Saturday, June 19, 2010

FSO's Can Conduct Effective NISPOM Annual Security Awareness Training; How To Pass DSS Requirements

My friend took up running a few months ago. He started out with just a short jog, but eventually is running four and a half miles with increasing speed. He challenges himself with each work out, getting better and better. Conversely, I have another friend who runs “Twenty minutes a day”. He gets dressed and plods his 20 minutes until he is done. In this example, both are running, but one is increasing endurance and speed. He’s getting better and more skilled. The other is just maintaining; going through the motions.


 
Our goal as security trainers is to teach cleared employees to protect classified information. We use the National Industrial Security Program Operating Manual Chapter 3 guidance as the standard. As leaders we want to implement and direct security programs that protect classified information as they relate to our cleared facilities. Trainers have two choices:

 
1. Challenge our employees to get better and more effective

 
2. Go through the motions and plod along with the minimum requirements.

 
Choice one is more challenging. It requires research and coordination. The trainer builds upon the foundation of the last training session. They also design each training session to relate to specific contract related tasks. For example, a complete training program can be designed around statements of work and the DD Form 254. Specific training tasks can be designed around Items 10, 11, and 13 of the DD Form 254 as it relates to the Defense Contractors requirements. This choice integrates cleared employee specific performance tasks with the NISPOM requirements of:

Choice two is the easiest. It just requires using the same training year after year and never increasing the skill level. Each year the trainer provides the same information defining the damage resulting from the unauthorized disclosure of Confidential, Secret or Top Secret is disclosed in an unauthorized manner. Training of this type tends to talk down to cleared employees that just may have a great understanding of security requirements. However, instead of providing greater security skill levels, the training never develops past the beginner level. In other words, the initial security training briefing is given year after year. The training just regurgitates NISPOM. It doesn’t provide the cleared employee with how to implement the NISPOM requirements in their day to day work.

 
The danger with this type of training is that the cleared employee may feel professionally insulted. Many have worked on classified contracts for years and have a tremendous understanding of their requirements. As they work on contracts, they gain valuable skills and are regularly challenged to protect classified information in unique and changing environments. They become quickly disheartened by having to attend training that spoon feeds information at a very basic level.

 
While in the Army, we were always trained to take the hard right over the easy wrong. Tough and challenging training takes work. It also may require an FSO to recognize that they are not always the subject matter expert. FSO’s do know NISPOM, but they are not the SME on individual contract requirements. An excellent way to provide training is to recruit trainers from the cleared employee ranks. The FSO can direct the training and the recruited SMEs can help others understand the application to specific contracts.

 
Clearly my friend will continue to train hard and increase his speed and distance. His efforts are concentrated on the training he needs to achieve his goals. FSOs can use the same intense focus to turn their training around. Consider implementing DD Form 254 and contract requirements with NISPOM procedures s to create a better organization of cleared employees capable of protecting classified work.

 

No comments: