The pros and cons of government cybersecurity work

The job can be boring and frustrating for some, but there also are upsides

Cybersecurity is a growth industry, with rapidly increasing demand for qualified professionals in government and industry and a growing number of schools offering courses and degrees. But a couple of security bloggers warn that cybersecurity jobs in large enterprises, especially government, are likely to be frustrating.

Mike Subelsky, who describes himself as a hacker and entrepreneur who has worked in cybersecurity for eight years in the military, as a government civilian and as a contractor, describes the work as uncreative, bureaucratic and restrictive.

“In classified settings, you are severely restricted in the sources and kinds of technologies you use,” he writes. “You won't have admin permissions on the machine you're working on. Forget installing Chrome with the latest extensions, you'll be lucky to get Version 2 of Firefox!  Or you might not have access to the Internet at all!”

Related stories:

Cybersecurity is hot on campus

Cybersecurity boot camps are a start toward a skilled workforce

A like-minded blogger identified as NetSecGuy wrote that “the government leads in cyber-boring.” Not only is the technology outdated, but management has no clue and information is seen as something to be hoarded rather than shared.

All of this probably is true. Many government workers I’ve known, although they tend to stay in their jobs because of the security, make similar complaints regardless of their job descriptions. Most of these drawbacks have little to do with cybersecurity per se, but are endemic to large, buttoned-down organizations, not just government. But there also are upsides to cybersecurity work in government that should be considered.

Although there are regulations restricting the types of information technology that can be used and defining their configuration, the government does have power users. Science-oriented organizations such as NASA, the National Oceanic and Atmospheric Administration and the Energy Department’s national labs often are at the cutting edge of science and technology, and at least a few lucky people have some great toys to play with. A security worker who gets into the right position could end up protecting and using some pretty cool tools.

The systems and data being protected at other agencies also are important. Although every agency has its routine back-office business systems, there also is a wealth of sensitive and critical data to protect. State secrets. Military plans. Things that spies from other nations are dying to get their hands on. These stakes add some interest to the game.

Finally, you’ll be going up against the best. Well-funded foreign espionage programs and sophisticated criminals are targeting government IT systems. If you can detect and keep them out, you’ll be at the top of the game.

Unfortunately, this does not change the likelihood that the rank-and-file of government cybersecurity workers probably will be doing routine administrative chores rather than playing high-tech games of spy vs. spy, and they will be able to expect little gratitude from their country or coworkers.

“In many of these jobs, you're going to find yourself acting as an enforcer, a mere gatekeeper,” Subelsky writes. “You'll be telling the creative people in your organization all the things they can't do or aren't allowed to have.”

But there is something to be said for being dependable. As one reader responded on the blog, “There is something attractive about a high-paying position with job security. I want one of those. Yeah I might work on something boring, and may have to sell my soul. But at least I can pay my mortgage, right?”

The current generation of cybersecurity professionals tends to be zealots; people who are passionate about computers, coding and hacking, who started out as teenagers spending hours in the basement playing with gadgets, educating themselves to the point that they are co-opted by organizations where they find themselves bored. The next generation will be young professionals who choose cybersecurity as a career path and enter the field with a different set of expectations.

We’ll lose something along with the passion, but they’ll be able to pay the mortgage and we’ll have the minds and hands we need to keep watch on our cyber defenses.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • bitcoin in data center

    Cryptojacking: The canary in the coalmine?

Reader Comments

Thu, Feb 25, 2016 Banzai

I've been in the infosec field now for a decade, qualified to the hilt, working as a consultant on pop star wages. "That's a reason to do it" I hear you say. Nope it's boring. No matter how much I engage, interact, advise, get buy in, it always (daily) falls back to its common ground, boredom. I will be looking for a complete career path change. First say my thank you's and goodbye, then chill out, get re-motivated, and seek something worthwhile to do. Sorry if it sounds bleak, but it is true. You have to be of a certain disposition to enjoy this work, and the financial motivation has now gone.

Wed, Feb 3, 2016

You don't have to work for the government. If you get lucky a private security company might pick you up in college and pay for your education. But like I said you just have to be lucky. But personally once I heard about this field I couldn't wait to get into college.

Tue, Jun 16, 2015

Who says you have to work for the government?

Thu, Aug 28, 2014

Now I am very nervous this is a degree that I am about to complete.I did not realize that it would be extremely boring. I may have too much personality for this or maybe I'll just get my personality out after work. I want to work not feel mundane. Should I just switch career focus? Do I at least get to interact with people in a team or group setting?

Mon, Feb 3, 2014 iggybear

this doesnt have reseach on what they do for my homework

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group