Broad-based, practical training for early-career cyber professionals
As a national security laboratory, one of Livermore’s missions is to defend the nation’s critical digital infrastructure and assets, about 80 percent of which are owned and operated by private industry. To meet this challenge, the Laboratory must foster and maintain a cadre of cyber security professionals who understand cyber threats and can develop cyber solutions for both the government and private sectors. A collaborative program launched by Bechtel National, Inc. (Bechtel) in fiscal year 2015, in conjunction with Lawrence Livermore and Los Alamos national laboratories, aims to help attract and train such individuals.
The Cyber Career Development Program (CCDP) is an accelerated training regimen in which early-career cyber defense specialists are rotated among the three institutions to give them a broader view of cyber defense and leverage the strengths of each program partner. Livermore’s chief information officer, Doug East, notes, “This program will provide recruits with experience in the labs’ national defense research and development culture and hands-on experience in Bechtel’s global cyber operations. Our goal is to produce cyber defenders with first-hand knowledge of the security challenges faced by private industry and the tools to address those problems.”
“The rotation program also fills a skills gap between Livermore’s highly successful cyber defenders student internship program and positions for the experienced information technology (IT) or cyber security professional,“ notes Matt Myrick, the cyber security architect leading Livermore’s program. In fact, Myrick envisions the student program as providing the ideal pipeline for CCDP, which targets individuals with bachelor’s or master’s degrees.
“We treat them like new employees, but we give them some training wheels,” Myrick says. “They participate in our morning scrum meetings and in group chats, and we give them bite-sized projects to start with that introduce them to our methodologies, tools, and the Lab.” And while CCDP does provide some introduction to the more research-oriented cyber work performed at the laboratories, it is primarily operationally focused. “Participants are dealing with problems that need to be solved today,” he says.
Under the initiative, each of the three institutions identifies a recruit every two years. Program participants spend the first year working at their home institution, followed by six months at each of the other two sites. The first two years of the program are funded by Bechtel. In the third year, they return to their “base” for a regular assignment. At this point, they should have a solid understanding of both the government and the commercial cyber security spaces—a unique perspective—and have begun to develop a network of professionals from which to learn and with which to share ideas. Karl Georgi, chief information officer for Bechtel’s nuclear, security, and environmental organization and an early proponent of CCDP, observes, “Our expectations are that those personal relationships will give the graduates a professional edge in this competitive field and thereby continue to improve the security posture of our respective institutions.”
Livermore’s first program participant, Jim Klopchic, has enjoyed working with and learning from seasoned cyber professionals. “It has been incredible to not only absorb understanding of best practices in areas such as forensics, incident response, and security infrastructure but also have my thoughts and—for lack of better terms—wisdom of youth respected and taken into account in decision-making processes,” Klopchic says.
Matt Myrick | firstname.lastname@example.org