If you’re confused about U.S. Department of Defense (DoD) directives 8140, 8570, and 8570.01-M, don’t worry! You’re not alone. These directives may seem confusing, but they’re actually pretty easy to understand.
For those who are interested in information technology, DoD 8140 is actually a huge opportunity. As the DoD increases its focus on cyber security, thousands of jobs for trained individuals will be created. And in the coming years, many other organizations and businesses are likely to follow the DoD’s lead and begin requiring similar certifications for their employees to help ensure their information security.
DoD 8570 Compliance
DoD 8570 (technically 8570.1) compliance is required of all authorized users of DoD information systems, including military service members, contractors, and government employees. If you’ve been searching for cyber security jobs, chances are you’ve seen a listing with DoD 8570 compliance requirements.
Signed August 15, 2004, DoD 8570 is a directive that requires American National Standards Institute (ANSI) accredited certification for information assurance workers. You can achieve compliance by achieving specific IT certifications. DoD 8570 established three levels of certification requirements for Information Assurance Management (IAM) and Information Assurance Technicians (IAT). IAM roles are typically in a management or leadership position, whereas IAT roles are actively working with controlled information or on the networks that carry it. If you want to qualify for DoD Information Assurance jobs, you must obtain one of the certifications required for that position category or specialty and level.
|IAT Level 1
||IAT Level II
||IAT Level III
|CASP + CE
CISSP (or Associate)
|IAM Level 1
||IAM Level II
||IAM Level III
CISSP (or Associate)
CISSP (or Associate)
CISSP (Or Associate)
CISSP (or Associate)
|CISSP – ISSAP
CISSP – ISSEP
||CSSP Infrastructure Support
||CSSP Incident Responder1
CCNA Cyber Ops
CCNA Cyber Ops
DoD 8140: A New Focus on Cyber Security
Recently, officials realized there was a need to change the way the DoD handled information and network security. Changes in those technologies since 2004 and an increase in cyber attacks were the driving force behind this new directive. On August 11, 2015, the 8140 DoD directive was signed by representatives of the U.S. Department of Defense. Because of this change of focus, the “Information Assurance (IA) Workforce” has been renamed to the “Cybersecurity Workforce.”
DoD 8140 confirms the importance of popular IT certifications like A+, Network+, Security+, and CISSP as well as adding new approved baseline cyber security certifications including CASP, CEH, and more.
So is DoD 8570 really gone?
Not exactly. DoD Directive 8140 “reissues, renumbers, and cancels DoD Directive (DoDD) 8570.01 to update and expand established policies and assigned responsibilities for managing the DoD cyberspace workforce” according to the Information Assurance Support Environment site. Despite this, DoD 8140 currently uses the DoD 8570 manual.
DoD 8140 will eventually have its own manual, but it takes a few years to create complex manuals like this. For this reason, the DoD will continue using the 8570 manual, called 8570.01-M, for the time being. When a new manual is released for 8140 it will most likely replace 8570.01-M.
One of the major changes that DoD 8140 will bring about once its new manual is released is more of a focus on training that includes live, hands-on exercises. The DoD wanted to make sure that the certifications required for the Cybersecurity Workforce give their holders not just the knowledge, but also the know-how to defend the United States’ networks, digital assets, and information.
How might DoD 8140 affect you?
For many IT professionals, and those interested in IT, this presents a huge opportunity. With the DoD’s increased focus on cybersecurity, certified individuals are in high demand. DoD contractors operate all over the United States and even abroad, which makes it easy to take your credentials just about anywhere and get hired.
For those who are serving in the military, DoD 8140 (and 8570 before it) provides a way to gain valuable experience that translates directly into a lucrative civilian career. If you can work in the Cybersecurity Workforce during your service, you’ll come out of your military career with military clearance and certifications that will give you a huge head start in the civilian world.
For training companies (like LeaderQuest) and certification vendors alike, DoD 8140 is a huge call to action. This directive has made the importance of hands-on training and “live-fire drills” very clear. As a cyber security training company, we want to make sure that you’re well prepared to use your skills in the real world, and not leaving with just “book learning.”
Are you interested in joining the Cybersecurity Workforce?
There’s never been a better time to train in cyber security, whether or not you’re interested in working for the DoD. This industry currently has a huge shortage of qualified workers. In the U.S. alone, over 40,000 jobs for information security analysts are going unfilled every year, and employers are struggling to fill 200,000 other cyber security related roles, according to CyberSeek. With demand for these professionals at record levels, you can be sure that getting certified will pay off in spades.
The LeaderQuest cyber security school offers high-velocity IT training programs that can help you complete your information security certifications and be job-ready in weeks. Day and night class schedules make it easy for you to get the training you need fast in a way that works with your schedule. You won’t leave LeaderQuest with just a piece of paper. Our industry-expert instructors will make sure you have the knowledge you need to excel in a new job role, whether it’s through DoD 8570 or not.
Get started today, and make your new career a reality!
REQUEST MORE INFO
Cyber security is huge right now. There’s no doubt about that. If you’re thinking about working in cyber security, you’ll probably want to look at the contract world. And, if you’re thinking about the cyber security enterprise world, getting IT certifications isn’t just a good idea, it’s actually required.
The Department of Defense (DoD) Directive 8570.01 lays out a list of certifications that fit the bill to be considered for those roles. This is especially prevalent for companies that regularly work with the DoD, like Raytheon, Northrop Grumman, Booz Allen Hamilton, and others.
Whether you’re coming from a military background and looking to get into cyber security or a cyber security pro looking to make yourself more competitive in the enterprise space, here are some of the best certifications and jobs you can get with them.
DoD Compliant Cyber Security Certifications
You might be surprised to see A+ on this list. It’s an entry-level certification which teaches the basics of personal computer hardware and operating systems including installation, upgrade, repair, configuration, optimization, troubleshooting, and preventative maintenance. However, support is an important part of any business and there are jobs to be had. In a role like Desktop Support Analyst, you can make between $50,000-$85,000.
- Potential Job Roles: IT Help Desk Tier I-III, IT Field Technician, Desktop Support Analyst, IT Support Specialist, and more.
- Salary: Starts at $50,000 (for Desktop Support Specialist).
- Qualifies for: IAT Level I.
Learn More About A+
Like A+, this certification covers the very basic building blocks of cyber security. In this case, keeping a network protected and maintained. Network+ certifies the skills to install, operate, manage, maintain, and troubleshoot a corporate network. It’s good for those who are ready to take on a role building, managing, and protecting a data network. With an unprecedented need for networking jobs, particularly System Administrators, it’s a role that’s important and well-compensated.
- Potential Job Roles: Systems Administrator, Network Support Technician, Network Administrator, Network Engineer, & more.
- Salary: Starts at $67,250 (for Systems Administrator).
- DoD Qualification: IAT Level I.
Learn More About Network+
While A+ and Network+ can you started in the field, Security+ is the certification that really gets you ready to launch your cyber security career. If you are interested in specializing in any type of IT security, this cert is a must. In addition to an overview/introduction to cyber security, it’s also a gateway to more specialized fields like penetration testing or ethical hacking.
- Potential Job Roles: Systems Administrator, Information Security Analyst, Information Technology (IT) Manager, Information Technology Specialist, & more.
- Salary: $81,467 on average (for Security+).
- DoD Qualification: IAT Level II and IAM Level I.
Learn More About Security+
Often considered the gold standard in cyber security, the CISSP commands great respect in the cyber world. It’s a grueling, three-hour exam and intense application process. However, once obtained, it opens up many doors in infosec, architecture, design, management and more.
- Potential Job Roles: Information Security Manager, Infosec Analyst, Penetration Tester, Cyber Security Engineer, & more.
- Salary: $113,820 on average (for Information Security Manager).
- DoD Qualification: IAT Level III, IAM Level II & III, and IASAE I & II.
Learn More About CISSP
Added to the DoD list in 2010, the CEH certification operates under a simple rule. Sometimes to catch a hacker, you have to think like a hacker. Ethical or “white hat” hacking is about taking proactive measures by getting into the mindset of cyber criminals. This could include perimeter defense, policy creation, navigating social engineering, preventing DDoS attacks, and more.
- Potential Job Roles: Information Systems Security Manager, IT Security Specialist, Penetration Tester, Security Network Engineer, Cyber Security Analyst, and more.
- Salary: Starts at $115,610 (for Information Systems Security Manager).
- DoD Qualification: CSSP Analyst, CSSP Infrastructure Support, CSSP Incident Responder, and CSSP Auditor.
Learn More About CEH!
IAT, IAM, & Other DoD Terms – What’s the Difference?
Different certifications can make you officially qualified for different levels in DoD jobs, but what do those words actually mean? We’ll go into that below. It’s important to know that some positions, particularly for Information Assurance Technicians and Information Assurance Management, are divided up by a tier system from level I to level III. This rating, of course, signifies the difficulty of the task at hand, experience needed, and, of course, a difference in compensation.
Here is what a professional might be doing depending on the DoD requirements they meet.
Information Assurance Technician (IAT)
Great for those who love the technical work, these positions are often about keeping an organization in compliance. You’ll have access to sensitive data and need to ensure that networks and systems are up to code. If they’re not, you’re the one who goes in and fixes many of these issues. If you are looking to start an enterprise cyber security career, this is the place to start.
Potential Job Roles: Network Engineer, Junior Software Engineer, Cyber Security Analyst, and more.
Certifications That Meet Qualifications: A+, Network+, and Security+.
Information Assurance Management (IAM)
As “management” suggests, this level often oversees more of the macro problems of ensuring that hardware, software, and networks are in compliance and safe from those who would do harm. If you’ve got an eye toward focusing on the more macro problems and are looking to get into IT management, this could be for you.
Potential Job Roles: Information Systems Security Officer, Infrastructure Engineer, Cyber Information Systems Security Analyst, and more.
Certifications That Meet Qualifications: Security+ and CISSP.
Information Assurance System Architect and Engineer (IASAE)
In the DoD 8570.01M, IASAE positions are responsible for, “the design, development, implementation, and/or integration of a DoD IA architecture, system, or system components.” What does this mean, exactly?
Basically, these roles move into the realm of a cyber security architect. Duties can include overseeing the building of a network from design to implementation to make sure all fronts are functional and secure. This could also include designing record systems and special purpose environments. Bottom line, if you like designing systems from the ground up and solving complex problems, this could be for you.
Potential Job Roles: Information Assurance System Architect and Engineer, Cybersecurity Architect, Information Systems Security Engineer, and more.
Certifications That Meet Qualifications: CISSP.
Cybersecurity Service Provider (CSSP)
There are five different areas of DoD compliance that begin with the title of Cybersecurity Service Provider. Each of those compliance areas covers a multitude of jobs. However, in general, Cybersecurity Service Providers operate on a much larger scale within a company.
They determine policy and work with senior management to ensure that policy becomes reality. This could include making vulnerability assessments, developing and overseeing tracking, or helping with audits, but specific duties vary greatly.
Here’s a quick list of a few of the different CSSP roles.
- CSSP Analyst: Works with a lot of data to figure out where the risks in an organization occur/could occur and make sure the tracking methods are in place to properly assess an organization.
- CSSP Infrastructure Support: These roles are geared more towards maintaining, creating, and designing the infrastructure and the actual systems of an organization.
- CSSP Incident Responder: Relates to responding to real-time threats to cyber security. This could include recognizing and dealing with potential, current, or past intrusion attempts and assisting with the implementation of counter-measures.
- CSSP Auditor: This person takes charge Risk Management Framework or Security Control Assessment and Authorization (A&A) of management, operational, and technical security controls. They could work on detecting, characterizing, countering and mitigating network and system vulnerabilities and managing security events.
Potential Job Roles: Cybersecurity Policy Analyst, Operations Program Analyst, Cybersecurity Policy Analyst, and more.
Certifications that Qualify: CEH.
Learn Cyber Security Fast at LeaderQuest
Cyber security is a rapidly growing field with a real and present need for more qualified professionals. If you’re thinking about starting a career in cyber security, there’s no need to wait. That’s why LeaderQuest provides 5-10 day classes online, at night, or on campus, to fit any schedule and learning style.
LeaderQuest specializes in cyber security training. We’ll cover everything you need to know to get certified in cyber security and excel during your first day on the job. If you get to a point where things just aren’t sticking, don’t worry! You can resit the course for free anytime you want when you need a refresher.
Join the fight against cyber terror. Contact us today!