LANSING – Cyber jobs are a hot topic right now for most age groups in America. Over the past year, I?ve received many calls from parents with 16 – 18-year-old young adults heading off to community colleges or universities asking for general guidance on cybersecurity careers.
I also get contacted via a social media websites by graduating college seniors, who have a degree in some non-technical field, asking: Is it too late to get into a cyber career path?
Or, calls and emails come in from a mid-career system administrators looking to jump into the hot information assurance field.
I have even fielded questions from 50 or 60-something year old retirees looking for a second career in a cybersecurity role.
And I?m not alone. Information security executives all around country are experiencing the same things.
Typical questions include: Which schools, programs and classes offer the best value for money? What certifications are needed to get into cybersecurity? Are public or private sector jobs best? Or, when will this cyber buzz end?
The last question is the easiest to answer. With global headlines coming out almost daily about data breaches in well-known retailers, and the breach at Sony, I doubt these cybersecurity issues, or cyber jobs, are going away anytime soon.
Add in the Snowden-effect on privacy and the challenges of the insider threat, and the hot cyber job market opportunities often becomes viral.
Background on public versus private sector jobs
But I want to dive deeper into the question of public sector cyber jobs in this blog post. No doubt, there are many public sector cyber jobs that are currently vacant. Why is that?
Getting more personal, should you consider a government cyber job?
The National Security Agency (NSA) is hiring. The US Department of Homeland Security (DHS) is also hiring ? and has been for years.
State and local governments are also trying to attract cyber talent as are cybersecurity firms. At the same time, the private sector is giving cyber experts more respect than ever before.
Bottom line, the competition for senior cyber talent is scorching hot right now. Even when the right experts join government agencies, it?s tough to keep the best in government in the long term. Some are even calling the current cyber vacancy challenge a national workforce crisis.
Seven observations and recommendations
But taking a big step back, I?d like to provide some longer-term perspective to the frontline people who are trying to figure out what to do next for their careers. Speaking as someone who just moved back into the private sector myself last August, after seventeen wonderful years in Michigan State Government, I happen to be an advocate for public sector cyber jobs, especially for those young men and women entering the full-time workforce for the first time.
I started my career at the National Security Agency (NSA) in the 1980s and also worked as a DoD private sector contractor in the UK for almost seven years in the 90s, so I hope that my perspectives will be of some value to those seeking a career in cybersecurity. Here are seven observations, along with a recommendation for each item that you can consider:
1) Cyber jobs are extremely hot at the moment, but the big shortage of senior cyber experts will fade over the next 2-4 years as thousands of new graduates enter the cybersecurity job market and move up the career path quickly to fill holes.
Recommendation: Think of the current situation as similar to hot tech stocks. Stock prices can?t keep going up forever. At some point salaries and opportunities will flatten in the private sector. If you have developed senior cyber skills over the past decade, you could benefit now and consider your private sector options.
2) Entry level cyber jobs are already becoming more competitive, with lots of people (see list above at the beginning of this article) trying to jump into cyber career fields. While it is true that the unemployment rate is near zero for cyber experts, those entering the field with no experience or minimal cyber skills will find it challenging to get noticed.
Recommendation: If you are entering the cybersecurity job market for the first time for an entry level role, get a student job or internship first to gain hands-on skills and experience. It is best to do this while still in school. For others, don?t expect to be ushered into the executive suite right off the bat. Grow you career thoughtfully and slowly.
3) Public sector cyber jobs can have more opportunities to learn, grow and try new things. I have repeatedly heard staff that have worked both government and non-government jobs tell me that public sector cybersecurity roles taught them so much and gave them a great foundation for the long term. Conversely, I have heard many who move into the private sector from government to be disappointed with their lack of responsibilities and scope of duties.
Recommendation: Consider a government job at the local, state or national level as your first (or second) opportunity in cybersecurity. I have no regrets on my many years working technology infrastructure and cybersecurity jobs at the state and federal level. I was given many, many roles and leadership opportunities as a government official that would not have been possible in the private sector until much later in my career.
4) There is no doubt that the private sector pays more than the public sector right now for cyber jobs. Again, the gap is currently largest with senior cyber experts with specific skills as well as the company stock that the private sector companies can offer. However, I think the public sector cyber pay will rise and the private sector pay may even fall a bit over the next 2-3 years ? especially if we have a major stock market correction or more companies lay people off in the private sector.
Recommendation: Remember that government jobs usually often offer more stability, a better career path, better benefits and more time off, etc. For those Gen Y workers thinking about work / life balance, government jobs have a greater flexibility advantage. Government jobs can usually offer a sense of helping society and give meaning to your work in ways that private sector jobs often struggle to provide. My years in government provided a deep sense of satisfaction by helping my local community, state (and other states), nation and even foreign countries improve security and ICT infrastructure.
5) Most successful technology and cybersecurity leaders that I know move back and forth between the public and private sectors. People like Teri Takai, Mark Weatherford, Phyllis Schneck, Howard Schmidt and others have successfully navigated their careers in ways that benefit from a mix of public and private sector service.
Recommendation: Don’t think of this as an “either or” decision. Moving forward, very few people will stay in the same government agency or private sector role for life. The end of defined benefit retirement plans also means the end of golden handcuffs for most people. More and more people look at their careers as a 3-5 year investment in a particular professional situation. So consider starting in a government job that will provide the right skills and experience to build a great career in cyber for the long term. NSA gave me that opportunity, and I am very grateful.
6) While I predict that cyber job opportunities will level off, I also believe that there is no better area than cybersecurity for the long-term, especially if you like computers, math, problem solving or other high-tech topics. Think of long term investing for the future as the model.
Recommendation: Treat your career the same way as your wise investments. Invest in continuing education for life. Build skills that will last.
7) Regardless of what you choose to do for a public or private sector job, give back to the local (and wider industry) community and stay connected with professional associations like ISSA. Also, groups like the Michigan Cyber Civilian Corps and Michigan InfraGard allow you to network with others, build skills and expertise while enhancing your resume and future career prospects.
Recommendation: Wherever you live, look for wider opportunities to get involved. Don?t burn bridges, but grow your social network both online and offline. Attend security conferences and technology events like Secure World Expo at a city near you. You never know where your next job offer will come from.
Wrap-up
There are many studies and reports on the cyber talent shortage. This report from CBS News offers several ideas and other cyber job predictions:
“The difficulty in finding qualified cybersecurity candidates is likely to solve itself, as the supply of cyberprofessionals currently in the educational pipeline increases, and the market reaches a stable, long-run equilibrium,” the report states.
RAND recommends a few things the federal government could do to help:
? Relax some federal hiring rules when hiring hard-to-find cybersecurity experts
? Invest in cybersecurity education programs
? Refine ways to identify non-traditional candidates likely to succeed
? Attract more women into the profession
I think these suggestions are helpful, but I also hope that a wider perspective on the benefits of public service will change attitudes about government cyber jobs for young people.
I wish you all the best in your cyber career.
Dan Lohrmann is Chief Strategist and Chief Security Officer at Security Mentor
