By: Trevor Halstead
January 14, 2021
Five Benefits Of Earning DoD-Approved Certifications For MSSPs
By: Trevor Halstead
January 14, 2021
IT security management is critical for operational success — regardless of industry, market, or vertical.
For any organization with lingering doubts, the pandemic pressures of 2020 have made this protective priority crystal clear. As noted by GovTech, this year saw not only the highest number of records ever breached but also a substantive uptick in ransomware efforts as attackers looked to capitalize on the confusion that accompanied rapid shifts to remote work.
For managed security service providers (MSSPs), these expanding attack surfaces and evolving threat vectors represent a significant opportunity: If they can provide agile, adaptive security provisioning to manage cloud, big data, and mobile needs on-demand, they can capture consumer interest and boost customer conversion.
As the MSSP market diversifies, it can be difficult for security service providers to find the most lucrative industry niche. The U.S. Department of Defense (DoD) offers one potential profit pathway — according to MxD, the DoD is now spending more than $300 billion each year on contracts. However, there’s a caveat: DoD directive 8140 (formerly DoDD 8570) requires that any contractor satisfy specific training and certification provisions to ensure sensitive data remains secure.
The result? There’s an opportunity for MSSPs under the DoD umbrella — so long as the staff has the right qualifications. Here are five key benefits of earning DoD-approved certifications.
Benefit 1: Rapid Deployment
Wherever possible, defense agencies prefer efficiency to red tape — the military mindset focuses on getting things done as quickly and securely as possible. And while the process of selecting MSSPs for DoD agencies is often long and drawn out, once the selection is finalized, they want to get up and running ASAP.
This means it’s beneficial for MSSPs to invest in the baseline, DoDD 8140-approved certifications — such as CompTIA Security+ and Network+ — across their workforce before the selection process is finalized, empowering rapid deployment of approved security services across DoD agencies regardless of their outsourced manpower requirements.
Benefit 2: Critical Compliance
Much like the responsibility of secure cloud data storage rests with first-party enterprise owners — rather than cloud or security providers — the same holds true for DoD agencies. In practice, this means that even if an MSSP drops the ball on data security at rest or in transit, culpability remains with the DoD agency itself.
Not surprisingly, this prompts many contract tenders to focus on both the depth and breadth of skills offered by an MSSP, along with the certifications to back up this compliance construct. From qualifications such as CCNA Security to CISM and CISSP, the broader the base offered by security service providers, the better their chances of meeting critical compliance expectations.
Benefit 3: Firm Foundations
Just as DoDD 8570 was replaced by DoDD 8140 to provide greater scope for information security initiatives within the department of defense, MSSPs should anticipate both amendments to 8140 and its eventual replacement as IT security needs within the federal government evolve.
As a result, service providers must establish a firm training and certification foundation for staff that aligns with current expectations and provides room to grow as requirements change. While this includes alignment with frameworks such as NIST NICE, MSSPs are often better served by building out a team of skilled professionals with a mixture of entry-level (Security+), mid-level (CEH), and management-level (CASP+) certifications, in turn making it possible for service providers to respond as requirements change proactively.
Benefit 4: Staff Retention
MSSPs also need to consider the benefits of DoDD 8140-compliant certifications for their staff. With 80 percent of security professionals saying they feel ill-equipped to defend their organization and 68 percent frustrated by the lack of training opportunities, there’s a significant risk that skilled staff will consider jumping ship if other companies offer better career opportunities.
Here, MSSPs can kill two birds with one stone: More DoD-certified training means more opportunity for government contracts. At the same time, continual educational options increase the chances of long-term staff retention.
Benefit 5: Transferrable Skills
From Cloud+ to CySA+, SSCP, GSEC, and CISM, the qualifications required by DoD agencies aren’t single-use. Instead, they offer transferrable benefits for both staff and MSSPs looking to expand their market footprint and attract new clients.
Consider the case of a manufacturing or retail firm looking to outsource specific security services and shore up information governance. In a diverse MSSP market, even small operational advantages can make the difference — and the knowledge that service provider staff are fully trained and compliant with DoDD 8140 provides a powerful impetus for prospective clients to choose one MSSP over another. Put simply? The benefits of DoDD 8140-approved certifications extend well past initial DoD contracts to the private sector at scale.
The Best Defense
Is a good offense. For DoD agencies, this means proactively seeking out MSSPs who meet — and exceed — DoDD 8104 requirements. For managed security service providers, this means deploying DoD-compliant training opportunities wherever possible, in turn boosting skilled staff retention and opening the door to increased DoD opportunity.
Cybrary helps organizations close the cybersecurity skills gap and build a workforce capable of tackling the challenges of today, and tomorrow. Request a free demo of Cybrary for Teams to get started.