Cybersecurity jobs pay well in the private sector, which makes government recruiting difficult. By Alexander’s estimate, a company such as Google can pay a job candidate twice what he can. According to ClearanceJobs.com’s survey this year of people with security clearances, 22 percent work on cybersecurity initiatives and their pay is $101,198, well above the average.
Another problem is that some of the best candidates lack the squeaky-clean backgrounds usually needed to get a security clearance — many are self-taught hackers who have been “doing things that are shady at best and not legal at worst,” said Evan Lesser, managing director of ClearanceJobs.com.
At the same time, U.S. universities struggle to keep their curriculums current in a fast-changing threat environment, Lesser said. Paller noted that other countries, such as China, have been churning out talented cyber-warriors.
The Pain of Sequester
The current budget crunch comes at a particularly difficult time for agencies trying to staff up. “What we’re getting from some of our people, especially those who come from industry, they already take a pay cut coming to the government, and they do this because they’re patriots,” Alexander said. “The issue is they’re taking the pay cut and now we’re saying, ‘Well, you might get a pay cut again and this pay cut will be furlough, and we’re not sure how that’s gonna go or where that’s going to be.’ That uncertainty is something that truly complicates their willingness to stay with us.”
Rhode Island Rep. Jim Langevin, the top Democrat on the subcommittee that heard from Alexander, said, “DOD cyber-operations are quite literally a growth business, and it’s one of the rare portions of the DOD that will be growing indefinitely into the future.”
But the sequester, Alexander said, is another matter. Langevin said that developing the workforce is “very high on my list” of cybersecurity issues he wants Congress to address.
The House Science, Space and Technology Committee has taken one step in that direction. It approved a bill (HR 756) last week that authorizes university scholarships in exchange for federal government service and creates a task force to improve the training of cybersecurity professionals.
Top senators also have signaled that bolstering the cybersecurity workforce will be a big priority. Senate Commerce Chairman Jay Rockefeller, D-W.Va., last week said that one of the reasons the Senate needs to act on a comprehensive bill rather than focusing on passing a threat information sharing bill (HR 624) like the one in the House is because that bill “doesn’t have much about workforce.”
New Homeland Security and Governmental Affairs Chairman Thomas R. Carper, D-Del., was in charge of writing the section of last year’s failed comprehensive Senate cybersecurity legislation aimed at boosting the cybersecurity workforce.
That measure also had a scholarship-for-service provision, mandated an education curriculum program for federal cybersecurity employees and required the departments of Commerce and Homeland Security to develop national competitions aimed at ferreting out cybersecurity talent.
Even though President Barack Obama signed an executive order on cybersecurity in lieu of legislation passing in Congress, the administration is asking Congress for a few more things.