IT security org urges Trump to prioritize cyber workforce

635729916401396031-cyber.jpg

An employee sits at his computer terminal within the National Operations Center (NOC) at the Department of Homeland Security in Washington, DC, February 2, 2015. (Photo Credit: JIM WATSON/AFP/Getty Images)

Information technology security organization (ISC)2 has urged the Trump administration to prioritize cyber workforce development as it works to finalize an executive order to strengthen federal networks and critical infrastructure.

In an April 19 blog post, Dan Waddell, (ISC)² managing director for the North America region, laid out nine recommendations that were previously delivered to White House Chief of Staff Reince Priebus and others on the Trump team, as well as to the Subcommittee on Information Technology during an April 4 congressional hearing.

Waddell stresses the importance of expedience to reverse the cybersecurity skills gap in the face of daily threat increases. He advocates for the value of reinstating the federal CIO and CISO with greater authority to promote holistic cybersecurity solutions and cybersecurity cross-training across all departments within federal agencies, improving communications between government cyber personnel and the boardroom.

He notes the importance of incentivizing hiring and retention to attract experts from the private sector, which can be aided by investment in acquisition, legal and human resources personnel. 

He highlights ways the civil service system is handicapping efforts to attract and retain top cyber talent and should be reformed.

In addition, Waddell reinforces the benefits of embracing risk management and a standard cyber workforce lexicon in a quest for cyber resiliency, lauding the efforts of the National Institute of Standards and Technology to develop workforce development, planning, training and education resources for this goal through a collaboration across government, industry and academia.

The entire set of recommendations for building future cybersecurity policy can be read on the (ISC)² blog