For two decades, the Department of Defense (DoD) ran its cyber workforce on a certification checklist. DoD 8570.01-M told a sailor in a network operations center that a CompTIA Security+ certificate was a green light; a CISSP was a higher tier; the matrix was static and the audit was binary. That regime ended on February 15, 2023, when the DoD issued DoD Manual 8140.03, “Cyberspace Workforce Qualification and Management Program,” replacing 8570 with a competency-based framework anchored in the NICE Workforce Framework for Cybersecurity (NIST SP 800-181 Rev 1). The shift matters because it turned cyber hiring into a multi-axis problem: a work role, a tier, a documented set of qualifications, and a cleared candidate willing to prove all three under a clock that runs months from the day they enter a covered position.

For anyone hunting a Top Secret / Sensitive Compartmented Information (TS/SCI) cyber billet — at the National Security Agency (NSA), United States Cyber Command (USCYBERCOM), the Defense Information Systems Agency (DISA), or one of the service cyber components like U.S. Army Cyber Command (ARCYBER) or U.S. Fleet Cyber Command (FLTCYBER) , 8140 is the framework that decides whether a résumé reaches a hiring manager or stops at a 4,716-page qualification matrix. “All the technology in the world is nothing without people,” then-DoD Chief Information Officer John Sherman said in February 2023 remarks the day the framework was issued. This guide breaks down DoDM 8140.03 in plain English, the seven cyber workforce elements, the three qualification tiers, the certifications that actually count under the new rules, and the deadlines a candidate now has to plan around.

Read on CyberSecJobs »