There’s not enough smart people in information security, says DHS

Kasor

I have to say that a real techie don't like to be managed by the Govn't and we need Senior IT guy who can understand technical issues and also able to communicate with the policy makers which DHS don't have any of those people. Most people that assigned to DHS because they are appointed or don't know anything about IT.

A simple solution is to hire GS9/11 and build them up. Because those lacking IT skill manager didn't do their 5 or 10 yrs plan. Now, the "Govn't" have a huge gap or issue. Do you think Govn't going to pay a person to do a job while private sector pay them over 150k or more? Anyway, we need someone that know IT to be the CIO. Not just some guy who was a CIO for a city/state. Someone in a real IT field and a real IT guy.

the_Grinch

Oh where do I begin? First, large amounts of vacation time in the government sector is a myth and I'm not entirely sure how it got started. When you are there for a long time, you accrue time fairly quickly, but starting out it doesn't amount to much. Basic breakdown amounts to four hours per pay period (a day a month) in the beginning. After a few years, it will rise to six hours per paid period, and then finally top out at eight hours per pay period. So ultimately you are looking at 30 days a year once you been there awhile. That isn't bad, don't get me wrong, but you have to be there a long time to reach that point. One small caveat, some agencies in an effort to recruit talent will make a determination based on year of experience and bring you in where you earn perhaps six hours per pay period or even the full eight. Case by case basis and depends completely on the agency.

Second, DHS is really the policy guy on the block. Obviously, this can change, but as it stands right now besides CERT they are basically writing policy and coming in for assessments when requested. As far as I know, each agencies is running their own show when it comes to security. This could change, but it will take time and would require DHS putting up a fight that I don't believe they currently have the muscle to win. This also translates to not having a ton of technical people within DHS itself. You'd be hard pressed to recruit someone from a hands on technical position and say "oh you'll be doing policy now."

Third, in regards to CIA/NSA, it will really depend on the position. Specifically, NSA, has a number of programs where you would be strictly technically. If you go to their website and search through careers, look at the following two positions:

Intrusion Analyst Skill Development Program
Computer Network Operations (CNO) - Cyber Exploitation Corps Development Program (CECDP)

Now these programs will take entry level people, but obviously if you have skills already they will adjust the salary for it. You'll have a four year commitment to that job (meaning you won't be able to move around within the agency till after that, normally it is two years), but if you know that is what you want to do you'll be set. Other positions work out to where you would really just me managing contractors and not doing a ton of hands on stuff. You might do some and if deployed somewhere you'll definitely be doing the work, but the government likes having a government supervisor keeping an eye on things.

Finally, pay. The other myth you tend to hear is that government does not pay well. I've been there, the pay is decent. You will be given a base pay (depending on position, grade level, and agency) and then you will be given locality pay based on (yup you guessed it) your location. So if you are working out of Hawaii or the DC area (NYC/PA as well) you are looking at $10k above your base. Normal overtime/holiday pay apply. Currently, there has been a cost of living freeze on government salaries, but that does not mean that you don't get raises. So for each year of government service and depending on the position there are grade levels. Breakdown is as follows:

GS/GL-5 (GL is for law enforcement positions and has a higher base then GS, GG is for intelligence positions) - BS degree
GS/GL-7 - Masters or depending on the position Superior Academic Achievement, which means you had a certain GPA in college
GS/GL-9 - Experience and degrees

The grades end at a GS-15. Now, each year you will jump up a grade until you max out. So depending on your position (mine started at a GL-5, maxed at a GL-9) you will move up the ladder till you hit the top. At that time, you will begin to increase in steps. Thus I hit GL-9, Step 01 and the following year I would be a GL-9, Step 02 getting whatever that pay increase is. Some positions top out at GS-11 (on the law enforcement side, once you are passed GL-9 you convert to the GS payscale) and anything GS-11 or above is usually a merit based promotion which means you will compete for that spot. Any questions you guys have in regards to the federal government I can answer. If I don't know, I know someone who does.

NightShade03

Wow awesome response!!! I knew that the time off was something you had to be around for...my father has worked for gov for 25+ years and has a ton of vacation time every year, but look how many years he has been there. Also I don't really take vacations, ever, so it's one of those "nice to have", but never really high on my list

I think the pay has always been my biggest concern. Not because they don't pay well, but because I make a lot of money right now and I'd have to take a huge pay cut to go gov (again something I wouldn't mind if wifey wasn't in school at the moment). The GS scale makes sense, very familiar with that....I guess my only question is how to you know where you'd fall when the job postings salary vary wildly. For example you mentioned the NSA CNO or even their IA security professionals...the salary range is $65k - $115k. How would you know where you fall in that range? Is it mostly based on degree (I have a BS) and experience (4+ years)?

Thanks again for the detailed reply!

the_Grinch

They will evaluate your resume at the time of the offer and let you know what they are going to bring you in at. Then will begin the very long and fun process of the background check. This will require a psych eval, full scope polygraph (criminal and national security questions), and a nice lengthy form to fill out with basically ever piece of information you can think of (SF-86 is the basis of the form). From there your investigator will begin doing his job and it will take anywhere from three months to a year to complete (largely based on his case load, the correctness of your forms, and how many places you have lived). Once that is complete and you get the final offer, they will review your resume again and decide if at that time they need to up your offer (another year of experience, more certs, etc). Experience, education, and certification will dictate where you fall in the scope of those salaries. Expect between $50 and $70, but don't expect to be able to haggle. Good luck if you apply!

paul78

@the_grinch and @nightshade03 - I imagine it takes a certain person to work in the government. I have always respected the sacrifice that it must take to serve your country.

My only exposure to government work was many years ago for the FAA as a subcontractor. And while it was rewarding to a certain sense, I struggled with the idea of hitting that max ceiling.

@jdmurray- thanks, I am familiar with the CSSLP. Its good stuff. I wholeheartedly agree with you but at this current maturity state, it is lowhanging fruit to intro testing by an outside entity. For me, it's really going to take a cultural shift to make it stick.

dmoore44

Grinch... you sound like you have experience...

dmoore44

Alright... after spending a few days browsing Dice.com/Monster.com/etc... I think I've come to the full realization of what bothers me about declarations that there aren't enough qualified personnel to work in the IA/Cybersec field... It's not so much the actual technical qualifications required (the technical qualifications are actually quite reasonable)... But if you want to work in IA/Cybersec for/alongside the government, 99% (an exaggeration... but not by much) of the positions - regardless of employer - REQUIRE a TS/SCI or TS/Ploy. If you've ever done any work with the government, you know how hard it is to get one of those. And it's doubly hard because the majority of employers want you to have a current TS/SCI or TS/Poly - they're not willing to sponsor a candidate... which is complete garbage. The prospective employee pool is being limited to those that already have the required clearance - and getting the required clearance provides a significant barrier to entry.

the_Grinch

I've been through more then my fair share of background checks and you are most certainly correct, companies do not want to pay to have them done. It is a heavy investment and when it doesn't pan out you are out some cash. You're looking at $50 to $100k and if they are found unsuitable it hurts the bottom line. Much better to pull someone fresh out of the military or who recently left government service as they are a safe bet. On the technical side, you're mostly correct they can find the skills they need.

JDMurray

Employers want new hires to already have a clearance so they don't have to pay for it. Same reason many employers want new hires that already have specific certifications, so they don't have to pay for the training from their departmental budget. Having a clearance is not a golden ticket to cyber security work; it's only one item on a checklist of "must haves" for many jobs working with the Feds/DoD.

hiddenknight821

The difference between getting a clearance and getting a certification is that one cannot pay for the security clearance process. If the government would allow this to happen, then I think it would make a good stimulus for the economy.

dmoore44

Grinch/JD - I know that's the thinking... it's just frustrating for those who really want in to the government sector IA/Cyber work. I also wonder how many unqualified people get in to IA/Cybersec positions in government related work just because they have the clearance.

I also find it really hard to believe that the government doesn't reimburse the big 3 or the beltway bandits for clearance related costs. I've worked in government contracting (I was a government contracts specialist/contracting officer), and I know that companies tend to ask for reimbursement for certain costs imposed on them by the government...

the_Grinch

I'm sure they probably bill the background check back to the government, but for most positions the initial NCIC check along with the credit check should allow them to get a decent enough view to see if they want to continue with the full investigation. Plus, if the polygraph is involved, it is always done before the BI with the person just having the paperwork filled out so they are ready once they pass.

In regards to unqualified people getting a job based solely off the clearance, it's rare. Usually, as far as I have seen, they will take someone with an IT background and then train them up. Buddy of mine got hired from a support position to a security policy position with no clearance. They trained him up and his IT background was enough that it was fairly easy for him to get up to speed. A lot of luck involved in government positions with the other part being continuing to submit resumes when they seem to just be ignoring you.

universalfrost

after reading this thread some hit the head on the nail and others were just banging away hitting their own fingers...

i am in the government (GS-2210-13) and in the past I have lead IA teams that did the whole gambit in order to crack open new systems and then my job, as the gov't rep, was to review their findings and present to to higher headquarters... lots of "fun".... i personally am looking to get back to the private sector because my skills are very rusty and i loathe the majority of gov't workers in the IT industry that do not have a clue! I am sitting in a mid level managers role and i see IT folks all around me that couldn't do even an entry level help desk job!

all i can say is expect the government to pay bottom of the barrel for gov't employees and the air of job security is non existent. i know that the agency i work for is looking at reduction in force numbers of upwards of 8k folks over the next 4 years... unfortunately that will not remove all the "wasted space" type of folks, but instead will drive away the good folks that were only in the jobs because of the security.... I am one of those folks that is planning to leave soon (less than 1 year) because I want to actually work for a living.... oh and for what it is worth, i worked for one of the 3 letter agencies while still in uniform and they did have some great folks, but again once the persona that is the 3 letter agency wears off, then those folks tended to move back to the private sector....

ivx502

@ Universalfrost, We must work at the same place. j/k I really get it with the requirements for certifications, but what I tend to see is people who have a clue at one level. Then dealing those above them not able to find one even when you point the obvious out to them. The 2210 I report to has been nothing but supportive, and always manages to push in order to bring the best performance possible.

With the direction the government or at least the portion of it I am exposed to. I don't see me staying where I am beyond next year. I don't have the 20,000 foot view that DHS has, but I can tell you from experience there's a lot of talent within the public sector. Getting in is the difficult part especially when the door gets slammed in your face and someone else takes the position. I use to share my knowledge and now I don't share anything except when I have to.

GAngel

Being a government script monkey isn't exactly where i would expect to find the top 10%. That's where i'd expect to find the bottom 20% of the class who couldn't land at a big firm or run there own.

IT is just another job now no more or less passion for the general worker than years ago. People just see it as a way to get an abover average salary. And unis courses in general are a joke now. you don't learn much of anything compared to even 10 years ago when we were coding basic, fortran, mainframe etc.

the_Grinch

I've found that it really depend on the agency as far as talent goes. Some do attract the top 10% because sometimes you are looking to be on the bleeding edge and a few agencies are. Also, as far as law enforcement goes, many of them get the 10% (fluent in many languages, top law school graduates, etc).