Asking young people to be heroes can be hard if they don’t think they’re particularly heroic.
The heroes in question are cyber security professionals, the hacker-fighting folks tasked with keeping digital information out of the hands of bad actors. Most people don’t realize that the world has a shortage of them. Cisco (CSCO) estimates that there are a million more cyber security jobs than people to fill them worldwide.
In Washington, the feeling is acute. More than 30,000 open positions in the federal government wait to be filled by the next influx of white-knight hackers. One problem: government work doesn’t quite ooze the sex appeal of private-sector jobs, where there is already a shortage. Industry professionals interviewed by Fortune said government cyber security jobs have lower pay, less flexible hours, and extensive background checks, making them less tempting than the $116,000 per year on average that a salaried information security professional makes in the private sector.
“Education and government are not rewarding their information security professionals,” reads a 2013 Frost & Sullivan report on the industry. “Forty-four percent and six percent of education respondents reported no change or reduction in salary, respectively, in 2012. For respondents in government, the results are similar: 45 percent reported no change and five percent reported a salary reduction.”
In May, Sen. Tom Carper (D-Del.), chairman of the Homeland Security and Governmental Affairs committee, introduced a bill requesting more competitive hiring practices on par with their counterparts in the the National Security Agency and the private sector. (It passed on September 18.) Higher salaries, faster hiring, and competitive retention bonuses top the priority list.
“Unfortunately, the demand for cyber security experts in the government greatly outpaces the supply and many agencies have had difficulty attracting the best and brightest and retaining those already in service,” Carper said. “It’s critical that Congress gives the Secretary of Homeland Security the personnel authorities the Department needs to improve their ability to compete with the private sector and other agencies to hire and retain the most skilled cyber workforce.”
“The tradeoff of working for the government is making less than you can in the private sector,” added Jennie Westbrook, a spokesperson for the Senate Committee on Homeland Security and Government Affairs. “That’s definitely one of the challenges we face.”
Still, NSA wages don’t match those in Silicon Valley. Without the free-flowing revenues that private technology firms enjoy, government recruiters say they rely on other tried-and-true tactics: get ’em while they’re young and get their red, white, and blue blood flowing.
Paul Judge, chief research officer and vice president of Barracuda Networks (CUDA), a Campbell, Calif.-based cyber security firm, argues that heroism can be a big hook. Not everyone can be a Green Beret, the term for the U.S. Army Special Forces; that air of exclusivity must apply to NSA hackers, too.
“There are no shortage of individuals who care about protecting the country,” Judge says. “You grew up playing Cops and Robbers. You might not have grown up the biggest kid on the block but you can fight with your brain.”
The effort is already underway. The Department of Homeland Security and Department of Defense woo university and high school students to prime those interested in computer science for government hacking. The U.S. Office of Personnel Management offers Scholarship for Service, a sort of digital National Guard, through which the National Science Foundation bankrolls undergraduate and graduate students in exchange for a stint in local, state, or federal cyber security service. Some states sponsor “cyber camps” for high school and university students to learn security fundamentals. Other states even push to make programming languages like Java qualify for high school foreign language credit.
As in many youth recruitment programs, patriotism can be a mixed bag for younger generations. Nicolas Peterson, a graduate student in the Master of Cybersecurity and Leadership program at University of Washington-Tacoma, says his peers often eye the federal hand that seeks to feed them with suspicion.
“I’m definitely not an experienced professional when it comes to cyber security, but I can say that a lack of trust seems to be especially apparent between cyber security students and government,” he says. Peterson served as an intern for Rep. Derek Kilmer (D-Wash), where he researched the challenges of Washington’s cyber security industry.
Recent revelations of the NSA’s hardware bugging and domestic surveillance have left inter-generational relationships chilly.
“[Edward] Snowden was kind of the final straw,” Peterson says. “It’s really kind of fracturing the community of professionals and creating these two camps where all the sudden private business are saying, ‘Well okay, now we need to protect ourselves against the government, too.’”
It’s a particularly difficult situation for cyber security pros. While physicians and attorneys get their accreditations from independent professional organizations, several security licenses are administered directly by the NSA, Peterson says. Even as he continues his studies, Peterson is wary of the implications of a $2.1 million Scholarship for Service grant that his university accepted.
“There’s a lot of concern that the level of government involvement isn’t going to allow independent research and act as a barrier to prevent certain political views from being expressed,” he says. “I think the less government pressure in education, the better. We need to ensure that researchers can research what they want without the risk of getting it speared.” Including how to defend against government snooping.
This article has been updated with additional information.