by Mathew Schwartz
You’ve probably heard the government is facing a shortage of information security – or as the Feds always say, "cybersecurity" – talent, leaving the nation vulnerable to online attacks. Here’s some details.
"There are about 1,000 security people in the U.S. who have the specialized security skills to operate effectively in cyberspace. We need 10,000 to 30,000," says Jim Gosler, a fellow at Sandia National Laboratories who was the founding director of the CIA’s clandestine information technology office.
Part of the problem is the dearth of truly technical security certifications. For example, a cybersecurity study from the Center for Strategic and International Studies found that "the current professional certification regime is not merely inadequate; It creates a dangerously false sense of security" because many certifications emphasize complying with checklists, rather than directly safeguarding networks or knowing how to rip apart malware and build better defenses.
Hence the clear and present government job opportunity: To be one of these in-demand technical security experts. But whether you’re mid-career or just starting out, how do you get the advanced technical skills required while navigating the "black hole" of government hiring, to land one of these cybersecurity positions?
Hobnob with a TLA
Provided you’re a U.S. citizen, perhaps the most direct route to landing a cybersecurity job, especially at a TLA (three-letter acronym) agency - CIA, DHS, NSA - is to get either an undergraduate or graduate-level information security degree. Consider attending a program at a university on the National Science Foundation’s federally funded research and development center list, since out of the gate, they’ve got government ties and will regularly draw government recruiters.
Trade a Free Ride for Two Years’ Work
Likewise, 29 institutions - some also on the FFRDC list - participate in the NSF’s Scholarship For Service grant program.
First, you work in security for the federal, state or local government, or at Lincoln Laboratory (part of MIT), MITRE Corp. or Sandia – all of which offer private-sector-level pay - for two years. Then you complete a one-month (paid) government summer internship after your first year of graduate school. SFS provides full tuition reimbursement, a generous monthly stipend and a fast-track to government employment.
Furthermore, most SFS participants have a job offer in hand by the fall of their second year, which means that if they ace their background check - getting a "top secret" clearance, required for most Pentagon cybersecurity work, which can take six to nine months - they start work upon graduation.
"Those students, obviously, don’t have a very difficult time getting a federal job, because one, they have to, and two, there are a lot of mechanisms in place, such as job fairs," says Jennifer Burkett, director of career services and external relations at Carnegie Mellon University in Pittsburgh, which offers a master’s degree in information security and is part of the SFS grant program.
Degree programs aside, what else can give you an edge? Burkett recommends networking as much as possible, perhaps with college alumni, so you’re not just firing resumes into the ether. Government internships help, too.
Jobs with Benefits
Must government cybersecurity job holders swap higher pay for prestige, personal satisfaction or patriotism? In fact, the pay can be relatively good - generally within $5,000 to $10,000 of what private-sector companies pay, reports Burkett.
The benefits are also good, including the workday. "I guarantee that if you work for the government, you’re not working as many hours as on Wall Street, or professional services," says Lee Kushner, president of LJ Kushner & Associates, an information security recruitment firm in Freehold, N.J., that conducts an annual salary survey.
Cracking the Government Code
But landing a government cybersecurity job can be a daunting process. "There are a lot of young people or people with these (required) skills who would like to work with the government, but their resumes go into a black hole," says Kushner. Aside from a form e-mail, they may never hear back.
But with the current cybersecurity worker shortfall, expect to see changes, and soon.
"Everyone knows their machines are being attacked constantly at the federal and commercial level, and they realize they need to bump up the resources, and they realize that’s going to take real money, not happy talk," says Phil Lieberman, CEO of Lieberman Software in Los Angles. He’s been participating in the current congressional efforts to craft a new cybersecurity bill, which may pass as soon as September.
Interestingly, "the evolving cybersecurity bills have language to provide more flexible incentives to recruit more people to this field," says Lieberman. That’s because when it come to what the government must do next to improve national cybersecurity, there’s no mystery.
"Hiring smart and adaptable people will always be the best cybersecurity defense," he says.
Mathew Schwartz is a freelance writer based in Pennsylvania.