Key Takeaways
- Counties across Maryland are confronting a rising tide of cyber threats aimed at disrupting local government operations and compromising sensitive public data.
- Effective cybersecurity defense now hinges not only on technology but also on a skilled, continuously trained workforce.
- BCR Cyber’s new COMET (Cybersecurity Operational Methods and Education Training) cohort offers free, hands‑on training for Maryland state and local government employees, funded by the Maryland Department of Labor’s EARN program.
- The program provides two distinct tracks—Incumbent Training and Advanced Incumbent Training—tailored to different experience levels and career goals.
- Participants receive live, remote instruction during regular business hours, earn practical experience through cyber‑range simulations, and, in the advanced track, a certification validating readiness for Governance, Risk, and Compliance (GRC) roles.
- Applications are open until May 6, with the cohort running from May 18 to June 23; interested employees should secure supervisor approval and apply via the BCR Cyber website.
Overview of Cybersecurity Threats Facing Counties
Local governments have become attractive targets for cyber‑adversaries seeking to disrupt essential services, exfiltrate personal data, or ransom critical infrastructure. Counties, which manage everything from election systems and public health records to water utilities and emergency response networks, often operate with limited IT budgets and legacy systems that can be exploited. Recent incidents nationwide have shown ransomware attacks locking down court files, phishing campaigns compromising employee credentials, and supply‑chain vulnerabilities exposing municipal software. As threat actors refine their tactics—leveraging artificial intelligence to automate reconnaissance and evade detection—the pressure on county IT teams to stay ahead of evolving risks intensifies. Consequently, bolstering cybersecurity posture is no longer optional; it is a fundamental responsibility of public stewardship that directly impacts community safety and trust.
The Role of Workforce Development in Cyber Resilience
Technology solutions alone cannot guarantee protection; the human element remains both the weakest link and the greatest asset in cybersecurity. Skilled personnel who can detect anomalies, respond swiftly to incidents, and maintain robust governance frameworks are essential for reducing dwell time and mitigating damage. Workforce development initiatives that provide up‑to‑date knowledge, practical skills, and certifications enable employees to adapt to new threats, implement best practices, and foster a culture of security awareness throughout the organization. For counties, investing in staff training translates into fewer successful attacks, quicker recovery when breaches occur, and better compliance with state and federal mandates. Recognizing this, the Maryland Department of Labor has prioritized funding for programs that strengthen the cyber‑capable workforce across public sectors.
Introduction to the COMET Program
In response to the growing need for trained cybersecurity professionals within government, BCR Cyber has launched the next cohort of its Cybersecurity Operational Methods and Education Training (COMET) initiative. The program is specifically designed for Maryland state and local government employees who seek to deepen their technical expertise and operational readiness. Funded entirely through the Maryland Department of Labor’s Employment Advancement Right Now (EARN) grant, COMET removes financial barriers that often prevent public‑sector staff from accessing high‑quality training. By delivering the curriculum at no cost to participants or their agencies, the program supports broader workforce development goals while enhancing the cybersecurity resilience of Maryland’s local governments.
Structure and Delivery Format
COMET employs a live, remote instruction model that mirrors a traditional classroom experience while offering the flexibility needed by working professionals. Sessions are scheduled during weekday business hours, allowing employees to attend without disrupting essential duties, provided they obtain supervisor approval. This format encourages real‑time interaction with instructors, immediate feedback on labs and exercises, and peer collaboration across different jurisdictions. The remote delivery also ensures that employees from rural or underserved counties can participate on an equal footing with those in larger metropolitan areas, promoting equitable access to advanced cybersecurity education.
Core Curriculum Areas
The COMET curriculum covers four foundational domains that are critical for effective cybersecurity operations in a government context. First, security operations fundamentals introduce participants to monitoring, incident detection, and basic response procedures. Second, cyber range simulations provide immersive, hands‑on experience where learners confront realistic attack scenarios—such as ransomware infections, credential‑theft attempts, and network‑intrusion attempts—in a controlled environment. Third, artificial intelligence applications in cybersecurity explore how machine learning can augment threat intelligence, automate anomaly detection, and improve decision‑making speed. Fourth, governance, risk, and compliance (GRC) principles cover policy development, risk assessment methodologies, regulatory requirements (including state‑specific statutes), and audit practices. Together, these areas equip trainees with both the technical know‑how and the strategic perspective needed to safeguard county assets.
Training Tracks: Incumbent vs. Advanced Incumbent
To accommodate varying levels of prior experience, COMET offers two distinct five‑week tracks. The Incumbent Training track targets employees with at least one year of IT or cybersecurity exposure. It builds core competencies in IT fundamentals, security operations, and introductory AI concepts, laying a solid groundwork for further specialization. The Advanced Incumbent Training track is designed for those seeking deeper expertise in governance, risk, and compliance. This intensive track includes a dedicated cyber‑range practicum that simulates complex, multi‑stage attacks, requiring participants to apply GRC frameworks while managing incidents. Upon successful completion, advanced track participants earn a certification that validates their readiness for GRC‑related roles such as compliance officer, risk analyst, or security policy manager within government agencies. Both tracks emphasize practical application, ensuring that learners can translate classroom knowledge into immediate workplace improvements.
Funding, Accessibility, and Budget Impact
Because the COMET program is fully funded by the EARN grant, there is no tuition cost to participants or their respective counties. This eliminates a common barrier that prevents public‑sector employees from pursuing professional development, especially in jurisdictions where training budgets are tightly constrained. By covering instructional fees, materials, and access to the cyber‑range platform, the grant enables counties to upskill their workforce without diverting funds from essential services or infrastructure projects. Moreover, the remote delivery model reduces ancillary expenses such as travel and accommodation, further lessening the fiscal impact. The result is a cost‑effective pathway for counties to strengthen their cyber defenses while adhering to responsible budget management.
Eligibility, Application Process, and Timeline
Eligibility is limited to Maryland state and local government employees who have secured supervisor approval to participate during work hours. Prospective applicants must submit their applications by May 6 to be considered for the cohort that runs from May 18 through June 23. The application portal is hosted on the BCR Cyber website at https://bcrcyber.com/comet/cohort, where interested staff can find detailed instructions, required documentation, and contact information for program coordinators. Given the program’s popularity and limited seats, early submission is encouraged. Successful candidates will receive confirmation, access to the virtual learning platform, and a schedule of live sessions prior to the start date.
Anticipated Outcomes for Participating Counties
Counties that send employees through COMET can expect several tangible benefits. First, trained staff will be capable of operating security‑monitoring tools more effectively, reducing the time to detect and contain threats. Second, hands‑on cyber‑range experience translates into improved incident‑response playbooks, fostering quicker recovery and less downtime for critical services. Third, exposure to AI‑driven security techniques prepares agencies to adopt emerging technologies responsibly, keeping pace with adversary innovations. Fourth, participants in the advanced track will bring certified GRC expertise, helping counties develop robust policies, conduct risk assessments, and meet compliance obligations—thereby lowering the likelihood of penalties or audit findings. Ultimately, a better‑prepared workforce contributes to a stronger overall cybersecurity posture, enhancing public confidence in county government’s ability to protect data and maintain uninterrupted services.
Conclusion
The launch of the COMET cohort represents a strategic investment in Maryland’s human cybersecurity capital. By delivering free, high‑quality, hands‑on training to state and local government employees, BCR Cyber and the Maryland Department of Labor address a pressing need: equipping the public‑sector workforce with the skills to defend against an ever‑evolving threat landscape. Counties that take advantage of this opportunity will not only bolster their technical defenses but also cultivate a culture of continuous learning and resilience—key ingredients for safeguarding the communities they serve in an increasingly digital world.