Cybersecurity Training

Practical and engaging hands-on training that meets AFMAN 17-1303 requirements

New Air Force Guidance

Recent updates to Air Force AFMAN 17-1303 outline that all civilian, military, and contractors performing in a software developer/engineer/programmer role require 40 hours of annual cybersecurity training:

3.2.12.1.2.1. Civilian/Military will complete 40 training hours. This training must include elements of cybersecurity as well as programming/software language. The Program Management Office/unit has the flexibility to define training content/topics.

Examples of acceptable training: formal, computer based training, web-based, and classroom instruction (T-3).

NOTE: Cybersecurity training must be in addition to annual cybersecurity user awareness training. Suggested cybersecurity training topics: cybersecurity principles, cyber threats and vulnerabilities, or secure coding practices.
...
...
3.2.12.2.2. Remaining Software Development Roles:

Effective 1 March 2020, the requirements documents, Performance Work Statement, or Statements of Work for all new contracts, modified contracts, and contracts beginning with a new option year must include the following stipulations for all contractors performing in a software developer/engineer/programmer role, but not in a senior software development role as described in Paragraph 3.2.12.1.1:

3.2.12.2.2.1. Contractors will complete 40 training hours. This training must include elements of cybersecurity and a programming/software language. Cybersecurity training must be in addition to annual cybersecurity user awareness training. The PMO/unit has the flexibility to decide training content/topics. Suggested cybersecurity topics: cybersecurity principles, cyber threats and vulnerabilities or secure coding. Examples of acceptable training: formal, computer based training, web-based, and classroom instruction

Compliance doesn't have to be boring

The requirements to meet the 40hrs of training are not very descriptive, and ultimately it looks like it will be up to your local IA team as to what they will accept as valid training for now. But rather than subject your team to a week of dry videos and slide decks as merely a means to check a box, why not make it fun, engaging, and valuable to your unit? Shyft's CISSP and CSSLP certified staff has put together a training program that ensures students get to apply hands-on practice to what they learn during their training. Utilizing a cloud-based training environment, students will get to build their own servers, networks, and software in addition to performing analysis on training projects with intentional vulnerabilities for them to discover and remedy. Students will get exposure to a wide-variety of technologies including:

  • Linux (RHEL) Servers
  • Windows Servers
  • HTTPS/TLS
  • SSL
  • Apache
  • SQL
  • JavaScript
  • Java
  • C#
  • Python
  • AWS GovCloud