Expertise Management 101

As cyber security practices, standards, and management practices evolve and mature so do the terms used to define and describe them. Expertise Management is one of the terms being used to describe the refined practice by which an organization can grow and cultivate its workforce: cyber workforce personnel (experts) are categorized based on skillset and certifications.

As capability-driven organizations and agencies continue to adopt (or are forced to comply) with cyber security standards like NICE, DoDD 8570, and DODD 8140, expertise management will be the goal and gold standard by which they are measured and will heavily impact government contract awards.

The cyber workforce maturity model below illustrates the progression an organization makes from unknown compliance to expertise management.

Unfortunately, most government agencies and mission-critical infrastructure organizations still fall within the “uncertain compliance,” category. This is due, in large part, to the fluid nature of both people and credentials within the cyber domain and the lack of tooling deployed to manage it.

As you see in the graphic, expertise management is not compliance. Expertise management is the aspirational stage beyond compliance. Standards like DoDD 8570 require agencies to know and be able to show (in real-time) which cyber professionals within the agency or organization are in what roles, which qualifications are required, and when those were obtained. Think of compliance as cyber personnel inventory management. How many IAT Level 2’s are there within the organization and are their certifications and training requirements up to date? Are they compliant to do the job for which they are assigned?

Beyond Compliance

When organizations move beyond compliance into expertise management, they will not only have full visibility into their departments and staff’s specific skill and qualifications but will also be able to effectively map current and future states of the organization, and be able to make training, operational, and policy decisions based on this data.

Expertise management will make the right training available to the qualified individuals at the right time, increasing upskilling opportunities for existing cyber professionals, ultimately reducing the time, effort, and high cost of finding and hiring these professionals on the open market.

For example, an agency has six senior operators in a target role and needs 2 more. A clear map of individuals, skills, and abilities combined with a deep understanding of available training and time to completion can give the situational awareness to make the decision on how to fill that role. Expertise management will allow organizations to quickly and easily answer the following questions:

• Who is in the training pipeline with a similar skill set that might be a potential candidate?
• Can a more junior-level individual be upskilled to the target role? How long will it take? Could that vacancy be more easily filled by the existing skill pipeline or recruiting effort?
• Is this an emerging situation that requires the skill now, even if it’s someone from a former role?
• How is the skill trending across my unit and my agency? How are they achieving that?

By focusing on upskilling, hiring demands and their associated costs are lessened, both time and training expenses, while the organization improves by promoting known and proven people from within.

The CyberSTAR Advantage

CyberSTAR is the trusted source for cyber expertise management. Used by the DoD and other government agencies as well as corporate customers, it is the most effective automated expertise management system available.

CyberSTAR helps streamline processes and maintain current credentials for your cyber workforce by:

• Ensuring proper training and certification (including DoDD 8570, DoDD 8140, NIST NICE, and other commercial standards)
• Matching personnel and roles to contractual or regulatory requirements
• Continuous compliance and on-demand reporting
• Reducing the cost and complexity of identifying skill gaps and upskilling opportunities

CyberSTAR is the one source of truth for all your cyber compliance, readiness, and expertise management.

To request more information, or to schedule a demo, click below.