DOD grapples with the future of its cyber workforce

"I think the divide between the need is growing compared to what we’re able to fulfill. I’m not sure we’re closing the gap, and time is ticking for us to do so," Lt. Gen. Dennis Crall, CIO of the Joint Staff, said during a hearing.
Marine Corps Lt. Gen. Dennis A. Crall, Joint Staff J6 Director and the Joint Staff’s Chief Information Officer, welcomes attendees to the JADC2 Data Summit at Aberdeen Proving Ground, Md., and highlights the importance of the event in setting the stage for Joint data standards, Jan. 26, 2021.

Over recent years, the Department of Defense has put a number of program and policy initiatives in place to make it easier to recruit and hire cybersecurity personnel to support the military’s increasingly digital mission. And yet, the department continues to struggle, like others across government, to make meaningful progress in narrowing its cyber skills gap, top IT officials testified this week.

“I am concerned about the pace” at which DOD is hiring and training cyber personnel, Lt. Gen. Dennis Crall, CIO of the Joint Staff, said during a hearing before the Senate Armed Services Subcommittee on Personnel on Wednesday. “I think the divide between the need is growing compared to what we’re able to fulfill. I’m not sure we’re closing the gap, and time is ticking for us to do so.”

Veronica Hinton, acting deputy assistant secretary for defense for civilian personnel policy, described the DOD as “one of the three largest markets” for cybersecurity talent in the U.S., competing in the ruthless battle with big tech companies and others in the private sector for top personnel out of college. To improve the department’s chances in this battle, Congress has approved hiring and pay flexibilities like the Cyber Excepted Service not afforded to other agencies, while the DOD itself has worked to streamline its recruitment and better work with industry and universities.

While those initiatives in earnest are meant to work toward narrowing the skills gap, Crall said it might not be enough to keep up.


“The digital nature of the fight that we expect, especially at pace and speed, is going to demand a workforce and talent level that we have not seen before,” he said. “The human-machine interface brings a demand that is going to have to be found, cultivated, educated and implemented to get that level of experience as we learn and work our way through this new capability set.”

Continuing, Crall said, “I’m not absolutely certain” the military will be able to get “the right talent delivered at the right time.”

Admitting his take as “more sobering” than his colleagues’, Crall pointed to DOD’s limited understanding of cyber professionals as the glaring issue. “I don’t think we know our target audience as well as we need to. We need to find out what really motivates individuals to want to serve in the capacity that we’re offering.”

He also said the department must do a better job at evaluating the programs and policies set in place to bring on cyber talent. “While they’re interesting to approach and employ, they may not all deliver in the way that we expect.”

Acting DOD CIO John Sherman acknowledged too that there is “still work to be done” and that “we need a more holistic north star” to guide the department’s cyber mission, saying his office will prioritize developing a new cybersecurity strategy to update the previous version from 2018.


“We’ve put many of the key foundational mechanisms in place and have actively leveraged the tools at our disposal,” Sherman said. “But we must build on the progress by updating our overarching strategy to ensure our workforce is prepared to implement zero trust and the other latest approaches to defending our enterprise.”

Sherman really emphasized zero trust as an emerging concept that will widen the aperture for the types of skills the DOD will need to consider for cybersecurity moving forward. “For this and other evolving cyber strategies, we can expect to draw an even wider range of skill sets in areas like data and artificial intelligence,” he said.

Likewise, Crall said it’s hard enough to plan for the cyber needs of the department today — thinking ahead, say five years, is even harder as the U.S. military moves closer to its sensor-driven, connected warfare operating concept of Joint All-Domain Command and Control (JADC2).

“We have not onboarded the very capabilities we need to employ: machine learning, autonomy, artificial intelligence, a real cloud-based environment, pushing that processing to the tactical edge and a reformed network,” Crall said. “So the speed with which that’s going to require us to operate is going to have a level of human-machine interface we’ve never had before. And it’s hard for me to believe that the force we’re looking at today is necessarily rightly aligned to that new mission set. We’re going to have to lead-turn this and keep a careful eye on what those skill sets are necessary to bring this on board.”

Billy Mitchell

Written by Billy Mitchell

Billy Mitchell is Vice President of Community and Content and Editor in Chief of FedScoop and DefenseScoop. He leads an award-winning team of reporters in providing breaking news and analysis on the ways technology is transforming the operations and services of the federal government and U.S. military. Prior to joining Scoop News Group in early 2014, Mitchell embedded himself in Washington, D.C.'s tech startup scene for a year as a tech reporter at InTheCapital, now known as DC Inno. After earning his degree at Virginia Tech and winning the school's Excellence in Print Journalism award, Mitchell received his master's degree from New York University in magazine writing while interning at publications like Rolling Stone.

Latest Podcasts