How can the DoD build and retain a strong cyber force?

RallyPoint Team — Fri, 26 Sep 2014 09:09:04 -0400

The Department of Defense (DoD) and the US Cyber Command are currently in a panic stricken state. And for good reason, because creating 133 teams of cyber warriors by the end of 2016 is looking more difficult. Most of the talented, energetic young lot of the country interested in the tech field prefers jobs in the private sector and very few are inclined to pursuing technology in the armed forces.

The United States deals with many security threats in their dense cyber network every day and if these are manhandled, disastrous consequences can occur. For the maintenance of national security, cyber warriors are required as much as soldiers themselves, except that this knowledge is not sufficiently popular.

So how does the US Cyber Command recruit the cream of the crop and retain it?

Computer experts and IT professionals the DoD wants to recruit need to be incentivized. People with this expertise are generally reluctant in joining the armed forces. This is mainly due to lack of motivation, unattractive incentives being provided, the comparatively less income and benefit plans, and potentially more stressful work environment. To form a competent cyber warrior force, such factors need to be eliminated and replaced by significantly better offers.

If the US Cyber Command wants proficient computer experts and to tempt the best into taking up the job, it will have to provide certain incentives, bonuses and privileges regularly to be competitive with the private sector. All service branches are already trying to up their game by developing new recruiting tactics, extended service commitments, training programs, retention bonuses and unique career tracks for the cyber career field. For example, the Navy is offering enlistees an instant boost to an E-4 pay grade if they sign up for a cyber warrior job for six consecutive years. Should other branches implement something similar?

To become a cyber expert and keep up with technology trends, exclusive training is required. The special training is very expensive, especially compared to the DoD’s shrinking overall budget. However, continuous training is crucial to bring in and retain top talent. Now, a 24-week course is offered and chosen people are exempted from many steps of acceptance, leading to immediate training. Many cyber experts are thirsty for knowledge and can appreciate any learning opportunities. What else can the DoD do to keep these experts interested?

Cyber experts have to be especially talented because not only do they require computer skills but also immense knowledge of the cyber network of the military, the threats they have to encounter and the confidential information they have to retain. All service members and civilians who apply go through a “cybertest” which determines whether the applicant has the temperament for a military-related cyber job. That way, the US Cyber Command filters out and selects the best people out there. Complemented with a better income, greater incentives and regular bonuses, they may manage to achieve their goal of a highly competent cyber force.

Do you have any experience in the cyber career field in the military? How can the DoD become more competitive with similar private sector positions?

Response by SPC David Shaffer made Sep 26 at 2014 9:55 AM

SPC David Shaffer — Fri, 26 Sep 2014 09:55:40 -0400

The people can make big money in the private industry and they should be compensated the same by our government if they want to have any chance of attracting these people. They bring the compensation up to where it is in the private industry and keep it competitive I don't think they will have this problem anymore. Giving them an instant promotion to E-4 is not going to be enough.

Response by CPT Private RallyPoint Member made Sep 26 at 2014 1:42 PM

CPT Private RallyPoint Member — Fri, 26 Sep 2014 13:42:22 -0400

Tap into the talent pool that you already have. I am watching 25Bs jump out the door as fast as possible due to the way they are treated. Send them a message about transfering and getting a retention bonus. One guy I work with would be perfect for this, but I don't know if he can be convinced to stay in, at this point.

Response by TSgt Joshua Copeland made Sep 26 at 2014 5:13 PM

TSgt Joshua Copeland — Fri, 26 Sep 2014 17:13:57 -0400

I watch some of our best and brightest "cyber" Airmen leave the service after one hitch to immediately pick up a job making 70K+ a year based on the required things the Air Force makes them have. Civilian certification (mandated to get and maintain), years of experience, for most cyber folks a TS Clearance, and many complete at least their Associates degree make them very viable to the civilian and contractor side of the house.

Response by SSgt Private RallyPoint Member made Sep 26 at 2014 5:58 PM

SSgt Private RallyPoint Member — Fri, 26 Sep 2014 17:58:17 -0400

Hire competent GS and Civil Service employees in the INFOSEC career field (not Telecommunication Specs- 2210's) and hold them to the same certification standards as government contractors. As for utilizing military personnel it would be difficult to retain them in an MOS/AFSC/rating since they would be so marketable on the outside. They had this problem in the Air Force with all the PJ's. These guys can get out and work for Blackwater and make 200K overseas.

Response by PO1 Private RallyPoint Member made Sep 27 at 2014 1:01 PM

PO1 Private RallyPoint Member — Sat, 27 Sep 2014 13:01:34 -0400

I know A LOT of people in our community that can "speak" C++ and other languages. They can code, write viruses, etc...
But the Navy wants more cyber people.
Life myself, many of these talented folks can certainly do the job, with one caveat..
They're all gonna need things like - polygraph waivers, bad credit forgiveness, etc.

The DoD's rigidity will have to go to the wayside if they want to come out on top.

Response by PO3 Anthony Farhner made Sep 27 at 2014 9:40 PM

PO3 Anthony Farhner — Sat, 27 Sep 2014 21:40:31 -0400

How about creating a Joint command similar to S.O.C.O.M that shares the responsibility across the board with all branches and agencies.

Response by MAJ Private RallyPoint Member made Oct 4 at 2014 11:02 PM

MAJ Private RallyPoint Member — Sat, 04 Oct 2014 23:02:24 -0400

Honestly from the officer side the recent OSB has made this a nightmare. Those of us who survived the board are left "feeling some type of way" and wonder when the ax will fall. Several of my friends have applied and been accepted into the unit but most only plan to do it for a few years then come back as a GS to reap the benefits. I plan on submitting my packet prior to leaving this assignment but I'm only 17 years into what is hopefully a 30 year career.

Response by SSG Tim Everett made Oct 28 at 2014 9:48 AM

SSG Tim Everett — Tue, 28 Oct 2014 09:48:39 -0400

People who love working cyber-related jobs generally grew up with the internet. They became experts at winning the interwebz before they came of age. The day you can figure out how to make members of Anonymous and LulzSec care about defending America from both internal and external threats, that's when you'll probably have a chance at winning. Unfortunately, that generation has a serious bone to pick with the corporate-sponsored attacks on internet access and cyber freedom.

Response by MSgt Private RallyPoint Member made Oct 29 at 2014 9:21 PM

MSgt Private RallyPoint Member — Wed, 29 Oct 2014 21:21:00 -0400

There has to be a clear set goal and mission focus to build this community. Cyber warrior is still undefined and viewed mostly as a support function. Once the community has clear defined mission goals and capabilities that are defined, then you can look to recruit the best and learn to retain. USCYBERCOM is the perfect opportunity to make this happen. Build specific capability skill sets designed after already established mission sets (Direct Action, FID, MISO, IO, MILDEC, SR). The technical side can be taught it is the mission ops side that is lacking. It does not help that most of these individuals will be recruited from support elements that already feel they are unable to perform missions (IA vs. Ops; Security vs. Capability; accountability for all forces that break cyber rules; clear definition and use of KM). Until there is a clearly defined mission set the talent pool will continue to dwindle and cyber capabilities will be further confusing to combat commanders. Bringing cyber ability to kinetic action.

Response by Lt Col Private RallyPoint Member made Nov 25 at 2014 11:16 PM

Lt Col Private RallyPoint Member — Tue, 25 Nov 2014 23:16:35 -0500

I believe the way to build a strong cyber force is to make it largely civilian. The goal for your cyber force is to have strong technical skills...programming, computer security, hacking, penetration...not to run 3 miles wearing hundred pound rucksack. Like it or not, the guys who learned many of these skills during childhood and high school are not the star athletes, and likely shy away from a career in the military that places such physical demands on them. So don't. Hire people as DoD civilians, with a small corps of active duty oversight.

Response by COL Private RallyPoint Member made Nov 30 at 2014 8:10 PM

COL Private RallyPoint Member — Sun, 30 Nov 2014 20:10:37 -0500

Here is a good TED Talk about defending our network.

http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net

We need to not only figure out the offense we need to be forever vigilant on the defense.

Who are the hackers?

Some hackers wreak havoc online, but others are working to create a better internet. Sociologists, criminologists and hackers themselves speak up.

Response by CPO Private RallyPoint Member made Dec 2 at 2014 4:50 PM

CPO Private RallyPoint Member — Tue, 02 Dec 2014 16:50:36 -0500

It's not just the professional training that is needed. Security+, CEH (Certified Ethical Hacker), and other certs that are great to have but give no real world experience unless you go the true professional classes, not the watered down, compressed (for the Navy anyway) classes that we are sent to. They are lengthy and can cost thousands of dollars.
The ability to go out to "certain" websites and forums that can be a wealth of knowledge are unavailable on the typical military network. I can go home spend several hours combing through different forums and "practice" sites that teach you attack and defend various things across a network and learn about the tools of the trade. I am not saying open these up to us by any means, I am aware of the risks to my home network and equipment just by visiting these sites are out there. This is the same for any aspect of IT, Cyber, or whatever word you want to fill in there for technology in general, the community is your friend, not just certs.

Response by SGM Paul Shenep (R) made Dec 3 at 2014 1:07 PM

SGM Paul Shenep (R) — Wed, 03 Dec 2014 13:07:16 -0500

Sounds like it would be difficult to throw money at this problem without getting a 6-8 year commitment and ensuring these guys and gals get access to the best possible training venues and exercises while maintaining all of the Military requirements. I am familiar with the same problems with the ole' MOS 96/97 series. I am hearing you loud and clear that the life cycle of the 25 series is 3 to 5 years. Same here, hire more contractors and civilians and build more reserve units so these Soldiers have more options when ETS; hence, you can mobilize them when you need them to fill gaps. Allow Commanders to request and use known sources (Reservists or real people) in planning their missions from the civilian/contractor sector.

Response by COL Private RallyPoint Member made Dec 3 at 2014 11:45 PM

COL Private RallyPoint Member — Wed, 03 Dec 2014 23:45:36 -0500

two words. PROFICIENCY. PAY.

we do it for doctors, pilots, and others. these skills are EXTREMELY valuable, take many years to develop, and are perishable. gotta pay to play

Response by SFC Ricardo Ruiz made Dec 6 at 2014 10:43 PM

SFC Ricardo Ruiz — Sat, 06 Dec 2014 22:43:23 -0500

OPSEC

Response by SFC Private RallyPoint Member made Dec 7 at 2014 8:11 AM

SFC Private RallyPoint Member — Sun, 07 Dec 2014 08:11:33 -0500

I don't want to sound like a jerk here but you cannot retain Service Members for cyber as they will be head hunted by contracting companies, who will blind them with those 6 figure incomes. Its hard for a PFC who makes 25k a year to say no to a 125k a year job after ETS, they still do their part for the national defense but make way more money doing it.

I not saying its right but its the way it is.

Response by PO2 Robert Lee made Jan 11 at 2015 11:57 PM

PO2 Robert Lee — Sun, 11 Jan 2015 23:57:36 -0500

I believe that if you want to increase the Military Cyber Command, they should follow the FBI and CIA's recruiting guidelines. Overall the Military has a lot to offer the Hacker/programmer. There are many services that provide incentives to kids and young adults that could design circles around the "cybertest". A good "cybertest" would be to design a site that has a 9-14 key encrypted physical firewall that has a prize for the first 100 hacker/programmer to get a specific file.

To make this site, it should be setup on a stand-alone super-computer within the DOD or NSA network with current DOD and NSA operatives monitoring all intrusions to make sure that all participants follow the regulations of the "game".

As a former military data processing operator, and civilian hacker/programmer. I know that the Navy and the Air Force have lots to offer prospective Cyber Soldiers. The Army doesn't have the finances to entice any of the prospective Cyber Soldiers unless they restrict the current civilians that are currently working in the Cyber Command.

Response by CW2 Private RallyPoint Member made Jan 12 at 2015 2:03 PM

CW2 Private RallyPoint Member — Mon, 12 Jan 2015 14:03:09 -0500

Here's one way:

Stop letting intel guys "parachute" into signal's domain.

I tried applying at cybercommand, and I actually got an offer for another contractor position up there. However, both times I was told "We don't need signal guys. We need intel guys. It's easier to train an intel person on signal than a signal person on intel."

In fact, many interviews for cybersecurity contain one block to check, "Do you have a TS/SCI?" If yes, then you're hired. If not, then you are sent home.

Does anyone think Vlad or Kim would turn away computer experts in lieu of intel? I think not.

That, my friends, is why we are losing the cyber war.

Response by SFC Private RallyPoint Member made Feb 4 at 2015 3:46 AM

SFC Private RallyPoint Member — Wed, 04 Feb 2015 03:46:52 -0500

DoD will never build a strong Cyber team. First of all the requirements are a little too high for many interested in becoming a 25D. When the Army started the program I was ineligible because I didn't have a TS/SCI which is the case for the majority of the otherwise qualified people. A simple way for the Army to build a strong Cyber team is find all soldiers that meet the requirements, test them and send them to school for reclassification. The whole packet process is absolutely ridiculous, using the packet process will give the same results as the Warrant packet. You will get people to apply for all the wrong reasons, now it's for the quick promotion the MSG or SGM, great job after exiting military service with absolutely no interest in performing the duties and responsibilities associated with the job. I planned on submitting my packet, in fact it's been done since August but being held up by my BN CSM's reluctance to have the BN Commander write the letter of recommendation. Why my BN Commander is the only one who can write the letter is beyond me. My SR Rater is a Signal LTC, my reviewer is a Signal COL, so who would better be able to speak about my abilities than those that I perform for daily?

As far as maintaining a strong cyber force, goes back to those applying for all the wrong reasons. In order to maintain a strong cyber force you would have to start with one. Some people actually do what they do for the love of what they do, but those are the people that don't want to abandon the 25B MOS because we loved what we do in the Army. Maintaining it will be easy with the right people in the program. Those that are just interested in easy promotion, or earning potential after the Army are exactly who you don't want.

Response by SSG Private RallyPoint Member made Mar 31 at 2015 3:45 PM

SSG Private RallyPoint Member — Tue, 31 Mar 2015 15:45:36 -0400

I see a lot of good responses here. I'm in the process of reclassing to 25D: Cyber Network Defender (already have a school date and follow-on assignment and all that) and the pay is one thing that stands out, but another is just getting away from the bureaucracy. I had a letter of acceptance and was told I was getting assigned to one of the new Cyber Protection Brigades and I was ecstatic; this was literally a dream come true for me. I spent 6 years in college earning multiple masters degrees and various civilian certifications in computer network and cyber security specifically, with a near perfect 4.0 GPA and aptitude scores that are almost off the charts. But, between my retention NCO (I'm currently a recruiter, so he's 3 states away) and HRC, it took more than 6 weeks just to rectify some issues with my record in RETAIN and initiate the reclass process. In the mean time, the CPB filled up so I lost my spot, and now I'm going to Korea, directly from a recruiting assignment. I've reached out to every person I can think off, and no one will even give me the time of day when it comes to requesting a spot in the CPB, so at this point my motivation is to finish this training and the associated 36 months, and then try to get into the CPB from the civilian side. Heck, I'd even consider going indef if I could get a CPB spot, but "needs of the Army" it is.

The Army needs to come up with a way to screen Cyber candidates that are not only "qualified", but also have an intense passion for the field, and give them assignments to reflect that. I'm not going Cyber because it's "cool", but because I'm very good at it and want to do it more than anything. Dropping me in the middle of an Air Cav S-6 in Korea to "defend" a small network consisting of maybe a few hundred computers is not the kind of thing I had in mind when I heard the Army was putting together a Cyber Warfare specialty.