The rise in data security breaches at federal agencies and the emergence of new cyberthreats have spurred a major shift in the way many officials train their security and information technology professionals and provide awareness education for workers.

In the past, many agencies did not emphasize making workers more security savvy and keeping security administrators abreast of the latest techniques and technologies to thwart cyberattacks, experts say.

But agencies are revamping or developing new training programs after the 2001 terrorist attacks and the recent incidents of compromised personal data on stolen agency laptop PCs.

“We’ve seen a major cultural shift in the training environment,” said John Mongeon, who leads the government services division at the nonprofit International Information Systems Security Certification Consortium, or (ISC)2.

“Before Sept. 11, security training was on the back burner for most agencies, but now they are trying to get in front” of the security problems, Mongeon said.

That shift has produced a surge in the demand for formal accreditation programs for security professionals, such as the ones run by (ISC)2 and other commercial organizations. Few government chief information security officers (CISOs) don’t have Certified Information Security Systems Professional (CISSP) or similar accreditations on their résumés.

Agencies are also increasingly requiring information technology workers to take training courses in security issues related to their areas of expertise. Although those courses aren’t as intensive as the security professionals’ training, IT employees often need security courses to advance in their careers.

And general security awareness programs, which agencies used to cover in annual half-hour or hour-long auditorium presentations, are becoming year-round, focused affairs.

“Training in awareness has become more specific and granularized and more focused on roles,” said Lynn McNulty, (ISC)2’s director of government affairs. “It’s no longer just a half-hour PowerPoint presentation.”

No government training program is more ambitious than the Defense Department’s. It issued Directive 8570.1 on information assurance workforce training in August 2004. In December 2005, the department approved the directive’s proposal to train and certify at least 80,000 DOD employees in the next four years.

The training will involve all military services and DOD agencies and will include contractors. The goal is to create a cadre of information assurance professionals in technical and management positions who will be closely aligned with the military’s network-centric warfare strategy.