A Webinar Featuring Mark Gorak,
Principal Director for Resources & Analysis, Department of Defense, Office of the CIO
On 9 February 2023, Billington CyberSecurity hosted a webinar featuring Matt Gorak, Principal Director for Resources and Analysis for DOD’s Chief Information Office and Dominic Delmolino, Vice President for Field Technology and Engineering at AWS.
The conversation focused on DOD’s cyber workforce—the largest cyber workforce of any organization in the world—and a host of cyber workforce initiatives being launched by DOD in 2023. The conversation also covered how DOD is thinking about changing cyber culture throughout the Department, and how their efforts stack up with other Federal Government cyber workforce initiatives.
Gorak began the conversation by highlighting DOD’s four major cyber workforce initiatives either underway or about to be launched in early 2023. Overall, he was excited about these efforts because they were comprehensive, designed to be better informed by data, and flexible in terms of maximizing DOD’s hiring authorities, better leveraging early and often assessment testing to expand who they hire and how they evaluate progress, and new ways to think about the right workforce retention over the long term. The four major initiatives are:
- A DOD Cyber Workforce Strategy which is likely to be announced in early March.
- A DOD Cyber Workforce Implementation Plan that accompanies the strategy and lays out a path for DOD cyber workforces to move the strategy forward.
- A new DOD Cyber Workforce framework (DCWF) which defines specific work roles and provides a development plan for each.
- A new update to its 8140 Cyber Workforce Policy Manual released in mid-February 2023, which provides a targeted, role-based approach to identify, develop, and qualify cyber personnel by leveraging the DoD Cyber Workforce Framework.
Overall, Gorak emphasized that each of these initiatives are designed to work in tandem to help DOD not only meet their cyber personnel needs, but also to help them better manage these needs as cyber expertise requirements change over time. All four include the flexibility to think about the entire DOD cyber workforce whether it be enlisted, civilian or contractor-based, and all four are designed to allow for interoperable development of these various workforce types as DOD’s needs change.
In terms of the new strategy, Gorak provided a sneak preview by highlighting that it had four pillars:
- Identification: focused on providing DOD better ways to proactively identify and match specific talent needs to changing DOD requirements over time.
- Recruitment: focused on identifying the right talent to bring in and doing it faster.
- Development: focused on building a pathway for talent to succeed and launching a continual assessment process to grow and leverage expertise across the entire cyber workforce.
- Retention: focused on identifying the right talent to retain and building the paths to allow them to do so.
To accomplish the above, Gorak highlighted a couple of key initiatives either underway or planned that need to happen to successfully meet the goals of the strategy. First, DOD/CIO had to find ways to better leverage their cyber workforce data to understand where they are in terms of needs and to provide more fact-based decision-making as it relates to filling key gaps and identifying how to do it. He was excited about the updated 8140 manual and framework which identifies 74 cyber work roles (as compared to the 54 highlighted by the Federal NIST standard) and provides key development goals for each. He believes that this new data will ultimately help DOD better assess where the true key gaps are in terms of cyber talent placement, and allow them to better predict how to meet this need—ie. Hiring, more contract support, or lateral enlisted movement—over time.
In terms of development, Gorak mentioned the workforce strategy’s goal to develop “clear pathways” for each of the new cyber job elements that will provide newly hired cyber officers a roadmap for success. In addition, the strategy calls for the Department’s cyber teams to provide mentors to each of these new officers to help with the onboarding and early development process. As the new officers grow, they, in turn, will be leveraged as mentors. On the contractor side, Gorak wanted to see more creative and risk-taking approaches towards “hostage exchanges;” where private organizations and DOD swap their cyber staffs over time to provide each with different perspectives, different views of mission, and different ideas on how to problem solve under different situations.
In terms of hiring, Gorak pointed out that DOD was currently overhauling its HR training to make HR officers from across the department better aware of DOD’s 52 different authorities that could be used to hire cyber talent; a training effort he believed would ultimately help in bringing in new talent. Gorak also stressed the need for DOD to get more creative about finding talent. For example, he highlighted the need to think outside the box of traditional qualification requirements of potential applicants citing the need for better assessment tools to showcase experience that could be used as well as traditional certifications and college degrees. He also believes that enhanced marketing at the high school and university level—whereby DOD teaches the teachers and professors how to market DOD options—will also go a long way to broadening the appeal, and ultimately the candidate pool for DOD recruiters. He also lauded current programs such as the Scholarship for Service efforts whereby the government will pay for education with a 4 year pay back as great tools, but highlighted that more programs like this were needed to meet the demand.
In terms of challenges, Gorak quickly pointed to two that he believes the DOD struggles with daily in terms of talent: Scale and Culture. With the largest cyber workforce in the world, DOD continues to struggle with pure numbers to meet their demands. He does believe that the new initiatives will help address this problem, particularly in identifying key cyber needs in time and in more quickly hiring new employees, but he says he is open to new ideas on how to address DOD’s insatiable demands.
On culture—which he believes is and will continue to be DOD’s biggest challenge—Gorak emphasized the importance that flexibility and innovation will play in the new workforce strategy to help address this challenge. The new strategy as mentioned previously looks to tackle DOD’s cyber workforce challenges holistically by collectively looking at its enlisted, civilian, and contractor workforce as a collective whole and provides consistent talent measurement and assessment tools that cyber teams from across the department can leverage that will allow DOD to move talent where needed faster over time. With that said, he highlighted, once again, his openness to trying new things, failing, learning from the effort and trying again.
Gorak also pointed out that DOD has a wealth of things going for it as it relates to finding and retaining talent. It has a global national security mission that provides a wealth of unique life experiences for its workforce. While it likely will never be able to fully compete with the private sector in terms of pay, it does offer some of the best compensation packages in terms of long-term health care, retirement, and local market living offsets in the business.
Overall, Gorak was upbeat about DOD’s new initiatives, believes they will help in meeting the Department’s cyber workforce needs not only in bringing in new talent, but also developing that talent as DOD’s needs change.
To view the entire webinar, please click here.