This summer, the Department of Commerce is finalizing a new policy requiring professional certification for several information system security positions, and has established the Cyber Security Development Program (CSDP) to assist employees in meeting these requirements and enhancing their competencies.

“As we began developing the new policy, we realized we needed a vehicle to support learning and information exchange among our different operating units,” said Carolyn Schmidt, Program Manager for IT security awareness, training, and education at the CIO office of the National Institute of Standards and Technology (NIST), one of Commerce’s 12 bureaus. “I believe we are the first civilian agency to require certification.”

Developing a Skilled Workforce

The CSDP, which kicked off in May with 20 participants, aims to increase competencies in three areas:

• Leadership, which is developed through mentoring, working groups, and exposure to senior security leadership.
• Expertise, which is developed through group projects and activities designed to bridge knowledge gaps and enhance technical and functional skills for particular system security positions.
• Communication, which is developed through workshops, discussion groups, presentations, assignments, and security-related books and periodicals.

Program participants meet monthly but must dedicate several hours each week to studying and completing assignments. The CSDP leverages existing resources, such as the agency’s mentoring program, and taps the expertise of other government agencies through activities including tours and guest speakers. Supplemental training and professional examination are also required components of the program.

Cross-pollination and Peer Networking

To be eligible for the CSDP, employees must serve in a role the agency defines as significant to cyber security, including IT security officers and information system security officers. Rather than “reinventing the wheel,” said Schmidt, Commerce aligned its policy with the Department of Defense Directive 8570, which provides guidance and procedures for the training, certification, and management of the DoD workforce that conducts Information Assurance functions in assigned duty positions.

One of the criteria in selecting nominees for the Commerce program is ensuring there is equal representation across the organization. “We want to breed cross-pollination and peer networking,” Schmidt said.

At the end of each program cycle, the top one to three performing participants will be selected for recognition upon completion of their CSDP certificate.

“The program is currently only for Commerce employees, but the framework could be used by any agency,” Schmidt said.