Download eBook for Free

FormatFile SizeNotes
PDF file 1.1 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback116 pages $28.00 $22.40 20% Web Discount

Research Questions

  1. How many and what types of personnel make up the DoD cybersecurity and IT workforces?
  2. What roles and functions do the DoD cybersecurity and IT workforces currently perform?
  3. How often do DoD personnel perform core cybersecurity or IT tasks described in the DoD Cyber Workforce Framework (DCWF) and how important are such tasks to the organizational missions?
  4. How does DoD cybersecurity and IT manning compare with the private sector?
  5. What are potential barriers to efficiency and effectiveness among DoD cybersecurity and IT personnel?

Section 1652 of the fiscal year 2020 National Defense Authorization Act (NDAA) tasks the U.S. Department of Defense (DoD) to perform a zero-based review (ZBR) — a detailed review rather than a simple comparison with previous size or budget — of its cybersecurity and information technology (IT) workforces. DoD engaged the RAND National Defense Research Institute to produce a process for validating and ensuring the consistency of data and analysis used for its ZBR.

The authors organize the NDAA requirements into five themes: current workforce, current work performed, manning and capability gaps, potential barriers to efficiency and effectiveness, and potential future changes in work performed or requirements. Organizations across the four DoD services — the U.S. Air Force, Army, Marine Corps, and Navy — plus the Defense Information Systems Agency were selected to participate in the DoD cyber ZBR. Collectively, the participating organizations reported a total of almost 18,000 cybersecurity and IT personnel, 84 percent of whom are civilians and 16 percent of whom are military personnel.

The authors use quantitative and qualitative research methods to analyze multiple data sources, such as DoD workforce data, subject-matter expert interviews with organizational leadership, a work analysis data call, a comparison of DoD and private sector cyber workforces, and a sample of cybersecurity and IT position descriptions. They present key findings, aggregated across the participating organizations and arranged by theme. The ZBR process described in this report constitutes a transparent, repeatable process with which DoD can conduct ZBRs across the DoD cyber enterprise.

Key Findings

  • Overall, organizations that participated in the DoD cyber ZBR reported a total of almost 18,000 cybersecurity and IT personnel, 84 percent of whom are civilians and 16 percent of whom are military personnel.
  • The participating DoD organizations are still working to align their hiring practices (as expressed through position descriptions [PDs]) with the DCWF taxonomy of cybersecurity and IT positions: 16 percent of PDs were clearly and uniquely mapped to a unique DCWF work role, while about 20 percent of PDs mapped to multiple DCWF work roles and about 20 percent of PDs did not map to any DCWF work role.
  • Most DoD cybersecurity and IT personnel in the participating organizations perform core DCWF tasks weekly or monthly, and they typically view these tasks as being very important to their individual job performance.
  • The participating organizations have approximately 2.5 times the number of personnel allocated to basic IT functions, relative to such personnel in the private sector. And yet, the participating organizations still experience personnel gaps for these basic IT functions at much higher percentages than in the private sector. Moreover, private sector organizations appear to experience much higher rates of personnel gaps for cybersecurity work roles, relative to gaps in the participating DoD organizations.
  • DoD cybersecurity and IT personnel cited military processes, access to technology, and budget as being the leading constraints to their efficiency and effectiveness.

Table of Contents

  • Chapter One


  • Chapter Two

    Methods and Data Sources

  • Chapter Three

    Findings Across All Selected Organizations

  • Chapter Four


  • Appendix A

    Subject-Matter Expert Interview Protocol

  • Appendix B

    Work Analysis Data Call Protocol

  • Appendix C

    Deskside Interview Protocol and Example Data Call Results

  • Appendix D

    Additional Information on the DoD and Private Sector Cyber Workforce Comparison

  • Appendix E

    Median Task Frequency and Importance for Specific Work Roles

This research was sponsored by the Principal Advisor for Cybersecurity, Strategy, Planning, and Oversight in the Office of the DoD Chief Information Officer (DoD CIO), and conducted within the Forces and Resources Policy Center of the RAND National Security Research Division (NSRD).

This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.