The top executive at Secure Ideas, a cybersecurity firm looking to recruit new talent, broke the ice with a prospective hire at a shooting range the day before the shutdown ended. The applicant, an employed federal information technology engineer, said he is worried about job stability.
He is hardly alone.
There are about 200,000 cyber employees in the federal workforce, according to a recent government survey. Many were exempt, or “excepted,” from the furlough, meaning they had to work but wouldn’t be paid for that work until government reopened and resumed payroll operations. (Congress eventually passed a law authorizing back pay to furloughed federal employees as well.) Between the 16-day shutdown and the possibility of another lapse in funding just three months away, some cyber civil servants are considering jumping ship, according to several industry recruiters, who say they’ve seen an uptick in job inquiries from federal data security specialists.
“Rarely do we receive inbound calls from cybersecurity people who work for the federal government — a lot of times because the job is so secure,” said Mark Aiello, president of Cyber 360 Solutions, a placement firm in Massachusetts. He estimates receiving at least half a dozen such queries since Oct. 1, when the shutdown began.
“The basic motivation for their call is they are concerned over the debt crisis and ongoing furloughs. The vast majority of people were on the job and deemed essential but concerned,” he said. “They recognize they can probably make more money in the private sector [and ask themselves] ‘Why am I going through this if it’s just going to happen every quarter, every election cycle?’ ”
Kevin Johnson, chief executive officer at Secure Ideas, a six-person consultancy, said his new shooting partner contacted him last week about one of two job openings at the company. The IT engineer, who works at a civilian agency, declined to be interviewed.
That applicant “looks at my field and sees that it’s growing by leaps and bounds,” Johnson said. Secure Ideas’ so-called penetration testers are paid by government and industry organizations to fake out physical security and IT staff by posing as legitimate employees and hacking systems to identify cyber vulnerabilities.
Johnson, on Oct. 2, two days into the shutdown, said of the impact on federal cyber operations — “I haven’t seen much except a number of headhunters offering services to the out of work people.”
“Out-of-work cyber professional” typically is an oxymoron. This past weekend, there were 16,662 openings involving cyber or information security responsibilities listed on the major job search website Indeed.com and 16,033 on the tech-focused job site Dice.com.
Johnson cautions those testing the waters outside the government that consulting is very different from working for one agency. At a federal department, the professional knows every system inside and out, whereas at an advisory firm, the individual is constantly changing focus to meet the expectations of new clients.
Angst over Job Stability, Not Security
Most government cyber proressionals are very dedicated to their work, Aiello said. “Beyond their sense of duty, they are feeling a real [need] to help their country,” he added, but “they are looking at their own lives and their families — it’s not like [they’re] living at such a high level that [they] can afford to be out of work for two weeks” without any certainty about when or even if they’ll be paid for that time.
U.S. private sector cyber salaries, which average $111,376, appear to be outpacing government salaries, averaging $104,081, likely due to federal budgetary constraints, according to statistics from (ISC)2, an information security trade group representing industry and government employees.
Traditionally, cyber specialists inside the government have found the work more rewarding than higher-paying private sector positions, but that may be changing.
“There is frustration. There is fatigue . . . I think they are feeling overwhelmed at times,” said Kathy Lavinder, executive director of Maryland-based firm Security and Investigative Placement Consultants, who specializes in information and physical security.
The funding uncertainty, combined with constant policy and programmatic changes, makes them feel like they can’t accomplish anything, she said. “I think they all understand that when they leave they can be snapped up pretty quickly,” Lavinder added.
One of the two federal cybersecurity employees who contacted her said he wanted to take advantage of the “interlude,” Lavinder recalled, laughing at the euphemism. Another told her: “I want to get out. I just need more stability.”
The anxiety has trickled down to federal vendors, whose paychecks also depend on congressional appropriations. One contractor, a technology professional at a three-letter agency, said he wanted to be free of the whims of lawmakers. With his program defunded, his supervisors recommended staff look for other employment.
Some essential information security professionals were possibly too exhausted during the furlough to freshen up their resumes, some recruiters speculated. “I probably get at least seven to ten [cyber applicants] a week and I only got three during that period. I’m convinced it was because they were working,” Lavinder said.
Are They All Talk?
Even before the Oct. 1 shutdown, the budget sequester that went into effect last spring had prompted some government workers to explore other opportunities, said Deborah Page, a principal at the Virginia-based McCormick Group who recruits IT, cybersecurity and risk management professionals.
“Now, the question is how serious are they?” she said. The private sector is “indeed seeking good infosec folks but whether [federal employees] will be able to transition well into those environments is another question.”
Some recruiters say they have not noticed a difference in interest from feds, and pointed to the positive aspects of a lull.
“Being furloughed is one thing but knowing that you’ll get paid for your time off doesn’t really instill fear in people — I don’t think,” said Jeff Snyder, president of Colorado-based SecurityRecruiter.com. “Change is something that most people resist like it is a plague. Getting time off and getting back pay seems like a double bonus to me. Then again, I’ve never had a salary in my entire adult life.”
More government workers likely will start hunting as another potential hiatus approaches in January, compared to the number of employees who picked up the phone last time, Page predicts.
“They were still on the payroll and perhaps, for some, enjoyed a bit of relaxation time to do family chores or update their resumes,” she said. “When it hits once, you may not take it so seriously but when it repeats, you now have to look at yourself and [the] situation to not allow it to happen again.”