Army launches direct commissioning program for civilian cybersecurity experts

Actually, I kind of agree with what they are doing. I can't tell you how many O-5 (and above IT "leaders" knew nothing except how to do a budget. On the NCO side the focus was on base Common Task Training skills and PT. In my entire time in Signal I met exactly three soldiers who knew what they were talking about (at the level you'd expect if you were looking in) when it came to IT and two of them were Reserve or Guard with civilian IT jobs. Only one was an officer. The problem the military faces is that the people that know what they are doing NEVER get to a senior leadership position with the skills to actually do the job. It's an unsolvable problem to try to fix it from within. The right answer is to go outside, bring in some superstars to fill the top level positions. That will clear the internal roadblocks allowing the current crop of juniors to learn their trade and make it up the ladder. 10 to 15 years from now the chain will have broken and the normal promote from within will have recovered. If you don't do it, it's a permanent problem.

I cite the case of the CW4 that I worked with in Afghanistan who returned CONUS to a job answering phones on a help desk (but not allowed to do anything except schedule the work for a contractor to perform). He should be a technical expert, instead he's just getting an entry level job, not even trusted to reset a password.
Sounds like every MOS in the Army...
Cyber Command actually has a lot of technically inclined mid and senior level officers. In my opinion, the Cyberspace Warfare field needs more planners, leaders, and commanders, not technicians. A baby O5 or O6 who doesn’t understand a five paragraph order, never mind JOPP, isn’t going to push the ball forward very far. We already have senior NSA transplants that are more miss than hit.

Cyberspace Warfare isn’t hard. Listen to your enlisted, resource your people, make timely decisions, and do whatever it takes to accomplish your mission. Our most successful field grade officers show up as seasoned and experienced leaders. They pick up the technical knowledge on the job. It’s certainly not ideal but it’s better than a technical expert trying to learn leadership and how to manage large military organizations on the fly. I can tell you it doesn’t work.

I think we need to take a hard look at fast tracking promising young officers who are good leaders and understand the technical side of the job. Right now they trudge along at the same slow pace the rest of the DOD suffers through. Aside from the Air Force anyway, I think their “high performance officers” pick up O5 before their first military ID expires.

I agree with your statements about leadership. My issue is that the military doesn't know how to recognize someone that understands IT. In every case, on every deployment, on every red or green team there was always that one guy that the leadership thought was an IT God. The reality of it was that most of them wouldn't have been able to hold down anything but an entry level position in the civilian world. The military in general, and I'm including the AFSOC IT guys on this, is focused more on knowing the regs than on knowing the systems. They are focused on knowing the tools, not knowing what the tools do. The only exception to this is networking where they actually go through some parts that 99% of them will never use, like performing bitwise operations such as AND, XAND, XOR, and OR.

When a soldier pulls off a minor IT miracle, there's not enough knowledge to understand what just happened. Case in point, while in Afghanistan I did a 23 TB (yes, terabyte) storage move, including permissions, between two SANs on unrelated networks with zero downtime and a defect rate of less than 1 in 1,000,000 files. After that I moved active directory and the server network completely from the first network to the second without any users even noticing it had happened, during combat operations. @AWP can tell you how much planning goes into an execution like that. No one even recognized the work or complexity that went into it. We had a CW3 there from SOCOM that was supposed to be not just an IT God, but THE IT God, I think he came over from nukes. He thought I cut and pasted some files. The point isn't the move, it's that the military, even among the people that are supposed to be the best, doesn't know what it doesn't know.

One of the things that it doesn't know is just how bad it is at technology. It needs that outside experience to rebuild the institutional knowledge that it had at one point, but lost when it shifted to using contractors. Leadership is certainly a consideration, but without the technical knowledge from outside the military, all you will end up with is script kiddies, not true IT warriors and the competency level will continue to be borderline disastrous.

To be clear, I'm not talking about enlisted being proficient, well, OK, somewhat. I'm talking about strategic level as well. How do you lead someone that is doing a job you don't understand? How do you recognize their accomplishments if you don't know which one is really an accomplishment? In the example above, there wasn't even a thank you, but at the same time a CW2 was awarded a BSM for setting up an IPSEC tunnel on the router. Three router commands, literally three commands, and he got a BSM. What does that do for morale? How do you know when the tech people are stalling you? As an IT/Cyber Leader, you have to set the vision. If you don't know the capabilities of the technology, how can you envision ways to put them together into a long term strategy? I'm not talking about implementing them, that's the enlisted folks' job. I'm talking about how you are going to leverage technology for a desired result. When you as a leader have a good idea fairy moment and ask your troops "hey, how can we do this?", how do you know they are giving you a good answer? When they tell you it can't or shouldn't be done, how do you know they are right? You have to trust them to know, but most of the time they don't. That causes projects to go long when they hit unexpected obstacles. It causes you to go over budget when they hit a speedbump and use hardware to overcome it rather than solving the underlying issue. It causes outages when something doesn't scale because the limitations of the given technology weren't understood. Second and third order effects in IT are a bitch!

How do you manage the vendors when you ask them to build a feature or requirement into a product? Vendors will run rings around most of the military's IT people. How do you deal with usability issues in the software? The list goes on and on. Trust but verify... how do you verify if you don't know enough about the tech?

My contention is that an experienced CIO from a mid-sized or larger business will know all these answers and enough about technology to hold people accountable for results and see through all the BS that goes on. Leadership doesn't just happen in the military, it happens in the civilian world at that level too. You aren't going to attract that type of person without big incentives. They certainly won't come over if it's going to take years to be able to actually effect the types of change that they are used to having the authority to pursue on their own.

I still agree with the decision to commission COMPETENT IT Leaders and break the current cycle of sending institutional knowledge to contractors. It's all going to be in the implementation. If it just becomes a checklist of leadership skills, it will be an costly failure. If there is a screening process that includes a history of measurable results, it could just solve the biggest problem there is in military Cyber Warfare and IT in general.
Cyber warfare is a lot more than IT. I think that there are far more IT minded folks in cyber right now than people who understand how to wage war in this domain and take the fight into grey and red space.