Management Framework Provide updated training processes and responsibilities as DoD transitions from DIACAP to RMF 2

3 JIE Training Situation Analysis Problem Statement: Existing DISA/DoD Cyberspace Workforce (CWF) training and certification programs do not currently provide a framework that effectively integrates JIE/JRSS training and assessment. Requirement: To develop and establish a CWF training framework (JIE/JRSS training environment) NLT (TBD) that provides the capability and capacity to effectively train and certify the JIE/JRSS roles. Background: Standardized JIE Enterprise Operations Center role-based training Army/Air Force/DISA are collaborating in the development of Joint Regional Security Stack (JRSS) training Framework development plan is a multi-phased & parallel effort Phase 1: Initial tools training at the different Tiers Phase 2: Develop JIE/JRSS Role-based training content Phase 3: Building a JIE/JRSS Cyber Security Range virtual training environment Phase 4: Provide Role-based individual/team assessments Outcome: Standard for all JIE centric operations 3

4 Joint Table Top Exercises/Workshops Objective Operational Vetting of Vignettes & support requirements Vetted operational vignettes Identified Echelons of Authority Construct (Draft) Identification of Cyberspace Roles Established core TTP frameworks Validated JIE infrastructure Identified training requirements Developed training gap analysis plan Draft training plan & timelines Operational Timeline 4

5 JIE Role-Based Training Training Development Process Identify tools and capabilities JIE Indentify roles and responsibilities Determine interaction between tools capabilities & processes Identify baseline training and determine training gaps Identify SMEs for OJT Content development by role for tools, capabilities and processes Training Delivery Quality control & user feedback 5

6 Future CSR Operational Architecture 6

7 Capstone DoD Cyber Range Assessments DoD Cyber Security Range-based and instructor facilitated webdelivered training and/or assessment for Cyber JIE operators using a common Joint Information Enterprise: Tactics Techniques & Procedures; NETOPS & CND tools and services Increases a JIE operator s proficiency level and demonstrated ability to apply to real-world threats in a non-production environment Qualifies the JIE workforce for collective Enterprise Operation Center and Joint Regional Security stack like missions Provides standardized JIE assessments metrics that measure readiness across the workforce 7

8 8 Cybersecurity Training Products Branch POC: DISA/PEO-MA PHONE: