09 Nov 16. As the military steeps itself deeper into the realm of cyberspace domain, leaders are realizing that they must modify existing practices. Hackers and IT workers have always been associated with hoodie-wearing teenagers sitting in their parent’s basement, but now the military is building its cyber forces, which recently reach initial operating capability. The effort requires training traditional soldiers to become “cyber warriors” with intimate technical knowledge, and as such, the Pentagon is undertaking a series of pilots and prototypes to better understand learning practices and teach cyber skills.
These prototypes are “designed to understand the best learning practices to teach someone the cyber effects skills that we need in the department,” both offensive and defensive, said Frank DiGiovanni, director of Force Training in the Office of the Assistant Secretary of Defense for Readiness, who is spearheading the pilots. “So these aren’t training courses but the intent is to prototype different types of learning practices so we can get the” best approach to teach people this new skill set.
In an interview with C4ISRNET, DiGiovanni explained that the purpose of this training prototype is to develop better training programs by improving the way information is taught. He said the Defense Department is in a competition with the private sector to attract and retain top talent in the cyber field. “Really what this course is doing is are there efficiencies — can we improve the speed as well as the level of competence of our graduates?” he said.
Part of the course was modeled after interviews DiGiovanni conducted, initially, with 21 of the nation’s top hackers, whom he asked one simple question: If you were going to hire someone to replace you at your company, who are you looking for?
DiGiovanni said the answers he received from these individuals was a set of traits; not technical traits, but personality characteristics. “I wanted the learning practice to understand that person they needed to recruit and then the learning practice would amplify those traits in the individual as they went through our training,” he said.
In public appearances and several interviews, DiGiovanni has said there are only about 1,000 individuals in the nation that are qualified to operate at the top levels of hacking DoD is interested in. Based on his research, he said there seems to be a coalescence around approximately 1,000 individuals in the country – both in the public and private sector – that are referred to as a master hacker. “These are not your journeymen, but master hackers that have very high end skills when it comes to being able to look at an operating system or a network and find the vulnerabilities that we need to find to protect the cyber infrastructure,” he said. “These are very high end people.”
It’s important to understand who these folks are, he said, in order to attract them to DoD. “What are their traits, how [you] identify them and how [you] help them to amplify those traits and skills,” he described as one of the pillars of his cyber training prototype.
The prototype is designed around six months of very focused set of curricula, he said. Based upon research he has done and experts he’s spoken with, DiGiovanni said high level skills can be taught in six months.
DiGiovanni has described this in the past as taking cable pullers to cyber warriors in six months, including anecdotes of cable pullers from Fort Meade that went through the program. One individual, he said, did not understand what a right mouse click was on day one of the course, yet by the time they graduated six months later, they were able to reverse engineer malware, he said. Another set of cable pullers to go through the course beat a team of individuals all with computer science degrees in capture the flag.
“The learning practice that we put in place…has proved to be very effective in teaching what we believe are not necessarily STEM skills