FRAMINGHAM, Mass. — The U.S. Army is having a hard time manning its IT staff because it cannot find military personnel with the right networking and IT security qualifications.
The Department of Defense (DOD) Directive 8570.01-M is a military regulation first published in 2005 with considerable detail on the workplace and related training and certifications that military personnel — and now contractors as well — must have to operate DOD-related information systems for information assurance purposes. But the problem for the Army at this point is that it doesn’t have enough personnel with the required training, said Lisa Lee, information assurance program manager for the Army’s enterprise information systems.
To cope with the shortage of certified personnel, the Army is altering its guidelines so that not as many individuals working in areas it calls “an enclave boundary” — defined as a specific set of routers and firewalls — will have to meet the previous requirements, said Lee, who spoke on the topic on behalf of the Army at the recent FOSE Conference in Washington, D.C.
With that change, the individuals who have the higher security credentials the military wants will be granted higher network administrative privileges and those at a lower certification level will have less, and likely make less money, she noted. “I was forced to do it,” she said. “We have some good people having trouble passing the tests. They’re just not good test takers.”
The alphabet-soup of security certifications, many of them well-known to the private sector, include specific sets of requirements oriented toward various designated security levels and network and operating environment, as listed on the Defense Information Systems Agency website www.disa.mil. The certifications include A+CE, Network+CE, SSCP, GSEC, CISA, GSE, CISSP, GSLC and several more.
The Army pays for a lot of baseline training and certification for personnel through vouchers, but the problem now is that “the vouchers run out” and the Army is on the lookout for “as much free stuff” as it can get, Lee said. Contractors are responsible for paying for their own training, she said. And for some types of certifications, Army personnel have to shell out on their own, she added.
Lee also noted that if someone is a “valued employee, they’ll put you in another job” if a staffer fails to get specified certification. She said she’s seen people with IT security certifications who weren’t as good in their jobs as those who weren’t similarly certified.