The spying profession was less technical and more romantic in the 1960s. At least that’s the image we get from the novels and movies of the Cold War. Sean Connery was James Bond, and even if the enemies belonged to nefarious organizations with capitalized acronyms, we all knew that they were Soviet spies. The danger was tangible and immediate – think about SPECTRE agent Rosa Klebb’s spike-toed shoes in From Russia With Love. The Cold War was at it’s height and the threats to the world were nuclear. Despite the sophisticated weaponry in his Aston Martin, Bond really never went techno.
That was 20th century fiction. The high tech reality of espionage in the 21st century is much less glamorous. Candidate Trump’s debate description of a 400 pound, bedroom-based hacker certainly doesn’t evoke Bond images and the nature of the security threat has (mostly) changed from atomic to cyber. There’s another difficulty with the comparison of Cold War And Cyber War espionage. Cyberthreats certainly exist, but the villains and their motivations can be difficult to identify.
Business and Political Targets
You’ve probably never heard of Fazio Mechanical Services. In 2013, an employee of the Sharpsburg, PA HVAC business made the mistake of opening a sketchy phishing email. Their computer and the company server became infected with a malicious bit of code – a virus that they shared the next day through a payment portal that was open with one of their clients, Target department stores.
Fazio later stated that it was the victim of “a sophisticated cyber attack operation” and that
“IT systems and security measures are in full compliance with industry practices.” Dubious assertions, but the consequences of the data breach for Target were very real:
- Credit card and informational data from 110 million customers was exposed
- Year to year profits declined 50%
- Consumer and media backlash
- Approximately $252 million in expenses to manage the breach
- Ongoing litigation and regulatory action
- Target’s CEO was forced to resign1
- There’s a thread of stories on the margins of the news that are murkier, but potentially as damaging to the US political system as the Target breach was economically disastrous. The first involves a Romanian hacker, Marcel Lehel Lazar, who calls himself Guccifer. He’s a sketchy character with questionable plausibility. You won’t see a link to his website in the sources for this article, but he’s not difficult to find. In a post dated 10/4, Guccifer claimed to have hacked the Clinton Foundation servers.
So, this is the moment. I hacked the Clinton Foundation server and downloaded hundreds of thousands of docs and donors’ databases. Hillary Clinton and her staff don’t even bother about the information security. It was just a matter of time to gain access to the Clinton Foundation server.
Guccifer posted a list of files on his website that are purportedly damaging to the candidate. The Clinton Foundation has denied the hack and says the information is spurious. Likely so. Guccifer makes some very tenuous accusations and inferences and the authenticity of the files is questionable – but the threat to information security is real.
Other evidence of cyber-espionage are more credible. In August, WikiLeaks’ Julian Assange released emails hacked from the Democratic National Committee servers that resulted in the resignation of DNC chairman, Debbie Wasserman Schultz. Last week, WikiLeaks released additional that were intended to influence the presidential campaigns. News reports and the Democratic Party point fingers at Russia for those cyber attacks, and there is speculation that Russian hackers may also be planning an attack to disrupt the November elections.
The cybersecurity threats surrounding the election may seem dark and nebulous, but the danger to U.S. businesses and to government data can be measured in real terms. Data breaches are costly, as Target, Home Depot, and other large businesses have discovered. They may also threaten national security. In February this year, hackers released data on 10,000 Department of Homeland Security employees, followed the next day by names, emails, and personal information on 20,000 FBI employees. Later in the month, the IRS revealed that a previous breach included information on 700,000 taxpayers. 2
Where there’s a threat, there’s an opportunity
“One Million Cybersecurity Job Openings in 2016” reads the headline of a January article in Forbes Magazine. The number of cyber security jobs may be a stretch, but the article cites some promising figures for job seekers:
- The cyber security job market is expected to grow from $75 billion in 2015 to $170 billion by 2020.
- 209,000 cyber security jobs are unfilled and postings are up 74% over the past 5 years.
- The salary premium for cybersecurity workers over other IT workers is $6500/year or 9% more in a salary comparison. 3
Bureau of Labor Statistics (BLS) data confirms growing demand for Security Analysts. As of 2015 there were 88,000 Americans employed in the field, earning a median salary of $90,120. Jobs are available nationwide, but the metro areas afford the largest opportunities for employment and higher salaries. 4
The outlook is good for cybersecurity jobs in both the government and private sectors and salary ranges reflect the shortage of qualified individuals to fill open positions. Typical job titles and salary ranges are indicated in the chart below:
The federal government has identified both the shortage and the need for cybersecurity expertise for cyber warfare jobs. A memorandum from the OMB5 in early 2016 provides an outline of the government’s strategy to meet the current and future cybersecurity needs. The introduction to the memo identifies the challenge:
The Federal Government must take immediate and broad-sweeping actions to address the growing workforce shortage and establish a pipeline of well-qualified cybersecurity talent. To this end, in June of 2015, the Office of Management and Budget (OMB) launched the Cybersecurity Sprint to rapidly improve cybersecurity across the Federal Government.
The Cybersecurity Sprint included a review of Federal cybersecurity policies, plans, and procedures, which revealed two key observations about the Federal cybersecurity workforce:
- The vast majority of Federal agencies cite a lack of cybersecurity and IT talent as a major resource constraint that impacts their ability to protect information and assets; and,
- There are a number of existing Federal initiatives to address this challenge, but implementation and awareness of these programs are inconsistent.
In 2015, Congress passed the Cybersecurity Information Sharing Act as an amendment to the December consolidated spending bill. Intended to “improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats,” the law allows sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. Concurrently, the Obama administration instituted a new program, Techhire, providing $100 million for training in technology fields.6
The Department of Homeland Security (DHS) is faced with more immediate hiring needs and recognizes, “IT and cybersecurity jobs are not only for those with advanced degrees. The skills required for these jobs can often be acquired through other ways, such as community college, military service, or online training.” Their stated priority is “to acquire, grow, and sustain the most talented people in cybersecurity.”7
Government cyber security jobs and cyber warfare jobs are open now. On 10/6, USAJobs listed 183 IT Specialist (Infosec) postings on the federal jobs website, all directly related to cybersecurity. Salaries for the positions range from $50K to $120K. If you have the expertise, there are plenty of career opportunities with the federal government.
Private Sector Positions
Cybersecurity jobs in the private sector may be more difficult to identify, but there are plenty of openings available. Multiple sources indicate that over 200,000 private sector cybersecurity positions went unfilled in 2015.
U.S. companies are behind the curve in their efforts to bolster data security. Despite the economic impact of data breaches and the damage to goodwill, CEOs and executives in publicly traded companies are only beginning to recognize the cyber threat. Demand for cybersecurity jobs is increasing and outpacing the supply of qualified candidates. For job seekers, it’s a seller’s market.
A study by market intelligence firm, International Data Corporation (IDC), describes the current reality:
Most U.S. companies today are underprepared to deal effectively with potential security breaches from outside or inside their firewalls. There was a frequently cited belief among the interviewed firms that they would inevitably be breached; yet many of the firms seemed content to wait until then to focus harder on cybersecurity.
IDC believes that this situation will change as more “pervasive, serious breaches” occur, and they project that data breaches will become more even more frequent and damaging during the coming years.8 That means even more cyber security job openings.
What do you need to succeed?
As with most IT careers, successful candidates for cybersecurity jobs must demonstrate a combination of experience, education, and certifications. The educational background is important and universities are beginning to offer undergraduate IT concentrations in cybersecurity and even MS degrees in Cyber Security Operations. Like other tech jobs, candidates should demonstrate developing levels of experience over the course of their careers. Certifications are definite resume boosters and can demonstrate technical competency to prospective employers. Key certifications for cyber careers include:
- CISSP – The Certified Information Systems Security Professional. If you want to work at the Department of Defense, obtaining your CISSP certification is a requirement. And it carries a lot of weight beyond the Dept. of Defense as well. By getting your CISSP certification you open the door to higher level positions and the possibility of increased pay.
- CISM – Certified Information Security Manager. This certification focuses on governance, risk management and compliance.
- CISA – Certified Information Systems Auditor. This certification focuses on auditing, controlling, monitoring and assessing information systems and can add a significant pay boost to a cyber security professional’s annual salary.
- GIAC – Global Information Assurance Certification. This certification focuses on specialty hands-on technical capabilities such as intrusion detection and forensics among others.
- CEH – Certified Ethical Hacker. For entry-level applicants, a CEH certification can be a great way to land your first job or get you into an entry-level position at your top choice company. 9
Counter-Espionage Jobs for the 21st Century? CareerPro Global Can Help
Maybe you never envisioned a career as a 00 operative and you’d probably rather not have a license to kill. Ian Fleming, the creator of the Bond character, could never have imagined the very real cyber war that faces both government and business today. Hackers like Guccifer are real, and the threat is much more dangerous that the sharp blade on Rosa Klebb’s hideous shoes.
A cybersecurity career isn’t exactly counter-espionage, but there’s a tremendous opportunity for you to make a very positive impact in either the federal government or the private sector. If you have an IT degree or a tech background, you should consider the possibilities in cybersecurity. CareerPro Global can help with USAJobs or corporate resumes and with practical counseling for identifying the best jobs, getting the interview, and landing the position. Since 1986, we’ve helped more than 58,000 candidates with their career objectives. If you’d like to find out more about our services, just get in touch to schedule a free career consultation.
1 Ickes, James and Holt, Joel. Information Security and Privacy Roundup: Memphis Neurology and Fazio Mechanical, 2016.
2 Leary, Judy. The Biggest Data Breaches in 2016, So Far, IdentityForce, 2016.
3 Morgan, Steve. One Million Cybersecurity Job Openings in 2016, Forbes, 2016.
4 Occupational Employment Statistics (15-1122 Information Security Analysts), Bureau of Labor Statistics, 2015.
5 Office of Management and Budget Memorandum, 2016.
6 Fact Sheet: President Obama Launches New TechHire Initiative, White House News Release, 2015.
7 Cybersecurity Jobs, Department of Homeland Security Website, 2016.
8 Conway, Steve and Pike, Sean. Abstract: U.S. Private Sector Cybersecurity Best Practices, IDC Research website.
9 How to Land the Best Jobs in Cyber Security, University of San Diego.
Photo Credits: Pixabay, Wikimedia.com
Learn More About Federal Government Jobs & Resumes