CYBEREYE

The pros and cons of government cybersecurity work

The job can be boring and frustrating for some, but there also are upsides

Cybersecurity is a growth industry, with rapidly increasing demand for qualified professionals in government and industry and a growing number of schools offering courses and degrees. But a couple of security bloggers warn that cybersecurity jobs in large enterprises, especially government, are likely to be frustrating.

Mike Subelsky, who describes himself as a hacker and entrepreneur who has worked in cybersecurity for eight years in the military, as a government civilian and as a contractor, describes the work as uncreative, bureaucratic and restrictive.

“In classified settings, you are severely restricted in the sources and kinds of technologies you use,” he writes. “You won't have admin permissions on the machine you're working on. Forget installing Chrome with the latest extensions, you'll be lucky to get Version 2 of Firefox!  Or you might not have access to the Internet at all!”


Related stories:

Cybersecurity is hot on campus

Cybersecurity boot camps are a start toward a skilled workforce


A like-minded blogger identified as NetSecGuy wrote that “the government leads in cyber-boring.” Not only is the technology outdated, but management has no clue and information is seen as something to be hoarded rather than shared.

All of this probably is true. Many government workers I’ve known, although they tend to stay in their jobs because of the security, make similar complaints regardless of their job descriptions. Most of these drawbacks have little to do with cybersecurity per se, but are endemic to large, buttoned-down organizations, not just government. But there also are upsides to cybersecurity work in government that should be considered.

Although there are regulations restricting the types of information technology that can be used and defining their configuration, the government does have power users. Science-oriented organizations such as NASA, the National Oceanic and Atmospheric Administration and the Energy Department’s national labs often are at the cutting edge of science and technology, and at least a few lucky people have some great toys to play with. A security worker who gets into the right position could end up protecting and using some pretty cool tools.

The systems and data being protected at other agencies also are important. Although every agency has its routine back-office business systems, there also is a wealth of sensitive and critical data to protect. State secrets. Military plans. Things that spies from other nations are dying to get their hands on. These stakes add some interest to the game.

Finally, you’ll be going up against the best. Well-funded foreign espionage programs and sophisticated criminals are targeting government IT systems. If you can detect and keep them out, you’ll be at the top of the game.

Unfortunately, this does not change the likelihood that the rank-and-file of government cybersecurity workers probably will be doing routine administrative chores rather than playing high-tech games of spy vs. spy, and they will be able to expect little gratitude from their country or coworkers.

“In many of these jobs, you're going to find yourself acting as an enforcer, a mere gatekeeper,” Subelsky writes. “You'll be telling the creative people in your organization all the things they can't do or aren't allowed to have.”

But there is something to be said for being dependable. As one reader responded on the blog, “There is something attractive about a high-paying position with job security. I want one of those. Yeah I might work on something boring, and may have to sell my soul. But at least I can pay my mortgage, right?”

The current generation of cybersecurity professionals tends to be zealots; people who are passionate about computers, coding and hacking, who started out as teenagers spending hours in the basement playing with gadgets, educating themselves to the point that they are co-opted by organizations where they find themselves bored. The next generation will be young professionals who choose cybersecurity as a career path and enter the field with a different set of expectations.

We’ll lose something along with the passion, but they’ll be able to pay the mortgage and we’ll have the minds and hands we need to keep watch on our cyber defenses.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Mon, Feb 3, 2014 iggybear

this doesnt have reseach on what they do for my homework

Fri, Mar 22, 2013 Jose Coss Eatontown NJ

I was just started to take college course on Cyber security, do you think this is the way to go or should I have a better chance studying for the IT field?

Mon, Jan 9, 2012 Paul Patrick

I agree with the guys regarding government strapping your hands and asking your to accomplish some task without the necessary tools. It is utterly rediculous too. It is so true! I worked 20 years in military and govt contractor settings of which each has its own set of security guidlines that in an of itself are so restricting, you can't get anything done.

Tue, Jan 18, 2011 Cyber Work

Much of the blogged information is correct. I belive that the federal organizations has a lot of factors on how much you use your expercience. In Atlanta, the CDC has some of the most challenging positions. In places that are military related forget skills. I have seen many "rocks" get positions due to the good ol boy network. The DoD does not get into much cyber security work because of the network restrictions. They just need bodies in place. The federal agencies such as the IRS, CDC, FBI, NASA, and NSA have more use of cyber security experts. Majority of the folks who lean towards federal employment as a form of job security are not looking to advance in the field. People that want to do intrusion detection and packet analysis have a grip and desire to advance. Very good posts

Thu, Dec 2, 2010 Griff Virginia Beach, VA

I keep hereing that they need qualified individuals to work in cybersecurity positions. The problem is all the positions require 5 years of experiance. I've been a web developer for the past 10 years and just started in a master's program in cybersecurity. So with my degree I believe I will still be turned down due to a lack of experience. So how do I get experience. Also is Northern VA and DC Metro the only area in the country that need cybersecurity workers.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above