When you think of “hackers,” the first image that comes to mind is probably that of a young computer-smart criminal working in a basement somewhere to gain access to private networks and data without authorization. You probably don’t think about hackers collecting a paycheck from a major company like Lockheed Martin, Boeing, or Raytheon — and you certainly don’t expect that they would be working for the federal government.
Yet Uncle Sam is in fact looking to hire hackers. So-called “white hat” hackers, who use their skills legally to identify and solve security problems (as opposed to “black hat” hackers who engage in criminal activity) are in high demand. Government networks are under near constant attack from hackers, ranging from minor criminals who just want to see how far they can go to nefarious foreign operatives who want to harm our national security, and agencies including the FBI, NSA, and CIA believe that hackers can help build our defenses against these criminals.
The problem, though, is that finding, hiring, and training qualified hackers is easier said than done. Hackers know that the jobs are there, but they aren’t always enthusiastic about taking them.
Why It’s So Hard to Hire Hackers
The fact that the government is having so much trouble hiring hackers to help secure the nation’s networks is mystifying to many. After all, who wouldn’t want to have free rein to hack, without getting in trouble with the law? The thing is it’s not quite that simple. There are a number of barriers that the government has to overcome in order to hire hackers. Among them:
Competition From Private Industry. The feds aren’t the only ones who want to tap into hackers’ knowledge to ensure cybersecurity. Businesses, from large companies with extensive, complex networks to developers of cybersecurity products are eager to hire experienced hackers who can provide an insider’s view and identify weaknesses. To do so, they are dangling a very appealing carrot in front of the hackers: huge salaries. The average cybersecurity professional earns between $80,000 and $100,000 per year, but some private companies are offering nearly double that to attract the best and brightest talent. The government simply cannot afford to offer equivalent paychecks, although they can offer benefits that private industry cannot always give, including a higher degree of job security and access to the most advanced tools and equipment.
Hiring Standards. Anyone who works for the federal government must have security clearance, and meet the minimum standards of employment. This usually means a squeaky clean criminal record, clean drug screenings, and residency in the U.S. for at least five years, among other standards. Unfortunately, many people with adequate skills and experience don’t meet all of the criteria for government employments. Many people with high level skills, for example, are from overseas, which creates an automatic five-year waiting period to even apply for jobs.
Hacker Culture and the Government Don’t Always Mix. The fact is many people with the skills that the government is seeking aren’t enthusiastic about working for Uncle Sam. They don’t want to work in such a conservative, rule-and-procedure driven environment as the government, or deal with complex layers of bureaucracy.
And while by no means are all cybersecurity experts drug users, the FBI notes that the prevalence of marijuana usage among the hackers with the skills they need is hampering their efforts to hire the best talent. The FBI currently has a policy banning the use of marijuana for three years before applying for a job (a requirement that’s admittedly difficult to enforce) leading many talented individuals to take their skills elsewhere — including private companies that don’t have such restrictions.
Getting the Hackers Hired
Given that hackers are proving invaluable to cybersecurity efforts, there’s been a lot of talk recently about what the government can do to attract more of them to government work. According to one report, relaxing hiring rules (i.e., reviewing applicants on a case-by-case basis, and removing blanket restrictions on drug use or previous run-ins with the law) is one way to fill some of the highest-priority positions, but there is justifiably some concern about entrusting national security to those who would not be granted security clearance under normal circumstances.
Other options for increasing the number of cybersecurity professionals in government that have been mentioned include investing in more education and providing more funding to those who do enroll in security education programs and doing more to attract women to the field. Some caution, though, that the labor market for hackers will even out in time, thanks to the increased number of people enrolling in post-secondary education programs, and that the feds shouldn’t compromise standards to meet the needs now. Either way, white hat hackers with top-notch skills and solid reputations be warned: the government is looking for you.