Amid Russia’s ongoing war in Ukraine, a new threat against the United States has emerged like never before: Russia might conduct cyberattacks against American infrastructure in retaliation for the country’s assistance to Ukraine. Previously, Russian hackers infiltrated the Democratic National Committee’s computer network in 2015 and 2016; in 2019, the Senate Intelligence Committee concluded that Russia targeted elections systems in all 50 states during the 2016 election in support of then-presidential candidate Donald Trump.
BY Rich GrisetJuly 14, 2022, 1:49 PM
A sign for the National Security Agency (NSA), U.S. Cyber Command and Central Security Service, is seen near the visitor’s entrance to the headquarters of the National Security Agency (NSA) in Fort Meade, Maryland, as seen in February 2018. (Photo by Saul Loeb—AFP/Getty Images)
Since Russia’s invasion of Ukraine in February, federal agencies have sounded the alarm about potential strikes against American companies, with the Federal Bureau of Investigation stating in March that Russian hackers had scanned the networks of five American energy companies.
In a June op-ed for tech website CyberScoop, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), and Chris Inglis, national cyber director, wrote that “the prospect of cyberattacks here at home—whether by Russia or other malign state and non-state actors—will not dissipate anytime soon…In today’s complex, dynamic, and dangerous cyberthreat environment, the answer is that our shields will likely be up for the foreseeable future.”
To address this need, the federal government is seeking to hire more cybersecurity workers. Last November, senior homeland security officials estimated that the federal government had more than 1,500 open cybersecurity positions. That same month, the federal government established the Cybersecurity Talent Management System to enable the Department of Homeland Security (DHS) to recruit cybersecurity workers more effectively.
“Cybersecurity is national security, and we need the best talent, and we need to cultivate that talent in order to make sure that our nation has the best and brightest ready to work in this particular area,” says Dave Luber, deputy director of cybersecurity for the National Security Agency, noting that different federal agencies and military branches must coordinate their efforts to be effective against cyber risks. “It really is a team sport where we’re all working together to make sure that we make it difficult for China and Russia to exploit our critical systems in the U.S. and our allied systems.”
If you’re interested in working in cybersecurity for the federal government, how do you get hired? Fortune spoke with experts to learn how to break into one of these roles.
What cybersecurity jobs exist with the federal government?
When it comes to federal jobs in cybersecurity, the sky is essentially the limit. From system engineers and software developers to cyber defense forensics analysts and ethical hackers, there are a wide range of jobs to be filled.
“There’s cybersecurity involved in every federal department and agency, and there’s cybersecurity roles both here in the beltway as well as outside of the beltway,” says Nitin Natarajan, deputy director for CISA, which is part of the U.S. Department of Homeland Security. “In order to execute CISA’s cybersecurity mission, it takes a very, very broad swath of experiences and expertise.”
Because federal cybersecurity workers tackle a wide range of tasks, potential recruits with non-cybersecurity backgrounds—such as in communications, legislative affairs, and budget and finance—are still viable candidates. “We want to have a very strong, diverse workforce that brings different experiences to the table,” Natarajan says. “It allows us to tackle the complex challenges that we are facing and will continue to face in the future.”
While some people who work in this field for the federal government have a master’s degree in cybersecurity or a similar discipline like computer science, both Luber and Natarajan say a graduate degree isn’t necessary.
“It’s not required to join the National Security Agency, but certainly a master’s in cybersecurity will help an individual who’s seeking a career” with the agency, Luber says.
He adds that many people who work in federal cybersecurity jobs were drawn to these roles out of a sense of duty. “Most of the folks that join the National Security Agency, or the federal government writ large, that are interested in cybersecurity [have] that sense of mission to make sure that our national security systems and our government systems are safe from exploitation,” Luber says.
How can I get hired to work in cybersecurity for the federal government?
Just as the work of cybersecurity professionals in the federal government is varied, so too are the routes for landing a job.
“There’s a lot of different pathways to get here,” Natarajan says. “There is no road map.”
For some people, the entry point is attending a school affiliated with the National Centers of Academic Excellence in Cybersecurity (NCAE-C) program. Managed by the NSA’s National Cryptological School, the collaborative educational program establishes cybersecurity and academic curriculum standards to reduce vulnerabilities in critical national infrastructure.
There are currently 384 colleges and universities partnered with the NCAE-C program. About a third of the designated programs offer associates degrees and certificates in cyber defense. The others mostly involve bachelor’s and master’s programs, but some programs include Ph.D. candidates, as well. These schools can be certified in three different programs of study: cyber defense, cyber research, and cyber operations.
Not only do federal agencies actively recruit from NCAE-C schools, but the NSA also offers more than 20 summer internships each year in a variety of fields and a Cooperative Education Program in which students work on NSA projects after being cleared to work for the federal government.
“For about 12 weeks they’ll join our team and we’ll give them [a project] that they can really sink their teeth into,” Luber says. “They go away with a better understanding of what a career in the National Security Agency might offer them.”
A large percentage of students who take part in a summer internship with the NSA eventually work for the agency full time.
Private sector cybersecurity professionals who are interested in working for the federal government can learn about job postings from websites like usajobs.gov, the federal government’s official employment site, and intelligencecareers.gov, which is the official website for careers within the United States Intelligence Community.
There’s also the Cybersecurity Talent Management System (CTMS) that DHS launched last November. The system aims to improve the federal government’s recruitment, development, and retention of cybersecurity professionals. Instead of the traditional hiring model of recruiting for specific roles, CTMS screens applicants based on their competencies, offers competitive salaries, and generally reduces the time it takes to be hired.
“It allows us to hire people a little bit differently than the traditional federal process,” Natarajan says. “Folks apply through a customized application pathway depending on what level you come in at.”
What other resources are available for people who want to work in cybersecurity for the federal government?
If you’re looking to get a degree in cybersecurity but don’t have the funds to pay for it, you may want to apply to the CyberCorps: Scholarship for Service Program (SFS). Through this scholarship program, the federal government pays for a person’s education in exchange for committing to work within the federal government for an equal length of time as their scholarship.
The scholarship provides up to three years of support for a bachelor’s, master’s or Ph.D. candidate; academic year stipends for undergraduate students are $25,000 per year and $34,000 for graduate students. Nearly 100 higher learning institutions take part in the SFS program.
Finally, there’s a Community College Cyber Pilot (C3P) program that partners with community colleges to help students become cybersecurity professionals in the federal government.
“It’s a great time to be working in cybersecurity,” Luber says. “Cybersecurity is national security, and we need the best talent, and we need to cultivate that talent in order to make sure that our nation has the best and brightest ready to work in this particular area.”