Cyber RAPID Trainer

• Contract period: 4 months
  
• Location: 44 Sydney Avenue Forrest Canberra
  

About the Role:

This request seeks to engage experienced providers who have capability to provide training for Australian Government officials participating in the RAPID teams (the training participants).

Context;

Key stakeholders

Key stakeholders for the development and delivery of this training program will be DFAT s Cyber Affairs and Critical Technology Branch (CYB) and DFAT s Diplomatic Academy. The provider will work with CYB on the design and delivery of the training program over 2024.

Assumptions

Due to the bespoke nature of the training program the training courses should be provided by relevant experts with a proven track record of providing cyber education with consideration of humancentred instructional design and adult learning principles.

Development of training courses and program

The provider will be expected to develop Cyber RAPID training courses program and associated learning materials in February 2024 in consultation with DFAT CYB and alongside DFAT s Diplomatic Academy.

Training should be designed and aimed at an audience of participants with limited or no knowledge of ICT cyber security or incident response concepts or skills. The training should reflect the knowledge skills and attributes required by the target audience (as outlined in either a meeting with CYB or via the Statement of Requirement). Training materials should be professionally designed with adult learning principles in mind and remain the property of DFAT. Soft copies should be provided to CYB. The training will be scheduled via the DFAT learning management system and in line with the Diplomatic Academy s evaluation framework a survey will be conducted post course. This will be to receive participant feedback to evaluate and improve the training for future participants.

DFAT s Diplomatic Academy will provide diplomatic skills and intercultural Pacific awareness courses to the same participants.

The training courses program and associated materials must be accepted by DFAT CYB prior to the delivery of training. It is anticipated that the training will be delivered face to face in the Diplomatic Academy premises and materials could include but not limited to: PowerPoint deck participant workbook facilitator notes resources or handouts. The materials should be designed in an accessible format and meet government guidelines on WCAG compliance.

Training delivery

At minimum training should comprise of the following courses that will form a training program for the participants:

1. Cyber concepts and threat landscape

2. Cyber incident response fundamentals

3. Open source and dark web

Content within the training program should include realistic and practical examples to equip participants with an understanding of what happens before during and after a cyber security incident and the roles and responsibilities of government industry and the general public. The training must cover both theoretical content and practical incident response simulations including communication strategies between government industry and the general public.

The provider should raise participant awareness of relevant standards such as the Australian Cyber Security Centre (ACSC) Ransomware Emergency Response Guide and the Quad Cybersecurity Partnership: Joint Principles for Secure Software.

The provider will as part of the training courses hold an incident response simulation. The simulation should comprise of scenarios and activities that encourage active participation and learning.

The training program should have content for 10 days of training delivered over a period of 2 to 4 weeks. The provider will deliver training to two cohorts with an option for a third cohort at the discretion of DFAT (total of approximately 40 participants) over the following periods:

• Cohort 1 (approximately 8 participants): March 2024
  
• Cohort 2 (approximately 16 participants): April 2024
  
• Cohort 3 (approximately 16 participants): June 2024 (optional at the discretional of DFAT)
  
  

Training will be delivered to participants at the Diplomatic Academy (44 Sydney Avenue Forrest Canberra Australia) with flexibility for online training if necessary.

Participants will be permitted to distribute training materials with other government officials from their agency who could not attend the training.

The buyer may accept or reject any recommended deliverables in accordance with the Master Agreement.

Delivery Milestones

Milestone Description

Due Date

Initial meeting with DFAT CYB Diplomatic Academy

February/March 2024

Develop training courses and program and associated materials

March 2024

DFAT agreement to training courses and program

March 2024

Cohort 1 (pilot) training

March 2024

Cohort 1 (pilot) evaluation meeting

March 2024

Cohort 2 training

April 2024

Cohort 2 evaluation meeting

April 2024

Cohort 3 training

June 2024

Cohort 3 evaluation meeting

June 2024

Project Completion Report

Upon completion

The provider may propose an alternate timeline with justification if required.

Requirements

1. Capability

The provider will have the technical capability to deliver cyber security training with both theoretical content and practical incident response simulations including communication strategies between government industry and the general public. The training will help participants understand what happens before during and after a cyber security incident and the roles and responsibilities of government industry and the general public.

The provider will have the capability to customise training to the needs of DFAT and participants and adapt the program for later cohorts based on feedback from the first cohort.

2. Capacity

a. Resourcing requirements

The provider will have trainers for each course module available during the specified dates. DFAT will organise a facility for training delivery.

b. Experience

The provider should to best extent provide DFAT with examples of past cyber education training and participant feedback to demonstrate a proven track record of training excellence.

c. Expertise

The provider should to best extent provide DFAT with resum s for proposed personnel delivering the training courses.

a. Standards

The provider will abide by relevant industry standards Australian Standards and international standards and relevant Australian Government legislation including local laws and regulations.

The provider must comply with DFAT policies and procedures as outlined on the DFAT website.

b. Security Requirements

The provider must adhere to DFAT s Cyber Security Requirements through design development and delivery of training products and materials complying with Australian Cyber Security Centre Essential 8 at the required maturity level under PSPF Policy 10.

The provider to undertake an initial and ongoing review at DFAT s request a review of their Cyber Security Supply Chain and associated risks in accordance to DFAT s Cyber Security requirements.

The provider will abide by any Australian Government security requirements for the duration of the program including personnel security information security physical security and operational security.

c. Governance

The Provider to manage stakeholder expectations for reporting and performance of training program providing regular updates and program management as required.

d. Work Health and Safety