The Center for Information Warfare Training is gearing up to pilot its new Cyber Defense Analyst Basic (CDA-Basic) Course beginning on Jan. 24, here at Information Warfare Training Center Corry Station.
This is significant as it is the first ever 2000 level, classroom-delivered training course to be developed and executed within the Persistent Cyber Training Environment (PCTE), a training platform that replicates the digital environment the students will encounter when conducting cyber defense operations.
“The integration of PCTE into cyber defense training is really a game-changer,” said Master Chief Cryptologic Technician (Networks) Aaron Manning, Cryptologic Technician Networks (CTN) Rate Training Manager. “In the Navy, we don’t train Sailors to fight fires with PowerPoint and discussions; you put a hose in their hands, a team at their back, and point them in the direction of the fire. We have to train our cyber warriors the same way.”
In preparation for the pilot course, the cyber professionals, both military and civilian, that will be teaching the course are currently going through the course themselves, taught by contractors working for SimSpace.
The CDA-Basic Course was developed by a team of subject matter experts (SMEs) with experience ranging from traditional business and banking to working for the Department of Energy and Department of Defense. It was derived from best practices across industries and based on practical experience and lessons learned from working in the field.
Developed under the federated training concept, once validated by U.S. Cyber Command, the course will also be immediately executable by the joint services in their own schoolhouses without special equipment or classroom requirements, and with classroom materials available from anywhere in the world. The federated training concept allows all services train to a single standard using the same courses.
“Initially we provided the required tasks, knowledge, skills and abilities we needed trained to the course developers when we asked them to develop the curriculum,” said Manning. “Once the curriculum was complete, we assembled a team of SMEs from the joint services to validate the course design, provide input and offer feedback, which enabled us to improve the course and significantly shorten the final validation process.”
Manning explained that during development and validation they had to overcome barriers such as the integration of a Learning Management System, ensuring Naval Education and Training Command (NETC) standards were adhered to, as well as training non-cyber experts to review and approve content.
“While developing the course we had to break traditional course doctrine, and with the help of PCTE shift the students experience from strictly knowledge based to one that replicates the digital environment that is inherent in PCTE,” said Chief Cryptologic Technician (Networks) John Moleskey, CIWT DCO SME and training manager. “The use of PCTE allows for the creation of muscle memory ‘Reps and Sets’ of tactics, and demonstrating skills and abilities with the latest cyber weaponry in our arsenal.”
Regardless of these challenges, Manning continued, the course was planned, designed, developed, and delivered in 12 months, at less than half the cost of traditional curriculum development. The way the curriculum is structured also allows it to be updated in real-time, as needed, to reflect developments in the field.
In addition, the team integrated Moodle as the Learning Management System (LMS) for the course, almost four years ahead of schedule and without the $30 million price tag previously attributed, said James Buchko, CIWT’s Defensive Cyberspace Operations (DCO) Program Analyst. Incorporating the LMS provides the ability for both the student and their commands to track their academic progression throughout their career. The ability to see where a person is strong and weak over an extended period of time could allow for tailored training and may eventually assist in talent management and assigning the right personnel to the right job.
Moleskey said the team put particular care into coordinating efforts from the other services and getting their input into the final course output to ensure that it is truly a joint course.
Prior to enrolling in the CDA-Basic Course, students must complete the Joint Cyber Analysis Course (JCAC) or their service’s equivalent accession-level training. JCAC introduces students to some of the fundamentals of networks and provides basic cyber training.
“During the course students will start with a brief refresher on some of the advanced topics from JCAC,” said Manning. “Next they will learn the structure and functions of a Cyber Protection Team (CPT), advanced scripting techniques to extrapolate data and perform analysis, and common tasks and concepts to prepare the them to enter the Host Analyst (CDA-H), Network Analyst (CDA-N), or Cyber Threat Emulation Operator (CTEO) follow-on training.”
After completing training, before reporting to their ultimate duty station, they will complete a Joint Qualification Standard (JQS) to certify them as a fully-capable analyst at the apprentice level. Certified apprentice analysts have several possibilities for their next assignment. Some of those include being assigned to a CPT, to a Navy Cyber Defense Operations Command as an analyst, or as a DCO deployer on an aircraft carrier, amphibious assault ship, or at a joint command with a defensive cyber mission.
Through experience and advanced on-the-job training, the apprentice analysts will qualify at the journeyman and master levels. They also may have the option to return to school for another discipline within the CDA pipeline or CTEO.