Cyber jobs are a hot topic right now for most age groups in America. Over the past year, I’ve received dozens of calls from parents with 16 - 18-year-old children heading off to community colleges or universities asking for general guidance on cybersecurity careers.
I also get contacted via a social media websites by graduating college seniors, who have a degree in some non-technical field, asking: Is it too late to get into a cyber career path?
Or, calls and emails come in from a mid-career system administrators looking to jump into the hot information assurance field.
I have even fielded questions from 50 or 60-something retirees looking for a second career in a cybersecurity role.
And I’m not alone. Information security executives all around country are experiencing the same things.
Typical questions include: Which schools, programs and classes offer the best value for money? What certifications are needed to get into cybersecurity? Are public or private sector jobs best? Or, when will this cyber buzz end?
The last question is the easiest to answer. With global headlines coming out almost daily about data breaches in well-known retailers, and the latest breach affecting billions of records, I doubt these cybersecurity issues, or cyber jobs, are going away anytime soon.
Background on public versus private sector jobs
But I want to dive deeper into the question of public sector cyber jobs in this blog post. No doubt, there are many public sector cyber jobs that are currently vacant. Why?
Getting more personal, should you consider a government cyber job?
State and local governments are also trying to attract cyber talent and also cybersecurity firms.
At the same time, the private sector is giving cyber experts more respect than ever before.
Bottom line, the competition for senior cyber talent is scorching hot right now. Even when the right experts join government agencies, it’s tough to keep the best in government in the long term. Some are even calling the current cyber vacancy challenge a national workforce crisis.
Seven observations and recommendations
But taking a big step back, I’d like to provide some longer-term perspective to the frontline people who are trying to figure out what to do next for their careers. Speaking as someone who just moved back into the private sector myself, after seventeen wonderful years in Michigan State Government, I happen to be an advocate for public service cyber jobs, especially for those young men and women entering the workforce for the first time.
I started my career at the National Security Agency (NSA) in the 1980s and also worked as a DoD private sector contractor in the UK for almost seven years in the 90s, so I hope that my perspectives will be of some value to those seeking a career in cybersecurity. Here are seven observations, along with a recommendation for each item that you can consider:
1) Cyber jobs are extremely hot at the moment, but the big shortage of senior cyber experts will fade over the next 2-4 years as thousands of new graduates enter the cybersecurity job market and move up the career path quickly to fill holes. [Recommendation: Think of the current situation as similar to hot tech stocks. Stock prices can’t keep going up forever. At some point salaries and opportunities will flatten in the private sector. If you have developed senior cyber skills over the past decade, you could benefit now and consider your private sector options.]
2) Entry level cyber jobs are already becoming more competitive in the summer of 2014, with lots of people (see list above at the beginning of this article) trying to jump into cyber career fields. While it is true that the unemployment rate is near zero for cyber experts, those entering the field with no experience or minimal cyber skills will find it challenging to get noticed. [Recommendation: If you are entering the cybersecurity job market for the first time for an entry level role, get a student job or internship first to gain hands-on skills and experience. It is best to do this while still in school. For others, don’t expect to be ushered into the executive suite right off the bat. Grow you career thoughtfully and slowly.]
3) Public sector cyber jobs can have more opportunities to learn, grow and try new things. I have repeatedly heard staff that have worked both government and non-government jobs tell me that public sector cyber jobs taught them so much and gave them a great foundation for the long term. Conversely, I have heard many who move into the private sector from government to be disappointed with their lack of responsibilities and scope of duties. [Recommendation: Consider a government job at the local, state or national level as your first (or second) opportunity in cybersecurity. I have no regrets on my many years working technology infrastructure and cybersecurity jobs at the state and federal level. I was given many, many roles and leadership opportunities as a government official that would not have been possible in the private sector until much later in my career.]
4) There is no doubt that the private sector pays more than the public sector right now for cyber jobs. Again, the gap is currently largest with senior cyber experts with specific skills as well as the company stock that the private sector companies can offer. However, I think the public sector cyber pay will rise and the private sector pay may even fall a bit over the next 2-3 years – especially if we have a major stock market correction and more companies lay people off in the private sector. [Recommendation: Remember that government jobs usually often offer more stability, a better career path, better benefits and more time off, etc. For those Gen Y workers thinking about work / life balance, government jobs have a greater flexibility advantage. Government jobs can usually offer a sense of helping society and give meaning to your work in ways that private sector jobs often struggle to provide.
5) Most successful technology and cybersecurity leaders that I know move back and forth between the public and private sectors. People like Teri Takai, Mark Weatherford, Phyllis Schneck, Howard Schmidt and others have successfully navigated their careers in ways that benefit from a mix of public and private sector service. Recommendation: Don't think of this as an "either or" decision. Moving forward, very few people will stay in the same government agency or private sector role for life. The end of defined benefit retirement plans also means the end of golden handcuffs for most people. More and more people look at their careers as a 3-5 year investment in a particular professional situation. So consider starting in a government job that will provide the right skills and experience to build a great career in cyber for the long term. NSA gave me that opportunity, and I am very grateful.
6) While I predict that cyber job opportunities will level off, I also believe that there is no better area than cybersecurity for the long-term, especially if you like computers, math, problem solving or other high-tech topics. Think of long term investing for the future as the model. Recommendation: Treat your career the same way as your wise investments. Invest in continuing education for life. Build skills that will last.
7) Regardless of what you choose to do for a public or private sector job, give back to the local (and wider industry) community and stay connected with professional associations like ISSA. Also, groups like the Michigan Cyber Civilian Corps and Michigan InfraGard allow you to network with others, build skills and expertise while enhancing your resume and future career prospects. Recommendation: Wherever you live, look for wider opportunities to get involved. Don’t burn bridges, but grow your social network both online and offline. You never know where your next job offer will come from.
There are many studies and reports on the cyber talent shortage. This report from CBS News offers several ideas and other predictions:
"The difficulty in finding qualified cybersecurity candidates is likely to solve itself, as the supply of cyberprofessionals currently in the educational pipeline increases, and the market reaches a stable, long-run equilibrium," the report states.
RAND recommends a few things the federal government could do to help:
- Relax some federal hiring rules when hiring hard-to-find cybersecurity experts
- Invest in cybersecurity education programs
- Refine ways to identify non-traditional candidates likely to succeed
- Attract more women into the profession
I think these suggestions are helpful, but I also hope that a wider perspective on the benefits of public service will change attitudes about government cyber jobs for young people. I wish you all the best in your cyber career.