Back to top

A call to action for the cybersecurity industry, government and academia: DoD 8140 changes

The Department of Defense (DoD) 8140 directive is ushering in a new era for cybersecurity workforce development — a necessary and overdue shift to address the growing complexity of cyber threats and critical need for a skilled, qualified workforce. These changes will reshape how organizations across the defense community prepare, train, and manage their cybersecurity professionals. 

As a company committed to building the future of the cybersecurity workforce, we are taking deliberate steps to address the challenges posed by DoD 8140. But we can’t do this alone. 

A professional headshot of Lynsey Caldwell

This is a call to action for government agencies, defense contractors, academia, and the broader cybersecurity industry to come together, adapt, and collaborate to support readiness for this transformational shift to a data maturity roadmap that is driving the DoD toward enterprise workforce analytics.

Lynsey Caldwell
Cybersecurity Workforce Program Director

Aligning the workforce to three distinct proficiency levels (basic, intermediate, and advanced) — each with their own training, certification, degree and work experience requirements — is a complex and multifaceted challenge. Beyond simply meeting these requirements, organizations must implement a continuous planning and assessment process to ensure that labor systems are equipped to track, manage, and maintain these critical qualifications over time. Certifications support work role validation, and training validates learning, and certification renewal keeps skills current. This ongoing effort is essential to maintaining workforce readiness and ensuring long-term compliance with DoD 8140 standards.

Why DoD 8140 matters — and why inaction is risky

DoD 8140 updates the way cybersecurity roles are defined, certified, and managed across the Department of Defense. It builds upon the DoD Cyber Workforce Framework (DCWF), creating a standardized structure that is designed to help all cybersecurity professionals have the skills and qualifications required to protect our most critical systems and establishes baseline standards. 

However, these changes are not without challenges. Failing to act in response to DoD 8140 could result in serious consequences for organizations, including:

  1. Compliance failures: Organizations that do not meet the directive’s requirements risk losing contracts, funding, and their ability to operate within the defense ecosystem. Organizations need to be able to answer data analytics questions like the percentage of qualified personnel they have. The goal is not just to collect data but to turn that data into actionable insights that:
    • Identify areas of non-compliance and prioritize actions to address them.
    • Improve the efficiency and effectiveness of workforce training programs.
    • Ensure that employees are fully prepared to meet the demands of their roles under DoD 8140.
    • Build a sustainable, scalable workforce development strategy that supports mission success.
  2. Mission readiness risks: Without a skilled and qualified workforce, organizations will find themselves unprepared to defend against advanced cyber threats, putting both missions and national security at risk.
  3. The growing skills gap: The cybersecurity workforce shortage is already a pressing issue. Without proactive planning, the gap between workforce demand and supply will only widen, leaving critical vulnerabilities exposed.
  4. Increased costs: Delaying action now will only lead to more expensive, reactive measures later, including rushed certifications, training under unrealistic deadlines, and workforce attrition.
Our commitment to addressing DoD 8140 challenges

At Leidos, we recognize that the DoD 8140 directive is not just a compliance requirement — it’s an opportunity. It’s a chance to redefine how we train, develop, and manage cybersecurity professionals across the defense community. That’s why we are developing comprehensive plans and solutions to align with these new standards while addressing the broader challenges of workforce readiness and the skills gap. 

Here’s how we’re preparing — and how we can help the broader cybersecurity community prepare:

  1. Conducting workforce assessments through a skills inventory tool
    Understanding your workforce’s current capabilities is the first step to bridging the skills gap. Our skills inventory assessment tool evaluates the skills employees already have against the competencies required by DoD 8140. This allows organizations to define clear pathways for each individual, helping them move from their current state to full compliance. By leveraging this data-driven approach, we can build a roadmap for success.
  2. Defining pathways to technical competency
    As part of our strategic workforce development efforts, we are creating clear, structured pathways for employees to achieve technical competency. These pathways are designed to align with the DCWF, ensuring each role is mapped to the appropriate certifications, training, and skills development. This structured approach not only simplifies compliance, but also helps employees gain the knowledge and experience required to succeed in their roles.
  3. Building robust, role-specific training programs
    We understand that workforce training cannot be one-size-fits-all. That’s why we’re developing customized training programs to meet the specific needs of each role within the DCWF. These programs are designed to align with employees’ unique learning styles and career goals while addressing both individual skill gaps and organizational requirements. From certification preparation to hands-on technical training, we provide a comprehensive approach to workforce development.
  4. Leveraging an integrated learning management system (LMS)
    Managing the alignment of a workforce to three distinct proficiency levels (basic, intermediate, and advanced) — each with unique training and certification requirements — is no small task. That’s where an integrated LMS becomes invaluable. By serving as a centralized platform for managing, delivering, and tracking training activities, an LMS enables organizations to monitor workforce readiness in real time. Features, like automated reporting, progress tracking, and skills gap analysis, support consistent alignment with DoD 8140 requirements. Additionally, an LMS supports role-specific learning pathways, making it easier for employees to navigate their journey toward technical competency while supporting the organization’s compliance with the directive.
  5. Partnering with leading learning vendors
    To complement the capabilities of an LMS, strategic partnerships with learning vendors are equally critical. DoD approved training and certification providers bring access to expert-developed training content, certification preparation resources, and immersive hands-on labs tailored to the unique needs of the DCWF. By partnering with learning vendors that understand the DCWF framework mapping and have mapped their learning accordingly, it can help organizations speed-up their own mapping process and future-proof their workforce development strategies.
  6. Collaborating across the ecosystem
    Preparing for DoD 8140 is not just the responsibility of individual organizations — it’s a shared challenge that requires collaboration across the cybersecurity ecosystem. We are working with government agencies, defense contractors, and academic institutions to create partnerships that enhance workforce training, close the skills gap, and build a sustainable talent pipeline. Together, we can ensure the readiness of the cybersecurity workforce for years to come.
  7. Empowering Tomorrow: Strategic Technology and Workforce Development
    Leidos is also investing in the future through its Cyber Accelerator by anticipating future technology needs and requirements. By strategically investing in emerging technologies and cultivating a culture of continuous learning, we empower our workforce to stay ahead of industry trends. Through enterprise-wide training, discussion forums, and rotational opportunities, we provide the next generation of cyber professionals with hands-on experience to upskill and engage with cutting-edge technologies. This proactive approach will aim to ensure our team is equipped to navigate and leverage the evolving technological landscape.
A call to action for the cybersecurity community

The DoD 8140 directive represents a pivotal moment for the cybersecurity industry. It’s more than a regulatory update — it’s a chance to address the growing workforce shortage, modernize training, and development practices, and build a workforce that is ready to defend against the cyber threats of today and tomorrow.

The consequences of inaction are too great. Failing to prepare will mean falling behind in a world where cyber threats are growing more sophisticated by the day. By acting decisively, we can turn the challenges of DoD 8140 into opportunities for growth, innovation, and enhanced national security.

Learn more at leidos.com/cyber

Author
A professional headshot of Lynsey Caldwell
Lynsey Caldwell Cybersecurity Workforce Program Director

Lynsey Caldwell is the Cybersecurity Workforce Program Director for the National Security Sector at Leidos, where she leads initiatives to cultivate a highly skilled and diverse cyber workforce. With a background in IT and systems engineering, Lynsey combines her technical expertise with a passion for workforce development, focusing on empowering individuals and breaking down barriers to entry in cybersecurity. Her innovative programs and thought leadership have influenced national strategies, including collaborations with the White House, to promote skills-based hiring and create accessible career pathways. Lynsey is dedicated to shaping the future of cybersecurity by fostering curiosity, collaboration, and resilience in the next generation of professionals.

Posted

June 9, 2025

ESTIMATED READ TIME

Author
Lynsey Caldwell

Tags

Article
Cyber
Digital Modernization