Cyber Defence Recruitment – Before We Get Into The Topic , Let’s Learn Some Basic Of This Topic

We wanted to go past the fluff in this resource and give you some solid information on government cybersecurity employment. What is it like to work for the National Security Agency or the Central Intelligence Agency? Which firm has the finest track record? Who is on the lookout for security experts? (To the last question, the answer is basically everyone.)

We’ve divided the page in half, just like we did with our MOOCs article. You can skim over general work suggestions in Sections 1 and 2. You’ll find thorough information on each agency or military branch in Sections 3-5, as well as links to Glassdoor reviews and the official/unofficial line on cybersecurity careers.

Working for the Government

General Benefits

There are a variety of reasons why you might choose to be a cyber warrior for the United States:

  • Public service is extremely important to your country (there is a shortage of cyber experts across most agencies and military branches).
  • Drug runners, mobsters, renegade governments, and terrorists are all hunted down by security personnel.
  • Long-term employment — Serving in the military can be a long-term commitment.
  • Good perks – Military branches make an effort to look after their service members.
  • Intensive job training — After serving, you can always choose to work in the private sector.
  • Cachet – Working for the CIA or the NSA may appeal to you.

In addition, the government is working hard to recruit fresh cyber talent. It is funding scholarships (see SFS below), supporting hacking competitions, providing re-enlistment bonuses, and participating in high school recruitment.

General Downsides

However, other considerations may cause you to pause:

  • Lower salary – You will almost certainly be paid less than contractors or colleagues in the private sector for most positions.
  • The government loves red tape, so there are a lot of complicated hiring requirements.
  • Intensive background check — To obtain a security clearance, you will be subjected to a rigorous, and at times intrusive, background examination.
  • Long hiring process – Clearing to work for the government might take months.
  • Lack of independence – In the military, rotating jobs and assignments are very common.
  • Poor public perception – The NSA Snowden affair and disclosures regarding CIA torture have done little to boost the intelligence community’s image.

Cool jobs go to government contractors – You might find that complicated occupations go to government contractors.

The issue of salary is particularly acute at the top of the profession. On the free market, elite cybersecurity professionals might earn $250,000-$300,000 per year, according to RAND analysts. Government agencies will be unable to compete with these figures. As a result, they’re losing key personnel to the private sector.

Further Resources

Scholarship for Service (SFS)

The primary goal of the Scholarship for Service program is to increase the number of qualified government information security professionals. To that end, the National Science Foundation (NSF) has teamed together with the Department of Homeland Security to award information assurance scholarship scholarships to students.

Participants may be eligible for a stipend of up to:

  • Undergraduate education costs $20,000 per year.
  • A master’s degree costs $25,000 each year.
  • Doctoral studies cost $30,000 per year.

Schools can apply if they are NSA CAE IA/CD certified or if their information assurance processes are deemed “comparable” to those of qualified schools. A list of Participating Institutions can be seen here.

You’ll be asked to serve in a Federal, State, Local, or Tribal Government organization for a time equal to the length of your scholarship (e.g., if your scholarship is for two years, you’ll be expected to serve for two years).

The top 5 places where SFS graduates went to work from 2002 to 2012, according to a 2012 DHS CyberSkills Task Force Report, were:

  1. NSA
  2. Navy
  3. Army
  4. Mitre Corporation is a company that manufactures and sells
  5. CIA


The United States Cyber Command (USCYBERCOM) is a sub-unified command under the United States Army. Strategic Command is an acronym that stands for “Strategic Command It has three key objectives:

  • Defend the Defense Department’s Information Network (DoDIN)
  • Assist combatant commanders on missions throughout the world.
  • Improve the country’s ability to withstand and respond to cyber-attacks.

The crucial thing to remember here is that USCYBERCOM is in charge of developing the Armed Services’ cyber force structure, training needs, and training standards. The following are some of the services it provides:

  1. Cyber Command of the Air Forces (AFCYBER)
  2. Army Cyber Command is a branch of the Army that is responsible (ARCYBER)
  3. Fleet Cyber Command is a command of the United States Navy that (FLTCYBERCOM)
  4. Cyber Command of the Marine Corps (MARFORCYBER)

The Department of Defense is developing a cloud-based architecture for network, known as the Joint Information Environment (JIE). This could result in new cybersecurity training and DoD requirements. Instead of scanning and patching networks, for example, you could be in charge of data access controls and mobile devices.

H4cker5 Wanted

H4cker5 Wanted: An Examination of the Cybersecurity Labor Market, published by the RAND National Security Research Division (NSRD), is 110 pages long but well worth reading.

The researchers dive into hiring methods at federal agencies and the goals of university programs, in addition to covering current labor market literature and reports. They go to the effort of interviewing government officials about their recruiting practices.

If you want a behind-the-scenes look at the cybersecurity labor market, this is the book to read. In the sections below, we’ve cited a lot of this research.

Federal Government Agencies


  • CIA Cyber Careers is a career site run by the CIA.
  • 21,575 people work for the company.
  • Headquartered in Langley, Virginia, with field agents all over the world.
  • Glassdoor reviews of the CIA

The Official Line

The Central Intelligence Agency (CIA) is the only independent U.S. intelligence agency in the country and is in charge of intelligence gathering. Offensive cyber operations are of special importance to the Information Operations Center (IOC).

The CIA prefers applicants to have a master’s degree in a cyber field as a minimum requirement, according to the RAND report. Job fairs, hacker conventions, and inbound hires for the CIA’s IT department all provide potential candidates. The CIA, like the NSA, is attempting to develop talent from within.

It also has a rigorous recruitment process. When you apply, the CIA will:

  • Examine your résumé thoroughly.
  • Interview over the phone.
  • You’ll be asked to take a few online tests.
  • Make an appointment for a face-to-face interview.
  • Perform physical examinations as well as a psychological evaluation.

Background checks and polygraph tests are also required for sensitive classified positions. Even after you receive the job, the CIA will maintain an eye on you, monitoring your life and activities regularly (for more info, browse our Quick Guide to Security Clearances).

The Unofficial Line

In the last several years, there have been a lot of discoveries about CIA behavior (see the controversial Senate Committee’s 2014 Report on the CIA’s Torture Use).

The CIA has been developing “aggressive new operations to hack into foreign computer networks to acquire information or harm hostile systems,” according to the 2013 “black budget” revealed by Snowden to the Washington Post.

Be prepared to face difficult ethical choices if you work for an espionage agency.

We’ll accept Glassdoor reviews with a grain of salt because secrecy is a core element of working for the CIA. The strict background checks/entry process, bureaucratic problems, and lack of high compensation appear to be the most common concerns.


The Official Position

The Department of Homeland Security (DHS) was created quickly after 9/11 to protect the country from threats such as terrorist attacks, man-made disasters, and natural disasters. The Federal Emergency Management Agency, or FEMA, is a government agency in the United States that is responsible for The DHS is in charge of the Coast Guard, the Secret Service, and the Transportation Security Administration.

The Department of Homeland Security’s cybersecurity professionals has a lot of work ahead of them. They could be assisting in the protection of essential infrastructures – such as water systems, the electric grid, financial systems, and so on – or investigating data breaches and cybercrime. The DHS is looking for people with experience in the following areas:

  • Response to a Cyber Incident
  • Cybersecurity Risk and Strategic Assessment
  • Detection and Assessment of Vulnerabilities
  • Investigations and Intelligence
  • Engineering of Networks and Systems
  • Forensics in the Digital Age

The Unofficial Position

To be honest, the Department of Homeland Security does not have a good reputation as a place to work. It came in the dead bottom (#19) in the Partnership for Public Service’s Best Places to Work in the Federal Government’s overall rankings in 2014. It’s been there for some years.

In her Reuters report on government recruiting, Doina Chiacu points out:

“[DHS] is lagging behind Cyber Command and the National Security Agency, which are the Pentagon’s larger and more established cybersecurity operations. The rigid bureaucracy of the 240,000-employee agency can foster an inside-the-box culture.” Not only does DHS lack the enhanced hiring powers of its military counterpart and the agility that private companies provide, but the rigid bureaucracy of the 240,000-employee agency can foster an inside-the-box culture.”

Contractors typically obtain the most sought-after jobs (forensic investigations, intrusion detection), while employees get the rest. Upper management, according to Glassdoor reviews, can be highly political.


  • FBI Cyber Careers is a career site run by the FBI.
  • 35,000 employees
  • Headquartered in Washington, D.C., has 56 field offices in major American cities and 400 resident agencies throughout the country.
  • Glassdoor reviews of the FBI

The Official Position

The Federal Bureau of Investigation (FBI) is in charge of investigating federal offenses and defending the United States against external threats. It is also the lead counterterrorism and counterintelligence agency in the United States. In 2002, the Criminal, Cyber, Response, and Services Branch (CCRSB) was established to combat a wide range of unlawful acts, including cybercrime.

If you’re interested in a professional staff vacancy, the FBI is searching for a bachelor’s degree on your résumé. Anyone applying for a job with the FBI is subjected to a comprehensive background check (see our Quick Guide to Security Clearances).

There should be opportunities available. FBI Supervisory Special Agent Charles Gilgen indicated at a 2014 cyber conference that the FBI’s cyber division expected to add 1,000 agents and 1,000 analysts in the coming year.

The Unofficial Position

Although the FBI is dangling the bait for cybersecurity experts, not everyone is taking the bait.

In his post on FBI cybersecurity hiring, Charles Simmins says it best:

“In terms of cybersecurity and investigation, the FBI is not one of the ‘cool kids.’ The National Security Agency (NSA), the Central Intelligence Agency (CIA), the Defense Intelligence Agency (DIA), and perhaps a few additional ‘As’ all have tough jobs in intelligence gathering and analysis, cyber warfare, and other Top Secret tasks. Despite its puffery, the FBI has cyber specialists following drug cartel wire transactions and examining Mafia dons’ banking records.”

The FBI’s stiff atmosphere, restrictions, and red tape, as well as the low salary, are all possible turn-offs.

On the plus side, the FBI has a solid reputation for combatting crime. It is responsible for the protection of youngsters, the prevention of citizen abuse, and the incarceration of nefarious offenders. While other agencies are focusing on cyberwars outside of the United States, the FBI is focussing on domestic threats. Employees who have retired are frequently quite proud of their service record.


  • GAO Cyber Careers is a career site run by the Government Accountability Office.
  • 3,200 employees
  • Headquartered in Washington, D.C., with 11 locations across the United States.
  • Glassdoor Reviews by the Government Accountability Office

The Official Position

The Government Accountability Office (GAO) of the United States is a nonpartisan, independent organization that reports to Congress. GAO is known as the congressional watchdog since it is in charge of scrutinizing federal spending and inappropriate behavior.

Security Auditors have a natural home here. The GAO publishes findings on information security flaws in federal agencies regularly and makes recommendations for how to fix them.

The Unofficial Position

The GAO has a better reputation than some of the other agencies we could list (see DHS). It was ranked #2 in the Partnership for Public Service’s Best Places to Work in the Federal Government’s mid-size agency category in 2014. Even the Smithsonian Institution was beaten.

The majority of Glassdoor reviews are excellent, with people mentioning a healthy work-life balance and knowledgeable coworkers. Bureaucratic red tape, unfair promotion tactics, and a lack of high pay appear to be the most typical complaints.


  • Cyber Careers at the National Security Agency (NSA)
  • 30,000-40,000 employees
  • Headquarters are in Fort Meade, Maryland.
  • Glassdoor reviews from the National Security Agency

The Official Position

For foreign intelligence and counterintelligence, the National Security Agency (NSA) is responsible for monitoring, collecting, decoding, translating, and analyzing information/data. It employs both defensive and offensive measures (e.g., safeguarding US government networks from cyberattacks) (bugging systems, subversive software, etc.).

The National Security Agency (NSA) is the country’s largest (and perhaps most well-organized) employer of cybersecurity experts. It has a full-time team of 80 recruiters and 300 employees with recruitment as a secondary responsibility to identify qualified people. It has outreach in several universities and high schools, in addition to its connection with CAE schools.

According to the RAND Corporation’s report:

  • 80% of new workers are entry-level, with the majority having bachelor’s degrees.
  • Entry-level employees must undergo extensive training, which can last up to three years.
  • 1/3 of all Scholarship for Service graduates work for the National Security Agency.
  • Answers to the NSA’s Career FAQs can be found here.

The Unofficial Position

People that work for the NSA tend to stay put because of its reputation for hiring the finest of the best.

The NSA, according to the RAND assessment, “has a relatively low turnover rate” (losing no more to voluntary quits than to retirements). One reason is that it focuses on senior technical development programs to keep personnel up to date and engaged.”

The agency, on the other hand, has a serious ethical issue. Former NSA contractor Edward Snowden revealed a huge quantity of sensitive NSA papers to the public in 2013. According to the documents, the NSA has been secretly monitoring smartphones, email, instant chats, and even the discussions of friendly foreign leaders. (See the NSA Secrets section of the Washington Post.)

Glassdoor reviews applaud the agency for hiring skilled, innovative engineers and analysts, but they criticize some of the managerial practices. Benefits and compensation are described as adequate but not exceptional.

Military Branches

U.S. Air Force

  • Employees: 332,854 full-time employees
  • The 24th Air Force is based in San Antonio and is headquartered at the Pentagon.
  • Glassdoor reviews of the United States Air Force

The Official Position

The United States Air Force (USAF) is aggressively educating officers and enlisted personnel to detect and defend against cyberattacks on its systems. The United States Air Forces (USAF) is a branch of the United States military. The 24th Air Force, which includes 5,400 airmen, civilians, and contractors, is responsible for Cyber Command (as of 2014).

The following is an excerpt from the RAND report on the training process:

“According to our interviews, the US Air Force has a methodical method for assessing who would be best suited to fulfill its cybersecurity roles, which it divides into A-Shred, which can include some upper-tier specialists, and B-Shred, whose responsibilities are more clearly defined.”

Officers must complete a 23-week undergraduate training program, while enlisted troops must complete a 17-week cyber defense operations training program. Airmen must have the CompTIA Security+ certification to be accepted for training in cyber-related employment.

The Unofficial Position

People appear to enjoy working for the United States in general. Air Force is a branch of the United States military. Training is outstanding, benefits are good, and salary is consistent. A staff sergeant trained as a 1B4X1 cyber defense operator or 1N4X1A intelligence airman would receive re-enlistment bonuses of $40,000-$55,000 for a four-year commitment, according to a 2014 story in Military Times.

The disadvantages are the same as they are for any military profession. You may be on call 24 hours a day, 7 days a week, and need to spend a significant amount of time away from home. You won’t have much of a say in your work, as the US Air Force distributes personnel as needed.

According to the Rand researchers, enlisted troops are currently on a waiting list to be considered for a cybersecurity AFSC (e.g. cyber surety, cyberspace defense, etc.)

  1. U.S. Army
  2. Cyber Careers in the United States Army
  3. Employees: 546,047 full-time employees
  4. The United States Army is headquartered in The Pentagon in Fort Gordon, Georgia. Network Enterprise Technology Command is the Army’s network enterprise technology command.

Glassdoor reviews of the United States Army

The Official Position

The United States Army (USA) is the country’s largest and oldest military branch. In 2010, it established ARCYBER, an operational-level Army organization that inherited the previous Second Army’s history and awards. The Army activated the Cyber Protection Brigade in September 2014, according to a news release.

For cyber fighters, the Cyber Protection Brigade establishes a new career management profession (CMF 17). This includes new occupational specializations like 17c cyber warfare specialist and 17A cyber warfare officer, which combine signal and military intelligence skills.

To become a technician, you must complete two six-month courses and a two-year apprenticeship.

The Unofficial Position

The Army, like every other branch of the military, is seeking new ways to beef up its cyber capabilities. They are proposing a package of re-enlistment incentives for cyber warriors in addition to investing in intensive training for the Cyber Protection Brigade.

Because the Army doesn’t always have a solid track record in cybersecurity, this training had better be good. The Navy Times claimed in 2014 that at a secret 2013 CyberGuard Exercise at Fort Meade, active-duty cyber warriors got a (figurative) thrashing from civilian reservists. You might not be up to date on what’s going on in the private sector if you work for the Army.

Long hours, military bureaucracy, and time away from home are the general perks and drawbacks of any military employment — consistent salary, decent support, and robust benefits vs. long hours, military bureaucracy, and time away from home.

  1. U.S. Marine Corps (Marine Corps)
  2. Cyber Careers in the United States Marine Corps
  3. Employees: 194,000 people on the job.
  4. MARFORCYBER is headquartered at the Pentagon, however, positions are frequently located in Fort Meade, Maryland, or Quantico, Virginia.
  5. Glassdoor reviews of the United States Marine Corps

The Official Position

The United States Marine Corps (USMC) is one of the toughest branches of the military, responsible for delivering combined-arms task forces to forward locations.

The USMC launched MARFORCYBER in October 2009 in response to the USCYBERCOM plan. By 2016, it is expected to have a staff of little under 1,000 people (1/3 uniform, 1/3 federal civilian employees, and 1/3 contractors). The Marine Corps Network Operations and Security Center (MCNOSC) and Company L, the Marine Cryptologic Support Battalion, are two of its subordinate units (MCSB).

MARFORCYBER is focused on the tactical edge of cyber operations, according to its commander, Lt. Gen. Richard P. Mills, and supports forward-deployed commanders.

The Unofficial Position

Because the USMC is the smallest branch of the military, there aren’t many employment openings in general. Being a Marine is famously difficult and dangerous at times. Cybersecurity experts, on the other hand, may never be deployed to the front lines. In addition, the USMC, like other forces, offers considerable bonuses and training.

Just keep in mind that you’ll have to work with contractors. The USMC is engaging private sector expertise for short-term initiatives to fill particular skill shortfalls. Mills writes in an article for the Armed Forces Press Service:

“You need people who are educated and current in their fields, as well as people who can stay on the job for lengthy periods of time, whereas Marines come and go in the typical assignment process.”

  1. U.S. Navy
  2. Cyber Careers in the US Navy is a career site run by the US Navy.
  3. Employees: 325,143 full-time employees
  4. CYBER FOR is located in Virginia Beach, VA, and is headquartered at The Pentagon.
  5. Glassdoor reviews of the US Navy

The Official Position

The United States Navy (USN) is responsible for deterring naval aggression, fighting wars, and ensuring maritime freedom. The Information Dominance Corps (IDC) of the United States Navy has two key cyber components:

The Navy’s cyber warfare programs are overseen by Fleet Cyber Command/Tenth Fleet. It commands the Navy’s information, computer, cryptologic, and space forces on an operational level.

NAVI FOR (Naval Information Forces): NAVIFOR’s mission is to maximize Fleet preparedness and undertake timely and sustained naval, joint, and combined operations in support of US national interests.

The Navy also launched Task Unit Cyber Awakening (TFCA) in 2014, a 100-person force tasked with increasing cybersecurity and strengthening the Navy’s computer network defenses.

The Unofficial Position

The USN, like other military branches, is concerned about digital security. For example, the Wall Street Journal reported in September 2013 that Iranian hackers had gained access to an unclassified Navy-Marine Corps Intranet, which was used for email and the service’s internal intranet. Some systems are becoming obsolete at an alarming rate.

As a result, the USN is looking for methods to increase funding for enlisted IT training and strengthen aboard knowledge. It is promising select enlistees with cyber backgrounds “an automatic rise to the E-4 pay grade if they agree to enlist for six years,” according to a 2014 report in the Military Times.

Always keep in mind that this is a military position. You’ll be expected to work long hours and accept whatever assignments are offered in exchange for training, job stability, and perks.

Other Options to Consider


The Defense Information Systems Agency (DISA) supports the President, Vice President, Secretary of Defense, military, and combatant commands with information technology and communications. Military people, federal civilians, and contractors make up the group.

DISA Careers can be found here.

Federally Funded Research & Development Centers

Numerous National Laboratories (e.g., Argonne, Los Alamos, Sandia, and others), as well as public-private institutes (e.g., Software Engineering Institute), are in desperate need of competent personnel. Various government departments (e.g., the Department of Energy and the Department of Defense) sponsor these FFRDCS, which are run by universities and firms.

A list of federally funded research and development centers can be found here.

Federal Reserve

The Federal Reserve is the United States central banking system. The National Incident Response Team (NIRT), based in East Rutherford, New Jersey, is a tiny and clandestine cybersecurity unit. The Fed’s financial infrastructure, notably the Fedwire Funds Service, is protected by NIRT.

Learn more about working for the Federal Reserve.


The MITRE Corporation (MITRE) is a non-profit that assists some government departments, notably the Department of Defense. It is in charge of several Federally Funded Research and Development Centers (FFRDCs), including the National Security Engineering Center (NSEC).

Categorized in: