To advance cybersecurity skills, DoD needs real-world practitioners

Cyber Shield participants compete in the annual “NetWars” games during the Cyber Shield training event held at the Virginia National Guard State Military Reservation in Virginia Beach on June 7th, 2024. SANS NetWars focuses on the practical application and assessment of hands-on cybersecurity training. The cyber range enables individuals to apply the knowledge they gained during training week in an isolated environment that prepares them for exercise week. (North Carolina National Guard photo by Staff Sgt. Hannah Tarkelly).

The cybersecurity skills challenge across the Defense Department and the defense industrial base seems to compound daily as data breaches proliferate and information warfare takes on new directions with the introduction of artificial intelligence.

Breaking Defense talked about the challenges and opportunities that cybersecurity training affords both the DoD and industry professionals with Bri Frost, director of curriculum for IT operations and security content for Pluralsight.

Breaking Defense: Describe the challenge that DoD faces in cybersecurity skills across the defense industrial base, and how the DoD 8140 directive governs cybersecurity training and certification.

Bri Frost is director of curriculum for IT operations and security content at Pluralsight.

Bri Frost: Working with many different agencies across the DoD is inherently going to cause discontinuous policies and procedures that impact skills and training. DoD 8140 solves some of those problems by creating a framework of the roles that we want to build within a cybersecurity workforce.

If you were to ask different people to define a security engineer and their role, you would get a huge variance in what that role’s tasks and responsibilities are. As defined by DoD 8140, however, the DoD Cyber Workforce Framework (DCWF) identifies the baseline knowledge, skills, tasks, and abilities for each particular work role within cybersecurity.

The DCWF lists out 72, soon to be 73, work roles within the cybersecurity space. Cybersecurity bleeds into all technology and we strongly believe that all technology sectors should work with cybersecurity in mind. Whether you’re a developer, working in AI, data, or cloud engineering, cybersecurity is part of your role and part of your responsibility.

DoD 8140 keeps training consistent. To be able to sit in a particular role, a technologist has to submit proof of relevant training. 8140 provides a matrix that allows for multiple ways to prove foundational qualifications: a degree from an accredited academic institution, a certification from a certification vendor, and accredited training programs. Pluralsight offers an accredited training program for technologists to prove their foundational qualifications.

How does it work?

We’ve designed the Pluralsight Accredited Training (PSAT) program to start off with what we call a Skill IQ or skill assessment. You take 20 to 25 questions to measure your current knowledge base within a particular work role, and it identifies your strengths and gaps within that particular work role.

We mapped our content directly to the knowledge skills and abilities, the KSAs, of every single work role, which gives you a training path of content. It starts out with the essentials. What are the fundamentals that you need to know for this work role? What does your day-to-day look like?

If you’ve been sitting in that role, what are the more advanced topics to build out your skillset within that work role? And then, what is the adjacent knowledge that you need to have as you branch into other topical areas?

Cyber Shield is the longest-running and largest Department of Defense cyber exercise that is composed of approximately 900 N.G. and Army Reserve Soldiers, Airmen, civilian cyber professionals, and international partners from across the globe. (North Carolina National Guard photo by Staff Sgt. Hannah Tarkelly)

Where are the opportunities for the DoD if cybersecurity training challenges can be met, and what are the sort of job opportunities that will open up for individuals?

Cybersecurity is consistently changing. There are new exploits, tools, and technologies. Just think about how AI has disrupted the industry in the last couple of years. As security practitioners, even if you have worked in the same role for 10 years, you have to constantly be keeping your skills up to date with the newest threats.

Working for the DoD, it is instrumental that you stay up to date on those threats. Keeping your training up to date is imperative sitting in these roles.

Most of us in the industry have some kind of certification or four-letter credential at the end of our name, meaning we’ve read a textbook, we’ve sat in a classroom, we’ve watched a training video, and we’ve passed a multiple choice question test. That, however, doesn’t give me practical hands-on experience to go sit down in a seat, put my hands on a keyboard and do a job.

Pluralsight’s accredited training program has hands-on labs exercises and experiences to build confidence for DoD agencies that the training that they’re providing gives practical application experience so they can take it from our platform and put it directly into their work role.

Tell us about the learning paths at Pluralsight, and how they ensure DoD 8140 compliance for Cybersecurity Workforce Element personnel.

The 13 cybersecurity work roles mandated by the 8140 regulation were submitted for this year February of 2025. We have built training paths for those 13 work roles which all include the Skill IQ’s I talked about earlier.

For example, within the cybersecurity workforce element, one of the ones that everyone flocks to is the cyber defense analyst. That is where we have most of the workforce because cyber defense analyst is a more general role that people start at with cyber defense. They’re the ones monitoring, searching for anomalous behavior, making sure they’re monitoring network traffic and alerts for our systems.

The training path for that, as I mentioned, is matched directly to the KSAs for the Cyber Workforce Framework for training on Pluralsight’s platform and learning path. Users can take the path from top to bottom, working on hands-on experiences within that lab and learning how to monitor and identify malicious traffic that they can then use in their day-to-day

What’s the value of hands-on learning with labs and sandboxes?

I strongly believe that to be able to teach cybersecurity, you have to teach practical hands-on skills because if you haven’t put your hands on the keyboard and learned how computers or networks or operating systems work, I think you’re truly doing yourself a disservice working in the security space.

All the security skills we teach – from fundamentals to advanced tasks, we embed hands-on lab experiences within each.

Our sandboxes, specifically, are some of my favorites that I’ve designed. We’ve built an attack simulation app where you can pick a particular type of attack and it simulates the traffic. Then the learner can choose whatever defense tool or program they want to use, whether it’s an intrusion detection system or a network sniffer. They can go deep into the sandbox and find that anomalous behavior. It’s a safe environment to go test different types of attacks so you’re not putting it on a production environment or your own endpoint.

Final thoughts?

The 8140 initiative is moving in a direction to increase training and evolve the way that we teach cybersecurity to align under the same mission and advance our cybersecurity workforce cohesively.

At Pluralsight, our focus is on practical application with more effective and efficient learning, identifying your skill gaps, and bringing efficiency to the time that you spend on the platform learning.

Cybersecurity professionals don’t have a lot of time in general; we’re generally very busy. There’s a large need for cybersecurity professionals, so we’ve designed the Pluralsight platform to make the most effective use of your time to build skill sets as quickly as you can.