Improving Cyber Workforce Training in State and Local Governments

Improving Cyber Workforce Training in State and Local Governments

Industry Perspective

THE STATE OF CYBER WORKFORCE TRAINING IN STATE & LOCAL GOVERNMENTAs nearly half of public servants

approach retirement age, govern-

ment is scrambling to find new

talent. Yet as agencies compete

for new hires, they often find that

recruitment time, pay and other

benefits fall short of private-sector

equivalents. While this is a con-

cerning issue for all government

fields, it is specifically alarming

when it comes to fields like cyber-

security that require highly trained

professionals to safeguard our

infrastructures.

Particularly at the state and local levels, the number of cybersecurity-related jobs already outnumbers people qualified to fill them, and that demand is growing rap-idly. To counter that shortage, some organizations are creating new strategies to organize and recruit cyber professionals.

For instance, the National Cybersecurity Workforce Framework from the Department of Homeland Security (DHS) provides a blue-print to categorize, organize and describe cybersecurity work into tasks, knowledge, skills and abilities (KSAs). The Workforce Frame-work provides a common language to speak about cyber roles and jobs, helping define professional requirements in cybersecurity. Such frameworks are especially important to help government agencies define where their cyber professionals are lacking and where they could improve training methods.

Yet more must be done to fill the gap between skills and cyber risks. Many agencies are considering innovative ways to use their current staff, including non-IT professions, to bolster cybersecurity. To accomplish that goal, government organizations at all levels are teaming up with private industry to train a more competitive cyber workforce.

Building and training the cyber workforce in government will take time and serious collaboration. Government needs to invest in:

X Educators to create programs aligned to cyber professions;

X Students to graduate with knowledge and skills that em-ployers need;

X Employers to be able to recruit from a larger pool of more qualified candidates;

X Employees with the necessary skills and better-defined career paths and opportunities; and

X Policymakers to set standards to promote cyber workforce professionalization.

It’s increasingly important for agencies to develop the right training programs for cyber technology, build situational awareness and address the serious gap in cybersecurity knowledge for IT staff and all employees. But achieving these objectives will be challenging, es-pecially for state and local governments that have smaller budgets and fewer personnel than their federal counterparts.

In an interview with GovLoop, Aaron Cohen, Director of Product Management and Cyber Security Services, and Jim Drain, Cyberse-curity Services Official in the Federal Sector at Symantec, discussed the challenges facing the state and local workforces as well as solutions to better train cybersecurity professionals and all agency employees.

In this report, we explain how your organization can better enable cyber staff through training, testing employee skill sets and utilizing intelligence with data and analytics to make smarter decisions and respond appropriately to cyberthreats.

2 Cyber Workforce Training

“We need to get people access

to the correct training and

understanding of their roles and

functions, so they can effectively

perform their tasks in state and

local governments.”

Industry Perspective 3

Today’s threats are composed of targeted, malicious and persistent attacks seeking to acquire sensitive and valuable information – and we tend to hear a lot about major breaches against high-security federal agencies. But many people don’t realize that state and local governments are also prime targets for increasingly complex cyberthreats.

For example, South Carolina and Utah both experienced significant data breaches in recent years. In South Carolina’s Department of Revenue, an international hacker who hacked into a South Carolina database compromised the data of 6.4 million individuals and businesses. The hack cost the state over $25 million in credit mon-itoring services, legal help, citizen notifications, and more. In Utah, cyber criminals managed to hack into the database containing the personal information of over 750,000 Medicaid recipients.

South Carolina and Utah are not alone. What’s more, incidents like these are especially troubling given the unique circumstances of cities and states. Not only are they strapped for resources, but they also tend to have less sophisticated cyber training methods and pro-grams compared with their private and even federal counterparts.

Because many state and local cybersecurity teams are under-bud-geted and short-staffed, they often lack the skills to distinguish cyberthreats and know what to do when facing an attack. Develop-ing these skills is critical to safeguarding your agency – and that’s where training your entire workforce comes in.

Cybersecurity is everyone’s job. As Cohen explained, “It’s just as much about making sure that all of the users across an organiza-tion are practicing the most secure learning methods as it is about attracting talent within security.”

“We need to get people access to the correct training and under-standing of their roles and functions, so they can effectively per-form their tasks in state and local governments,” Drain said.

What’s even more important is for all employees to know that cybersecurity is a priority and that every organization is at risk.

“It’s not to say that there aren’t training paths for people to learn cybersecurity,” Drain said. “There’s just not a lot of practical knowl-edge in that field. It’s just too textbook right now. Applying cyber training in a practical context is much different than when you need to read up to understand more about your adversaries and what cyberthreats are out there.”

Practical training methods include more realistic simulation training where employees and cyber practitioners alike are provided with real steps to take before, during and after an attack, rather than hypothetical knowledge.

Equipping the state and local cyber workforces to avoid scenarios like in South Carolina or Utah not only requires attracting more cyber talent; it also requires giving all employees the tools and training to identify and combat cyberthreats. Symantec specifical-ly works to strengthen cybersecurity training through engaging content, assessments and trainings on information security. The company has training services and tools for both IT security staff as well as non-IT staff, to ensure everyone is equipped with the necessary information to do their job securely.

THE NEED FOR BETTER CYBER TRAINING

Jim DrainCybersecurity Services Official, Federal Sector, Symantec

4 Cyber Workforce Training

As part of your efforts to empower employees, it’s important to train even your non-IT personnel to identify cyberattacks.

One specific tool Symantec provides to achieve that goal is Phishing Readiness, which conditions all employees to recognize and report attacks. Ultimately, the tool effectively prepares your employees to act as your organization’s first line of defense.

How? Symantec Phishing Readiness gives organizations the ability to carry out simulated phishing attacks from a simple, centralized platform. With this tool, you can create and deploy targeted emails and analyze employee behavior using detailed metrics to assess your organization’s susceptibility to phishing attacks.

“These results are used to report back metrics on the phishing at-tacks to better deliver appropriate training to people who are more prone to fall victim to such attacks,” Cohen said.

PHISHING READINESS FOR SPECIFIC THREATS

Another useful tool for your IT security teams is Symantec’s Cyber Security: Simulation Platform. This is a web-hosted service with immersive and hands-on access to exercises for offensive cyber events, inspired by real-life security scenarios. “We try to introduce very technical, hands-on training for security professionals so they can see how threats and vulnerabilities could affect their organi-zation,” Cohen said. “They can also walk in the attacker’s footsteps.” These simulation events are designed to ensure your teams are ready for worst-case scenarios.

Using Phishing Readiness, you can better train your employees with the following assets:

Unlimited assessments to all employeesYou can assess your employees and users as often as desired. Import and reach out to as many users as needed to educate the entire organization effectively.

Fully customizable templatesUse templates that are frequently refreshed for each type of assessment. Customize your assessments to match specific organizational branding, messaging, culture or language.

Multiple assessment types Target emails with specific attack vectors, and gather detailed metrics through email opens, link clicks, attachment opens or data expo-sure and leakage.

Integrated user trainingIntegrate education during and after assess-ments based on user response. You can choose immediate delivery or automated follow-up for maximum user engagement.

Dedicated private instances Control and manage private instances of your webpages to keep your information and metrics secure.

Detailed reporting features Run reports on key user details and behav-iors. Discover and manage geo-located user activity, completion statistics, vulnerable clients and activity trends to show ROI.

USING DEEPSIGHT INTELLIGENCE FOR SITUATIONAL AWARENESS

Industry Perspective 5

Training alone, however, is not enough to equip your cyber work-force. You must also empower your IT security staff with data and information. That’s why Symantec offers tools like DeepSight Intelligence to help organizations learn from common cyber defense pitfalls while incorporating threat intelligence into their security programs.

DeepSight Intelligence is a tool that harnesses data and analytics to help users synthesize information to create threat intelligence. It works as a data feed that provides intelligence to helping the IT se-curity team understand current risks and helps them prioritize on what they should focus on. This tool equips your teams with action-able cyberthreat intelligence to make better and faster decisions about cybersecurity risk. When you use DeepSight Intelligence, your agency harnesses the power of experienced teams through the Symantec Global Intelligence Network, an expansive civilian threat collection network. With this network, you can track over 700,000 global adversaries worldwide.

“DeepSight gives you a better overall view of different types of cyberthreats and data on vulnerabilities,” Drain said. “You can then prioritize your agency’s cyber vulnerability areas.”

Decide what you need to address immediately as a Tier One – or highly urgent – type threat and decide what can be moved down the list of priorities. That’s where data analytics comes into play. Use data analytics to break down big data on cyberthreats into manageable components for your organization.

Using big data analytics, you can synthesize various types of events and cyber attacks to distinguish which is malware, malcode or even something your agency has never seen before. The data then gets pooled into a web portal and data stream, which can be consumed by cybersecurity tools like firewalls. This data will ultimately help you to harness vulnerability, malware and reputation intelligence to improve the effectiveness of your analyst teams and your existing security infrastructure.

Overall, DeepSight provides rich contextual information to help you focus on what is relevant, what is not and how to implement counter measures, providing insights into:

X Active campaigns and threats

X Up-to-date threat indicators

X Threat origination

X Goals and techniques of threat actors and groups

X Tactics to mitigate future cyberthreats

“DeepSight is a big data machine,” Drain said. “These types of tools help speed up an organization’s ability to deal with problems, prioritize those problems, understand what they are and get quick access to a single view of the scope of problems where they can rapidly respond.”

With DeepSight, you can utilize data analytics and actionable intel-ligence to improve situational awareness for your entire organiza-tion. It is important that your cyber staff and employees in general all better understand your organization’s cyber environment to improve detection and response times to cyberthreats.

CONCLUSION

6 Cyber Workforce Training

FOUR STEPS TO A BETTER CYBERSECURITY WORKFORCE

“People are your first line of defense,” Cohen said. “If your people aren’t trained properly, you could have all the technology in the world and it wouldn’t matter.”

Building the government cyber workforce requires training an organization from the lowest to highest levels. Whether it’s a Chief Information Officer or a new intern, everyone in an organization should have increased situational awareness of the cyber environ-ment and be able to tell cyberattacks apart so they can act as a first line of defense and respond accordingly.

Symantec offers a wide range of tools to help organizations culti-vate their training programs and workforce. These tools are spe-cifically catered to help train individuals for better cyber situational awareness and to help users better identify vulnerabilities as well as different types of cyberattacks.

With continued commitment to growing, educating and training the cyber workforces, state and local governments can stand a better chance of countering the increasingly complex cyber attacks of today.

12

34

Make cybersecurity the job of everyone—not just your IT staff

Support learning with tools that make cyber scenarios real and understandable

Equip your professionals with technologies to draw actionable insights & conclusions from your cyber data

Move beyond awareness by creat-ing informative, functional training programs for all employees

GovLoop’s mission is to “connect government to improve govern-ment.” We aim to inspire public-sector professionals by serving as the knowledge network for government. GovLoop connects more than 250,000 members, fostering cross-government collaboration, solving common problems and advancing government careers. GovLoop is headquartered in Washington, D.C., with a team of dedicated professionals who share a commitment to connect and improve government.

For more information about this report, please reach out to info@govloop.com.

ABOUT SYMANTEC

ABOUT ITS

ABOUT GOVLOOP

Symantec helps federal agencies develop and implement compre-hensive and resilient security strategies to reduce risk and meet Cross-Agency Priority Goals, the NIST Cybersecurity Framework, the Joint Information Environment and other federal mandates.

ITS is an IT service firm specializing in Productive IT Management. We specialize in helping large IT organizations that are trying to meet the service demands of a highly consumerized workforce but find themselves bogged down in the mundane, time-consuming side of IT management. We created a maturity model we call Productive IT Management that helps large organizations get to a higher level of productivity in key IT functions under Service Management, Asset Management, Endpoint Management, & Risk Management.

Industry Perspective 7

1152 15th Street NW, Suite 800 Washington, DC 20005Phone: (202) 407-7421 | Fax: (202) 407-7501

www.govloop.com@GovLoop