Machine Learning Tailors Training to the Student

Machine Learning Tailors Training to the Student

Most training and learning systems today follow the same basic model developed a century and a half ago when the British pioneered industrial-scale education to produce a literate working class. With one teacher and a large group of students, instructors must focus on the ones in the middle. While the weakest in the class may drop out, the most talented are slowed down and forced to be average. Machine learning could change all that.

Training systems today can capture individual performance characteristics and, with the help of data analytics, identify strengths and weaknesses so training can be tailored on the fly to match the specific needs and requirements of each individual student.

“You don’t want to present each learner with the same experience, with the same knowledge,” explains Luke DeVore, business development director at Design Interactive of Orlando, Fla., a human-centered design firm with a focus on training. “Some people have different starting points. They have different backgrounds that allow them to progress more quickly. Or they might move more slowly through certain sections.”

Daniel Serfaty, founder of the human-centered engineering firm Aptima and a pioneer in simulation science, says the ability to tailor individual training for each individual to the individual is the next great step in the evolution of one of training technology, made possible by the advent of affordable artificial intelligence (AI).

AI can be used first to analyze individual performance and later to tune training to trainees’ specific weaknesses. Eventually, he and others say, AI will enable everyone to have a personal learning partner to enhance on-the-job performance.

“As the gap between our capabilities and those of our [rivals] gets closer,” Serfaty told military training leaders in December, “I believe the last frontier in which America and its allies can still have an advantage over our adversaries, is human performance.” To achieve that, he added, America must “take learning to the next level.”

It’s well established that different people learn at different rates. Yet today’s training systems aren’t built with that in mind.

“We have to develop technologies that enable us to adapt and personalize the training so that we can tailor that training to the individual,” Serfaty said. This, he added, is the “low-hanging fruit” in the race to leverage machine learning in training technology.

Using machine learning to identify the weaknesses of human performance – and then help them overcome those weaknesses by adapting the performance intervention to the correct level of knowledge and skill – is more than an ironic twist. “Making sure weaknesses are identified early in the training is a much better way to ensure that training results are more effective and more efficient,” says Dr. Denise Rose Stevens, chief learning officer and director at General Dynamics Information Technology. “Machine learning helps us better understand how each individual trainee learns and performs, so that the proper skill levels are reinforced and mastered before moving on to the next block of instruction. If needed, we can anticipate additional training that might be required depending on the learner’s current performance.”

Indeed, Serfaty sees a future in which every person has a personal electronic learning record stored in the cloud, which can aid in continuing professional learning and development throughout each person’s career – even when they change jobs and employers. “In that record is the entire story of what we’ve learned, not just at school but also at work,” he said. “Imagine that we can use this electronic learning record as a GPS, not just a map, but something that tells you where you are, where you’ve got to go, and that suggests [the best ways] to get from one place to another.”

Machine Learning

ScreenAdapt System

ScreenAdapt System

Design Interactive is already applying machine learning to training through its ScreenAdapt system, which a Window-based training application for x-ray images. ScreenAdapt presents trainees with images, then uses an infrared eye-tracking sensor to follow their eye movements as trainees study those images. By tracking users’ ability to identify areas of concern within an image – and also identify when trainees fail to scan the entire image – the system provides invaluable personalized feedback to both trainees and instructors.

The system was developed with the help of a federal small-business innovative research (SBIR) grant.

Judging the image correctly is “just a behavioral metric,” said DeVore, of Design Interactive. Adding eye-tracking takes things a step further: “It doesn’t just know whether you identified a threat or not, but also where you looked, what your scan pattern was, what you fixated on.” Errors are classified either as a failure to scan, a failure to detect or a failure to recognize.

“The scan error is simple,” DeVore explained. “It’s ‘hey, you just didn’t look in the top left quadrant for whatever reason.’ A detection error is based off the gaze indication – so you looked there, but you just didn’t detect anything. Then a recognition error would be, ‘hey, you looked there, you had a significant fixation, but you just failed to recognize that it was, in fact, contraband.’”

The ScreenAdapt then uses that feedback to select which images to present in the future, so trainees spend their time learning to overcome their weaknesses rather than practicing tasks they’re already good at. “So if you’re already really good at identifying problems in the lower right quadrant, then you’re not going to get many of those images,” DeVore said. But if you’re having a hard time with something else, “then that’s what it’s going to give you.”

The same technology is applicable in medicine – scanning medical x-rays, mammograms and other medical scans – as well as geospatial image analysis, material quality control (such as reviewing welds for cracks) and a host of other applications.

“Medicine is something we’re really interested in,” DaVore said. “We’ve spoken with a lot of radiologists and they’ve said there’s a real difference between the way a novice will scan a medical image versus an experienced performer. And there are lots of errors that occur when novices are performing versus [experienced ones]. So we definitely think our solution can accelerate the training process.”

Related Articles

Tom Temin 250×250
ATARC: Federal Mobile Computing Summit 250×250
NITEC17 250×250
GM 250×250
GEMG 250×250
GITECH Summit 2017 250×250
Jason Miller 250×250
Vago 250×250
USNI News: 250×250
ATARC: Federal Mobile Computing Summit 250×250
NITEC17 250×250
GITECH Summit 2017 250×250
gdit cloud 250×250

Upcoming Events

At DHS Procurement Innovation Lab, It’s Safe to Think Different

At DHS Procurement Innovation Lab, It’s Safe to Think Different

When the Department of Homeland Security (DHS) surveyed its contracting officers to find out what was holding them back from being more innovative in acquisition efforts, the answer came back loud and clear: “Over 70 percent of our respondents cited fear and control resistance,” recalls Eric Cho, project lead for the agency’s Procurement Innovation Laboratory (PIL). “This was the No. 1 reason for not innovating in procurement processes.”

Fear of failure was holding everyone back, Cho said in an interview. The risks were too high – and the rewards too undefined. In short, taking chances and innovating wasn’t worth the risk.

Soraya CorreaDHS Chief Procurement Officer Soraya Correa could have viewed that as a systemic breakdown. Instead she saw an opportunity.

If the agency could create a safe zone where experimentation was safe, innovation could flourish and new ideas might sprout. Once proven and tested, those ideas could be further refined and then shared across the entire agency.

PIL was born, and within a year, the White House Office of Management and Budget (OMB) had recommended every agency stand up a similar test-bed.

To date, DHS’s PIL has completed nine projects and has another 13 active projects and, according to Cho, “about a dozen coming our way.”

The program works on two planes, Cho said. First, “we’re going to develop these techniques in this protected environment where people can try new things, learn from it and develop those techniques by actually doing it.” Then, once ideas are proven, the sharing starts.

“We say, hey, once you try these techniques in real projects, we want people to share that knowledge through webinars and training,” Cho explained. “That’s the core idea or con-op for the PIL.”

That’s happening now. The PIL has conducted 25 webinars to date to spread the word about lessons learned.

Projects range from complex procurements for critical needs to simple process reviews. OMB noted PIL had “cut procurement lead time by more than half for a competitively awarded, multi-million dollar, classified cyber security services contract for the Einstein Project.” In another effort, the lab helped clear a backlog of expired contracts that needed to be closed out – freeing contracting officers’ to focus more on new programs.

One critical focus for the PIL has been to streamline the front end of the contracting process — solicitation through evaluation and award.

“This is often viewed as one of the weakest links, just because it sometimes takes forever,” Cho said. “It takes more than six months or more than a year to award a contract. And the IT development cycle is so fast that taking more than six months is defeating the purpose. We want to align the cycle of technology with the pace that we can deliver contracts.”

The lab experimented with a variety of techniques, such as multi-stage down-selects where the agency can start work before a final award is made by both having more than one competitive contest en route to a final contract award, as well as technology demonstrations in which contractors are invited in to demonstrate a capability. Case in point: DHS asked competitors seeking to win its Flexible Agile Support for the Homeland (FLASH) program.

“As part of the evaluation, we say one of the most important factors would be for your team to come in and demonstrate technical capabilities or have an agile team to actually develop a software [program] within a four-hour window,” Cho said. “We’ve now done many acquisitions using that technique. Evaluators like it not only because it’s easier to evaluate, but because it gives a true insight into companies’ ability to do the job.”

Another innovation: The PIL worked with DHS’s Science and Technology Directorate to develop streamlined procedures for a Broad Agency Announcement solicitation designed to attract non-traditional industry partners. The lab developed a seven-page questionnaire based on those used by venture capitalists to develop interest in emerging businesses and used that in place of a conventional request for proposal. Those companies that drew interest were then invited in for 15-minute pitch – either in-person or via video-chat – after which participants were notified immediately whether they had made the final cut. Awards followed in 30 days or fewer.

Before launching the lab, DHS contracting officers might have been leery of any of these atypical procurement approaches.

“But under the PIL, you can take managed risks,” Cho said. “And if you fail, it is OK, because we learn from it.” His only rule: “Fail quickly.”

Lessons learned can be put to work coming up with another, better innovation. Successes also yield lessons, which are analyzed and ultimately shared. For now, DHS is only sharing within the agency, but eventually the techniques and teaching tools it’s developing be offered to others outside the agency, as well. Cho said at this stage, participants seem more able to be relaxed, comfortable and open if they are speaking within the relative confines of DHS, rather than among other large agencies. “We found people are much more comfortable asking questions when they know that it’s all DHS people and we’re working together,” he said.

Lessons are shared through live and archived webinars. To date, the lab has produced 20 programs, each about 90-minutes. “We cover the actual PIL projects with examples and cover various techniques, such as multistage down-selects, oral presentations or technical challenge exercises.” Each program includes a senior-level management message to drive home the idea that the push for innovation comes straight from the top.

It’s also clear to Cho that innovation is not a fashion trend or fire-and-forget activity, but something that must be honed and fueled forever. “It’s essentially continuous improvement and learning,” Cho said. “We try these new techniques, we have that team teach and share with others in DHS and then those others will try those techniques and improve. And then share and teach again. It’s a loop.”

For 2017, DHS procurement chief Correa aims to institutionalize innovation in acquisition. She challenged each DHS contracting activity to commit to reaching three goals:

  • Execute three PIL projects
  • Re-engineer at least one acquisition process
  • Present at least one PIL webinar

Change, as the saying goes, is hard. “Usually people are very hesitant,” Cho said. “They aren’t sure they want to try these new things. But, hey, once they try these programs … and see positive aspects, in terms of reducing their workloads and providing better outcomes, they become evangelists. They want to do more of this. And then their neighbors start to use these techniques, too.”

Related Articles

Tom Temin 250×250
ATARC: Federal Mobile Computing Summit 250×250
NITEC17 250×250
GM 250×250
GEMG 250×250
GITECH Summit 2017 250×250
Jason Miller 250×250
Vago 250×250
USNI News: 250×250
ATARC: Federal Mobile Computing Summit 250×250
NITEC17 250×250
GITECH Summit 2017 250×250
gdit cloud 250×250

Upcoming Events

Battle Staffs Need More Cyber Training, Leaders Say

Battle Staffs Need More Cyber Training, Leaders Say

Developing cyber warfare capabilities turns out to be only one piece in the complex challenge military leaders have in trying to incorporate a new warfare domain into their mission management and planning process.

Commanders need to understand cyber effects if they’re to use the capabilities now at their disposal, and planners have to understand how best to leverage those capabilities to provide commanders with viable and ready options. The trouble is, cyber is still a new tool for most battle planners and experienced experts are rare. That’s raising a need to expand who gets trained on how to use cyber effects, as well as how to make that understanding more accessible to more planners.

“We focus on developing technical gurus,” explained Maryland Air National Guard Capt. Matthew “Tux” Weiner, group weapons and tactics officer of the 275th Air Force Support Squadron. “What we don’t teach them is how to be planners. We don’t teach them Joint Pub 5 [Joint Operation Planning], we don’t teach them Joint Pub 3-60 [Joint Targeting] and we don’t teach them about the Joint Target Cycle.”

Another problem: Cyber is still so highly classified that cyber operators are kept apart from planning and operations staffs. One result: Many commanders lack experience or understanding of how cyber can be used in military operations.

Both cyber operators and mission planners need more areas of common understanding, Weiner suggested. “The operators don’t need to be at that [senior planning] level, but you need trained and certified planners in the AOC [Air Operations Center] that understand our [cyber] capabilities, understand our effects, can distinguish between something called defensive cyber operations response actions and offensive cyber space operations,” he said. Planners must understand the nuances, such as the different authorities required for each and which cyber specialists can do which kind of work.

“I also believe we … haven’t built a standard on planning,” he added. With artillery and air power, for example, there are established planning methodologies and software to help imbue new planners with decades of military understanding and experience. That’s missing for cyber today. “We don’t have a solution out there … where you go in there and build off some piece of software or some piece of equipment and it takes you through your entire response action for what you’re going to do,” Weiner said.

That’s an immediate need, he added, posing a challenge to the military the training community to develop and standardize methods for training cyber mission planners.

“Within Army Mission Training Complexes, Cyber cells are being integrated in the mission operations training”, said retired COL Bob Pricone, VP of Training at GDIT. “We’re beginning to develop a body of knowledge to enable better cyber mission planning. But it’s still an emerging practice.”

Weiner said his command has begun the process and has a waiting list of 200 officers to get into the Guard’s program: a three-week tactical planner’s course that includes a week on JP-5 and two on JP-3-60. “But that shouldn’t be the first time they see it,” he said. “We need to start building cyber planners from the time they go through their service schools and come out into operations.”

Classification Conflicts
Frank DiGiovanni, DoD Director of Force TrainingFrank DiGiovanni, director of force training at the Pentagon, experienced this problem first hand when as an Air Force officer, “I had a cyber person and a space person working for me, but they could not talk in the battle staff about their capabilities.”

The two were sequestered in another part of the air operations center, he said, because of classifications that barred most AOC staff from knowing what they were doing or could do – a problem that has yet to be solved, he said.

“We have to fix the security issue to make sure the people on the battle staff are read in,” DiGiovanni said.

Just as important is making sure commanders understand the cyber capabilities at their fingertips and that they have confidence that those capabilities will have an impact once unleashed. Planners alone don’t ensure commanders will use capabilities they see as unproven or untested.

“If the commander isn’t confident in the capabilities – because he hasn’t seen it in training or exercises – it won’t be used,” DiGiovanni said. “It’s a complete value chain which includes the leaders, the planners, the operators and the maintainers. All those people have to be exercised and trained to understand the capabilities. It’s a big problem.”

Maj. Gen. Stephen Fogarty, chief of staff at U.S. Cyber Command, said though the Army is acutely aware of the problem, finding actual real-world experience is helping to shine the way forward. “There’s nothing like operations to accelerate learning,” he said. “We have learned tremendously.” The Army’s Cyber Center of Excellence is adapting its training to address the knowledge shortfall, Fogarty said, “so those lieutenants, NCOs and warrant officers in the training, they’re going to come away with not only the ability to [conduct cyber warfare] at the national level, but actually to provide effects down to the tactical level.”

Related Articles

Tom Temin 250×250
ATARC: Federal Mobile Computing Summit 250×250
NITEC17 250×250
GM 250×250
GEMG 250×250
GITECH Summit 2017 250×250
Jason Miller 250×250
Vago 250×250
USNI News: 250×250
ATARC: Federal Mobile Computing Summit 250×250
NITEC17 250×250
GITECH Summit 2017 250×250
gdit cloud 250×250

Upcoming Events

How Changing the Requirements Process Could Boost Innovation

How Changing the Requirements Process Could Boost Innovation

The Pentagon and other government agencies spent much of the past two years experimenting with rapid-acquisition strategies designed to speed up technology insertion by shortening the requirements process, streamlining proposals and accelerating decisions.

The Defense Innovation Unit Experimental (DIUx) and a host of other rapid-acquisition, innovation and development offices across the department employ prototyping, iterative development and mostly small and non-traditional defense suppliers, to cut the time it takes to develop and deploy new capabilities.

Now, as a new administration arrives in Washington questioning high-priced defense programs and hoping to enforce a new brand of business-minded management, the question is whether this approach can accommodate both large-scale contracts and enterprise technology programs.

“Future Foundry,” a new report from the Center for a New American Security, lays out a strategic approach it calls “optionality.” The central idea: By placing more, smaller bets on competing technologies and concepts up front, the government can achieve a more diverse portfolio of choices over time.

The central problem its authors see is that major programs take so long to develop, it’s impossible to anticipate every potential future requirement at the outset. That, in turn, leads to the piling on of requirements up front, increasing complexity, risk and costs. Instead, they argue for investing in smaller-scale prototypes and demonstrators and then adding capabilities with rapid, incremental upgrades over time. The result: risk is minimized by committing to just one stage of development at a time; competition is enhanced because players remain in the game longer and costs are contained because large-scale program failures and cancellations are reduced or eliminated.

This, the report argues, should help DoD “exploit advantages, particularly human, in which the United States is expected to remain dominant in the foreseeable future.”

Sean O’Keefe, former NASA administrator, U.S. Navy secretary and Pentagon comptroller and now a Syracuse University professor, co-wrote the introduction to the report, which he said tries to address a fundamental problem: ensuring the largest possible pool of potential suppliers for defense requirements.

Today, O’Keefe said, “There is a very finite number of companies that are deeply engaged – almost to a point of exclusivity – in national security. And then there are others who could have applicability, but aren’t sufficiently attracted because there are so many things you’ve got to overcome, just to be a participant in that market. And the size of the market, relative to other opportunities today, leads many companies to conclude it just isn’t worth the gain.”

DIUx and other rapid procurement programs seek to reduce the barriers to entry by eliminating much of the contracting red tape that slows things down, but the strategy only goes so far. While small companies may see such work as valuable because it could spur investment or attract buy-out offers, established businesses are less willing.

“I have more opportunities than time to pursue them,” said Russell Stern, chief executive at Solarflare in Irvine, Calif. The company produces networking software and hardware that accelerates, monitors and secures network data and conducts low-latency networking. Though it has the skills and capabilities the government seeks, according to Stern, “we can’t afford to have someone sit there and spend months or years on a project that might not pay off.”

That’s where CNAS’ optionality concept comes in, says lead author Ben Fitzgerald, director of the think tank’s Technology and National Security Program. “The strategy is one in which DoD intentionally invests in many more and different types of systems. There are military reasons for doing that and also business reasons, to engender more competition and hopefully to lower some of these barriers to entry.”

The Pentagon needs a more nuanced approach to its industrial policy because it no longer dominates the technology markets it depends upon. Instead, it sources products from four distinct groups:

  • Manufacturers of military unique systems, such as submarines or aircraft carriers, in which competition is limited or non-existent
  • Makers of military unique systems, such as fighter aircraft and combat vehicles, where competition is viable
  • Commercial technology suppliers with products that can be adapted to military use
  • Purely commercial technology providers

“We don’t actually have any industrial policy for [the last two], despite the fact we talk about buying commercial technology all the time,” he said.

“We’re trying to expand the choices,” O’Keefe said, in order to escape a business model in which “you freeze-frame characteristics and then, for the rest of time, are restricted to the limits of what those capabilities are.”

The optionality approach, he said, offers “the agility to produce varying capabilities on the forward end of the spectrum” and the ability to choose, based on evolving threats, which is most effective and then field it contemporaneously. The current model locks in choices too soon, he says, and the process is so long that stakeholders tend to load up on requirements out of fear that if they miss their chance this time, it could be a decade or more before they’ll get another chance.

“We’re urging choices to take a range of different paths without commitment,” O’Keefe said.

Information Technology
For information technology systems, the concept would require a fundamental shift in how systems are typically procured. The requirements process for government information technology systems maps directly to commercial best practices for IT acquisition, as defined by industry standards like the Information Technology Infrastructure Library (ITIL) or Capability Maturity Model Integration (CMMI).

“It’s rooted in the need to build something aligned with a business or mission need, and that must work reliably, securely and supportably,” said Stan Tyliszczak, vice president of technology integration at General Dynamics Information Technology. “Every change has multiple, disparate downstream effects – and the bigger the enterprise, the greater the impact of those effects.”

But while that may be the right approach for a system where the underlying uses are all well understood, such as when an existing system is being replaced in a one-for-one upgrade, it is less than ideal for situations in which brand new capabilities are being introduced. In those circumstances, it’s not possible to foresee all the potential requirements.

“An Amazon doesn’t build everything at once,” Tyliszczak said . “They develop a platform and then deploy agile increments later.” Those increments include both planned capabilities and new ideas fueled by user interactions.

That’s what makes agile development different. Unlike block upgrades on a weapons platform, agile iterations are launched in a series of sprints, rather than planned and scheduled years in advance, and can be pushed out as they are ready. Requirements are treated more fluidly and can change over time. That’s a fundamental shift for government acquisition.

Making that work in a government contracting context will require a different approach to defining requirements. While there’s no one-size-fits-all approach, Tyliszczak said, one way to accomplish that could be to treat some efforts not as fixed, long-term capabilities, but as short-term, flexible purchases: Acquire a capability for a specific use, then once that mission is complete, take a fresh look. That could mean scrapping the system in favor of a new approach or enhancing what is already in use. But because the system wasn’t contracted with full life-cycle expectations and costs, the initial investment is smaller and the agency has more options at the end.

“Individual sprints might even be developed by different contractors,” Tyliszczak said. “There might be one integrator to pull together all the pieces, but additional capabilities could be procured from different providers.”

The concept isn’t applicable to everything. “But having the ability to provide this agile or incremental overlay on top of an acquisition is probably a good thing to do,” Tyliszczak said.

DoD’s Dependence on Commercial Tech
William J. Lynn III, the former Deputy Defense Secretary who is now chief executive at Leonardo North America and DRS Technologies, and with O’Keefe, co-authored the forward to the report, agrees with Tyliszczak: “We can’t have a one-size-fits-all policy,” he says.

There are too many barriers to entry to the defense market, Lynn says, citing the need for separate accounting systems as one example. “If you’re a big IT behemoth, why would you bother?” Ideally, DoD should promote policies that support each of the four technology sectors on which DoD depends. “But if DoD doesn’t do that, industry will have to on its own.”

U.S. military strategy is centered on technological superiority being a force multiplier on every battlefield – land, sea, air, space and cyberspace. But while the military was able to drive that development in decades past, today it no longer wields the same influence.

“The United States’ ability to maintain its military-technical edge is tied to its ability to leverage advances in commercial technology,” the report argues. “Theoretically, the DoD possesses the legal authorities and acquisition regulations to procure these systems. [But] in reality, the lack of an acquisition workforce familiar with these types of procurement, the nature of the current requirements system, and a lack of support from mid-level leadership mean that commercially adapted military technologies remain stuck. Even prototypes are acquired in the same way as military unique systems.”

To fix that, the report urges the Pentagon to “establish agile methods by which validated experiments, challenge grants, competitive wargaming, emerging combatant command considerations, and prototypes can be used by the services and OSD to establish needs and start new acquisition projects.” Likewise, experimentation, prototyping, capability improvement and upgrade opportunities should be used “to identify and define problems, developing technologically informed requirements before proceeding to production.”

The report’s authors acknowledge that the existing acquisition system is built for military-unique programs, and that the bureaucracy is large and often resistant to change. So they argue for creating a new acquisition pathway that can operate in parallel, one designed expressly for prototyping new systems and adapting commercial off-the-shelf and existing military systems for new uses.

Noting that the 2017 National Defense Authorization Act requires DoD to create a new undersecretary for research and engineering, the report suggests this office could become the new home for DIUx and DoD’s Strategic Capabilities Office, the Joint Rapid Acquisitions Cell and small business programs, providing sufficient organizational heft to drive policy and protect this alternative acquisition pathway.

Such an alternative path will have to overcome perceptions that it is either one administration’s pet concept or that it favors one group of contractors over another. Whether DIUx survives the change in administration is an open question. Concerns that it and other rapid-acquisition programs lean too heavily on the use of Other Transaction Authority (OTA), a contracting tool designed to let the Pentagon more easily contract with small and non-traditional defense suppliers, also muddy the outlook. “If they can do it for them they should do it for everybody,” says Alan Chvotkin, executive vice president and counsel at PSC.

Ultimately, no one sector or group of companies holds all the keys to innovation. To maximize their effectiveness, alternative acquisition pathways should be open to good ideas wherever they come from.

Related Articles

Tom Temin 250×250
ATARC: Federal Mobile Computing Summit 250×250
NITEC17 250×250
GM 250×250
GEMG 250×250
GITECH Summit 2017 250×250
Jason Miller 250×250
Vago 250×250
USNI News: 250×250
ATARC: Federal Mobile Computing Summit 250×250
NITEC17 250×250
GITECH Summit 2017 250×250
gdit cloud 250×250

Upcoming Events

Here’s How DoD Aims to Grow its Own Hackers

Here’s How DoD Aims to Grow its Own Hackers

With the US government retaliating against Russia for cyber attacks affecting the U.S. Presidential election, demand for more hacking talent within the Department of Defense is sure to rise. The National Security Agency is the primary trainer for military cyber skills until 2019, but after that, the military services are supposed to take over.

“What we are looking for is that hacker mindset,” said Maryland Air National Guard Capt. Matthew “Tux” Weiner, group weapons and tactics officer of the 275th Air Force Support Squadron. A former master sergeant, Weiner stood up the initial cadre of the U.S. Air Force Cyber Warfare Operations Weapon Instructor Course, an elite course in cyber at Nevada’s Nellis Air Force Base.

Finding hackers in uniform is like finding a needle in a haystack. To find them, the Air Force starts with a challenging assessment test that weeds out 99 percent of test takers. “The smartest people I know take this assessment and don’t pass,” Weiner told a packed room full of cyber and training professionals at the Interservice/Industry Training, Simulation and Education Conference late last month. It follows with rigorous training that weeds out half of the select few who qualify.

But Weiner said the service has identified the factors that predict success: military experience, an intense level of effort and exceptional attention to detail. Trainees work their way through a series of training courses, beginning with foundational training – now handled online – followed by operational training and ultimately professional development through three stages: apprentice, journeyman and master-level operator. Once in the field, apprentice operators are paired with more experienced journeymen, continuing the training process.

Getting trainees through costs in excess of $250,000 per person, Weiner said, in part because the washout and attrition rates are so high. Master-level operators are extremely scarce.

Students must master networking, the UNIX and Windows operating systems, security and all the related protocols.

“It isn’t just learning TCP/IP and network security,” Weiner said. “It’s wanting to go in there, understand security and break the system. It’s about having the mindset that you want to hack into something and break it.”

Just like for other military capabilities, the defense industry plays a key role in building DoD’s hacking capacity, said Rear Adm. (Ret.) Tony Cothron, a former chief of naval intelligence and now vice president for customer requirements at General Dynamics Information Technology. Industry provides a “surge” capability with additional hacker manpower, as well as other cyber mission support resources. Companies are investing in training and developing their own cyber talent and for people seeking cyber security careers without having to sign up for the military culture, they can be an excellent alternative, he said. “The demand for personnel with cyber expertise and who are cleared is only going to increase.”

Hackers Are Different
John “Rigs” Rigney, co-founder and chief technology officer of Point3 Security agreed. A lifelong hacker and former NSA cyber operator, said there are really only two routes to recruiting cyber talent: Find these people or grow them yourself.

“I grew up in this world as a hacker,” Rigney said. “I broke into my first system when I was 8 and haven’t really stopped since. When I talk to people about recruiting, I find they’re looking in the wrong places. What I often see is they’re going in to job sites like LinkedIn. I don’t know anyone who has these skills who is on LinkedIn.

“That’s just the wrong place. This is a culture,” he said. “You do this because you’re obsessed with it, because you’re a crazy person. That’s why we do this.”

Rigney has been the lead instructor running and developing the Cyber Operations Academy Course (COAC), an initiative driven by Defense Department Director of Force Training Frank DiGiovanni. The course aims to develop a scalable model for teaching cyber skills to military members with varying levels of cyber knowledge and turn them into operators in just six months, bypassing the conventional hierarchical approach requiring years of schooling and a college degree.

The program has so far proved effective through demonstrations, but scaling it remains a challenge. DiGiovanni believes technology could help with that eventually. Like the Air Force’s operational set-up, this training curriculum is built on a journeyman apprentice model, with more experienced members helping less experienced ones.

Rigney, a lifelong hacker and former NSA cyber operator, observed that many of the most talented hackers are simply unaware that they can get well-paying jobs “doing this kind of work.” Making matters worse, the government and industry often aren’t sure where to look. “I see recruiters looking on sites like LinkedIn,” Rigney said. “These guys just aren’t there.”

To find talented hackers, Rigney suggested agencies and contractors sponsor more capture-the-flag cyber events which showcase hackers’ talent in the cyber game of cat and mouse. Such events are signature elements of hacker conferences like Def Con and provide the kind of challenge that brings hackers out into the open. Rigney led a team that won the Def Con capture the flag contest three years ago.

But not every cyber team seeks that kind of hacker. Some want more conventional cyber defenders. Most hackers argue that unless defenders have the skills and mindset to think like hackers, they won’t be able to seal off networks or successfully hunt down intrusions. The hackers they say, will remain a step ahead.

Another problem is that military members – whether ground pounders, air crew or logisticians – need to meet physical fitness standards that may exclude some hackers. Others might have legal issues keeping them out of uniform.

While COAC trains people with or without specific cyber expertise and Rigney said the course has proved with the right encouragement, students do demonstrate the obsessive, addictive behavior he sees as critical to hacking successfully. “They’ve got to have that obsession,” Rigney said, noting that as a military course, students are expected to show up at 8 each morning, yet he continued to get text messages and questions from them into the wee hours of the morning. Students are encouraged students to take schoolwork home, a marked difference from most military cyber training, which requires students to pack up and leave their classified environments and all work behind.

Once trained, cyber students need to go to work, sitting side-by-side with more experienced perators, and applying their newly developed skills. There, they can refine their knowledge and build up their tradecraft, he said.

But it’s also important to protect cyber practitioners from burnout. Speaking from experience, he said the shortage of cyber talent means military units tend to overburden the few truly talented people they have.

“We’ve got to figure out a way to avoid burning these guys out,” Rigney said. The surest way to do that? “Train many more of them.”

Related Articles

Tom Temin 250×250
ATARC: Federal Mobile Computing Summit 250×250
NITEC17 250×250
GM 250×250
GEMG 250×250
GITECH Summit 2017 250×250
Jason Miller 250×250
Vago 250×250
USNI News: 250×250
ATARC: Federal Mobile Computing Summit 250×250
NITEC17 250×250
GITECH Summit 2017 250×250
gdit cloud 250×250

Upcoming Events