Meh. If the US federal government really needs cybersecurity professionals, they probably ought to stop doing things that generally scares hackers away from working with them:
- Spying on everyone
- Invoking the CFAA on ToS violations (Lori Drew, Andrew Auernheimer)
- Copyright zeal
- Persecution of computer hackers (Aaron Swartz, Lauri
Love, Glenn Mangham, Jonathan James, Stephen Watt, et al.)
I don't see them tipping their hand anytime soon. I certainly won't work for them until they do, and the most skilled technologists I know are on the same page.
When your fundamental technology/approach are the rubber hose and the lead pipe (at will, "because we can", might is right physical intervention -- I shy away from using the tarnished term "legal"), you've already set the tone of your pitch -- intended or not -- to something unattractive to the best of this industry.
The document touches on something that I think is profound and prescient, about the future of government in the face of tech: Giant, monolithic government may not be sustainable as technology enables more and more direct personal involvement of all kinds of activities. If I can use an app to connect me directly with someone in a car to get a ride home, why can't I use an app to connect me directly to the approval process for a bill? Or directly to an appropriations decision? I don't think government will become irrelevant, I just don't think it will survive in the form we've always recognized. As the government begins to thin out under the influence of decentralization and democratization, the need for "20,000 to 40,000" federal cybersecurity employees begins to dwindle.
I personally have difficulty finding postings. While my resources do include the normal hiring places, I find that both the amount of "cybersecurity" posts in the normal places and the amount of "cybersecurity"-geared hiring places, are surprising low.
Maybe my difficulty lies in my perceived demand quantities versus postings I find.
With every HN Whos Hiring thread, I tell myself I need to write a tool to filter the posts based on buzz words, because scanning hundreds of the job openings for "security", "penetration", and the like is a major pain.
>Early in our work we discovered that there was a broad consensus on a perceived shortage of cybersecurity professionals. The argument goes as follows. Everyone wants better protectors in cyberspace. Good people are snapped up quickly, and the best people tend to jump from employer to employer, with each move bringing an upward ratchet in compensation.