Government Cybersecurity Careers

For this resource, we wanted to get past the fluff and give you some solid information on cyber security jobs with the government. What’s it really like working for the NSA or the CIA? Which agency has the best reputation? Who is looking for security professionals? (The answer to the last question is basically everyone.)

Like our article on MOOCs, we’ve split the page in half. In Sections 1 and 2, you can skim through general job advice. In Sections 3-5, you’ll find detailed info on each agency or military branch, links to Glassdoor reviews and the official/unofficial line on cyber security careers.

Working for the Government

General Benefits

There are many reasons you might choose the life of a U.S. cyber warrior:

  • Public service – Your country truly needs you (there is a shortage of cyber experts across most agencies and military branches).
  • Superhero status – Security professionals take down drug runners, mobsters, rogue governments and terrorists.
  • Long-term employment – A career in the military can last for decades.
  • Good benefits – Military branches try to take care of their servicemen and women.
  • Intensive job training – You always have the option to switch to the private sector after you’ve served.
  • Cachet – You may enjoy the thought of working for the CIA or NSA.

Plus the government is working hard to attract new cyber talent to the ranks. It’s sponsoring scholarships (see SFS below), encouraging hacker competitions, offering re-enlistment bonuses and getting involved in recruitment at the high school level.

Top Online Programs

Explore programs of your interests with the high-quality standards and flexibility you need to take your career to the next level.

General Downsides

But there are also considerations that might give you pause:

  • Lower pay – For most jobs, you will likely be paid less than contractors or peers in the private sector.
  • Complex hiring rules – The government loves red tape.
  • Intensive background check – You will have to undergo a thorough, and sometimes intrusive, background investigation to gain security clearance.
  • Long recruitment process – Getting cleared to work for the government can take months.
  • Lack of independence – Rotating work and assignments are especially common in the military.
  • Poor reputation – The NSA Snowden scandal and revelations about CIA torture have done nothing to improve the standing of U.S. intelligence agencies.
  • Cool work goes elsewhere – You may find that complex jobs are being given to government contractors.

The problem of pay is particularly bad at the highest levels of the profession. RAND researchers found that top cyber security professionals could earn $250,000-$300,000 per year on the open market. Government agencies can’t compete with these numbers. So they’re losing expert talent to the private sector.

Further Resources

Scholarship for Service (SFS)

Scholarship for Service has one major purpose – to increase the number of qualified federal information security professionals. To do so, the National Science Foundation (NSF) has partnered with the Department of Homeland Security to issue scholarship grants to students specializing in information assurance.

Participants can receive stipends of up to:

  • $20,000 per year for undergraduate studies
  • $25,000 per year for a master’s degree
  • $30,000 per year for doctoral studies

Schools can participate in the program if they are certified as NSA CAE IA/CD or their information assurance programs are deemed “equivalent” to those of certified schools. View a list of Participating Institutions.

Once you have completed your degree, you’ll be expected to serve at a Federal, State, Local or Tribal Government organization for a period equivalent to the length of the scholarship (e.g. if you have a scholarship for 2 years, you’ll be expected to serve for 2 years).

According to a 2012 DHS CyberSkills Task Force Report, the top 5 places where SFS graduates went to work from 2002-2012 were:

  1. NSA
  2. Navy
  3. Army
  4. Mitre Corporation
  5. CIA

USCYBERCOM

U.S. Cyber Command (USCYBERCOM) is a sub-unified command under the aegis of U.S. Strategic Command. It has three main goals:

  1. Defend the Department of Defense Information Network (DoDIN)
  2. Provide support to combatant commanders for missions around the world
  3. Strengthen the nation’s ability to withstand and respond to cyber attacks

The important thing to know here is that USCYBERCOM is responsible for designing the cyber force structure, training requirements and training standards for the Armed Services. Its service elements include:

The DoD is currently working on a cloud-based architecture for the .mil network – the Joint Information Environment (JIE). This may mean new training and DoD requirements for cyber security skills. For example, instead of scanning and patching networks, you could be responsible for managing data access controls and mobile devices.

H4cker5 Wanted

It’s 110 pages long, but H4cker5 Wanted: An Examination of the Cybersecurity Labor Market, issued by the RAND National Security Research Division (NSRD), makes for absorbing reading.

In addition to covering current literature/reports on the labor market, the researchers delve into hiring practices at federal agencies and the goals of university programs. They even go to the trouble of interviewing federal representatives about their hiring processes.

It’s worth studying if you’d like a behind-the-scenes look at the cyber security labor market. We’ve used a lot of this research in our coverage below.

Federal Government Agencies

  • CIA

    Career Site: CIA Cyber Careers
    Employees: 21,575
    Location: Headquartered in Langley, Virginia; Field agents around the world
    Reviews: CIA Glassdoor Reviews

    The Official Line

    The Central Intelligence Agency (CIA) is responsible for intelligence-gathering and is the only independent U.S. intelligence agency in the country. The Information Operations Center (IOC) is particularly concerned with offensive cyber operations.

    According to the RAND report, the CIA prefers applicants to have a master’s degree in a cyber field as the minimum requirement. Potential candidates are drawn from job fairs, hacker conventions and inbound hires for the CIA’s IT department. Like the NSA, the CIA is trying to build talent from within.

    It also has an intense hiring procedure. When you apply, the CIA will:

    • Thoroughly review your résumé
    • Conduct a phone interview
    • Ask you to complete several online tests
    • Arrange a face-to-face interview
    • Conduct medical tests and a psychological screening

    Sensitive classified positions also require a background investigation and polygraph testing. Even after you get the job, the CIA is going to keep an eye on you, periodically monitoring your life and activities (for more info, browse our Quick Guide to Security Clearances).

    The Unofficial Line

    There have been a number of revelations about CIA activity in the past few years (see the infamous Senate Committee’s 2014 Report on the CIA’s use of torture).

    According to the 2013 “black budget” leaked by Snowden to the Washington Post, the CIA has been developing “aggressive new efforts to hack into foreign computer networks to steal information or sabotage enemy systems.”

    If you work for a spy agency, be prepared to face tough ethical dilemmas.

    Since a key tenet of working for the CIA is secrecy, we’re going to take Glassdoor reviews with a grain of salt. However, the general complaints seem to be centered on the stringent background checks/entry process, bureaucratic hassles and the lack of high pay.

  • DHS

    Career Site: DHS Cyber Careers
    Employees: 240,000
    Location: Headquartered in Washington, D.C.
    Reviews: DHS Glassdoor Reviews

    The Official Line

    Expedited in response to 9/11, the Department of Homeland Security (DHS) is responsible for securing the nation from threats, including terrorist attacks, man-made accidents and natural disasters. FEMA, the U.S. Coast Guard, the Secret Service, TSA – all of these fall under the jurisdiction of the DHS.

    DHS cyber security experts have a lot to do. They might be helping to protect critical infrastructures – e.g. water systems, electric grid, finance systems, etc. – or investigating data breaches and cyber crimes. The DHS is looking for candidates skilled in:

    • Cyber Incident Response
    • Cyber Risk and Strategic Analysis
    • Vulnerability Detection and Assessment
    • Intelligence and Investigation
    • Networks and Systems Engineering
    • Digital Forensics

    The Unofficial Line

    We’ll be frank – the DHS does not have a good reputation as a place to work. In 2014, it ranked dead last (#19) in the overall rankings of the Partnership for Public Service’s Best Places to Work in the Federal Government. It’s been in that spot for a few years.

    As Doina Chiacu points out in her Reuters article on government hiring:

    “[DHS] is playing catchup with the Pentagon’s larger and more established cybersecurity operations at Cyber Command and the National Security Agency. Not only does DHS lack the enhanced hiring powers of its military counterpart and the agility private companies offer, but the rigid bureaucracy of the 240,000-employee agency can foster an inside-the-box culture.”

    Contractors tend to get the coveted jobs (forensics investigations, intrusion detection) and employees end up with the remainder. Glassdoor reviewers also point out that upper management can be quite political.

  • FBI

    Career Site: FBI Cyber Careers
    Employees: 35,000
    Location: Headquartered in Washington, D.C.; 56 field offices in major U.S. cities; 400 resident agencies in areas across the country
    Reviews: FBI Glassdoor Reviews

    The Official Line

    The Federal Bureau of Investigation (FBI) is responsible for investigating federal crimes and protecting the U.S. from threats. It is also the lead U.S. counterterrorism agency and counterintelligence agency. The Criminal, Cyber, Response, and Services Branch (CCRSB) was created in 2002 to combat a variety of illegal activities, including cyber crimes.

    If you’re interested in a professional staff opening, the FBI is looking for a bachelor’s degree on your résumé. Anyone who applies for the FBI must also undergo a thorough background check (see our Quick Guide to Security Clearances).

    Opportunities should be available. At a 2014 cyber conference, FBI Supervisory Special Agent Charles Gilgen stated that the FBI’s cyber division planned to hire 1,000 agents and 1,000 analysts in the coming year.

    The Unofficial Line

    The FBI may be dangling the bait for cyber security specialists, but not everyone is biting.

    Charles Simmins says it best in his article on FBI cyber security hiring:

    “The FBI is not one of the ‘cool kids’ in cyber security and investigation. The NSA, the CIA, the DIA and probably some other ‘As’ all offer challenging roles in intelligence gathering and analysis, cyber warfare and other activities that fall under the Top Secret umbrella. The FBI, despite its puffery, has its cyber specialists tracing wire transfers by drug cartels and analyzing banking records of Mafia dons.”

    The FBI’s buttoned-up culture, rules, red tape and the modest pay are further potential turn-offs.

    On the upside, the FBI has a strong crime fighting reputation. It’s protecting minors, countering the abuse of citizens and putting nasty criminals behind bars. While other agencies are concentrating on cyberwars outside of the country, the FBI is focused on the U.S. Retired employees are often very proud of their service record.

  • GAO

    Career Site: GAO Cyber Careers
    Employees: 3,200
    Location: Headquartered in Washington, D.C.; 11 offices in U.S. cities
    Reviews: GAO Glassdoor Reviews

    The Official Line

    The U.S. Government Accountability Office (GAO) is an independent, non-partisan agency that answers to Congress. Because it’s in charge of investigating federal spending and improper activities, GAO is known as the congressional watchdog.

    This is a natural home for Security Auditors. The GAO regularly produces reports on information security weaknesses in government agencies and recommends steps to address them.

    The Unofficial Line

    GAO has a healthier reputation than some other agencies we might care to mention (see DHS). In 2014, it ranked #2 in the mid-size agency category of the Partnership for Public Service’s Best Places to Work in the Federal Government. It even beat out the Smithsonian Institution.

    Reviews on Glassdoor are generally positive, with people citing a good work/life balance and smart colleagues. The most common complaints appear to involve bureaucratic hoops, unfair promotion practices and the lack of high pay.

  • NSA

    Career Site: NSA Cyber Careers
    Employees: ~30,000-40,000
    Location: Headquartered in Fort Meade, Maryland
    Reviews: NSA Glassdoor Reviews

    The Official Line

    The National Security Agency (NSA) is tasked with monitoring, collecting, decoding, translating and analyzing information/data for foreign intelligence and counterintelligence. It uses defensive tactics (i.e. protecting U.S. government systems against cyber attacks) and offensive ones (bugging systems, subversive software, etc.).

    The NSA is the country’s largest (and perhaps most organized) employer of cyber security professionals. To find qualified candidates, it has a full-time staff of 80 recruiters and 300 employees with recruitment as an additional duty. In addition to its involvement with CAE schools, it has outreach in plenty of universities and high schools.

    According to the RAND report:

    • 80% of hires are entry-level; the majority of whom have bachelor’s degrees
    • Entry-level hires are required to go through intensive training, sometimes up to three years
    • 1/3 of all Scholarship for Service graduates go to work at the NSA

    View answers to the NSA’s Career FAQS.

    The Unofficial Line

    Thanks to its reputation for hiring the best of the best, people employed by the NSA tend to stay put.

    The RAND report notes that the NSA “has a very low turnover rate (losing no more to voluntary quits than to retirements). One reason is that it pays attention to senior technical development programs to ensure that employees stay current and engaged.”

    However, the agency also has a significant ethics problem. In 2013, Edward Snowden, a former NSA contractor, leaked a large number of classified NSA documents to the press. The documents revealed that the NSA has been involved in widespread secret surveillance of cellphones, email, instant messages and even the conversations of friendly foreign leaders. (See the Washington Post’s section on NSA Secrets.)

    Glassdoor reviewers praise the agency for hiring smart, creative engineers and analysts, but tend to chafe at some of the management processes. Benefits and pay are labeled decent but not outstanding.

Military Branches

  • U.S. Air Force

    U.S. Air Force

    Career Site: U.S. Air Force Cyber Careers
    Employees: 332,854 active personnel
    Location: Headquartered at The Pentagon; San Antonio is home to the 24th Air Force
    Reviews: U.S. Air Force Glassdoor Reviews

    The Official Line

    The U.S. Air Force (USAF) is actively training officers and enlisted men and women to detect and repel cyber attacks on its systems. The USAF’s arm of U.S. Cyber Command is called the 24th Air Force and numbers 5,400 airmen, civilians and contractors (as of 2014).

    Here’s the word on the training process from the RAND report:

    “Our interviews indicate that the USAF has a systematic way of determining who would best fill its cybersecurity missions, which it divides into A-Shred, which can include some upper-tier professionals, and B-Shred, whose duties are more strictly defined.”

    Officers undergo a 23-week undergraduate training course; enlisted personnel take a 17-week cyber defense operations course. Airmen who wish to be considered for training in cyber-related jobs must hold the CompTIA Security+ certification.

    The Unofficial Line

    In general, people seem to like working for the U.S. Air Force. The training is excellent, the benefits are good and the pay is steady. According to a 2014 article in the Military Times, a staff sergeant trained as a 1B4X1 cyber defense operator or 1N4X1A intelligence airman, would receive re-enlistment bonuses of $40,000-$55,000 for a four-year commitment.

    The downsides are those of any military job. You may be on duty 24/7, called at any time and required to spend a long time away from home. You also won’t have a lot of choice in your job – the USAF distributes its personnel as needed.

    According to the Rand researchers, there is now a waiting list for enlisted personnel to be considered for a cyber security AFSC (e.g. cyber surety, cyberspace defense, etc.)

  • U.S. Army

    Career Site: U.S. Army Cyber Careers
    Employees: 546,047 active personnel
    Location: Headquartered at The Pentagon; Fort Gordon, Georgia is the home of the U.S. Army Network Enterprise Technology Command
    Reviews: U.S. Army Glassdoor Reviews

    The Official Line

    The U.S. Army (USA) is the largest and oldest branch of the U.S. military. In 2010, it established ARCYBER, an operational-level Army force that received the lineage and honors of the former Second Army. In September 2014, the Army announced in a press release that it had activated the Cyber Protection Brigade.

    The Cyber Protection Brigade creates a new career management field for cyber warriors (CMF 17). This blends signal and military intelligence skills, and includes new occupational specialties such as 17c cyber warfare specialist and 17A cyber warfare officer.

    You must take two six-month courses and a two-year apprenticeship to become certified as a technician.

    The Unofficial Line

    Like every branch of the armed forces, the Army is looking at creative ways to increase its cyber force. In addition to investing in intensive training for the Cyber Protection Brigade, they are offering a package of re-enlistment incentives for cyber soldiers.

    This training had better be good, because the Army doesn’t necessarily have a great track record in cyber security. In 2014, the Navy Times reported that active-duty cyber troops took a (figurative) beating from civilian reservists at a secret 2013 CyberGuard Exercise at Fort Meade. If you work for the Army, you may not be on the cutting-edge of what’s happening in the private sector.

    General upsides and downsides are similar to any military job – steady pay, good support and strong benefits vs. long hours, military bureaucracy and time spent away from home.

  • U.S. Marine Corps

    Career Site: U.S. Marine Corps Cyber Careers
    Employees: 194,000 active personnel
    Location: Headquartered at The Pentagon; MARFORCYBER positions are often in Fort Meade, MD or Quantico, VA
    Reviews: U.S. Marine Corps Glassdoor Reviews

    The Official Line

    The U.S. Marine Corps (USMC) is known as the one of the toughest branches of the U.S. military, concerned with delivering combined-arms task forces to forward positions.

    In response to the USCYBERCOM initiative, the USMC established MARFORCYBER in October 2009. It is expected to grow to just under 1,000 personnel by 2016 (1/3 uniform, 1/3 federal civilian employees, 1/3 contractors). Its subordinate units include Marine Corps Network Operations and Security Center (MCNOSC) and Company L, the Marine Cryptologic Support Battalion (MCSB).

    According to its commander, Lt. Gen. Richard P. Mills, MARFORCYBER is focused on the tactical edge of cyber operations, supporting forward-deployed commanders.

    The Unofficial Line

    The USMC is also the smallest branch of the military service, so there aren’t a lot of job opportunities full-stop. Being a Marine is notoriously challenging and sometimes very dangerous. Having said that, cyber security specialists may never be deployed to the front lines. And, like other branches, the USMC is also offering generous bonuses and training.

    Just be prepared to get along with contractors. To plug certain skill gaps, the USMC is hiring private sector experts for short-term projects. In an article for the Armed Forces Press Service, Mills notes:

    “You need people who are educated and current in their specialties and who are available to stay on the job for long periods of time, whereas Marines come and go in the normal assignment process.”

  • U.S. Navy

    Career Site: U.S. Navy Cyber Careers
    Employees: 325,143 active personnel
    Location: Headquartered at The Pentagon; CYBERFOR is headquartered in Virginia Beach, VA
    Reviews: U.S. Navy Glassdoor Reviews

    The Official Line

    The U.S. Navy (USN) is tasked with deterring naval aggression, winning wars and maintaining freedom of the seas. The USN Information Dominance Corps (IDC) has two major cyber components:

    1. Fleet Cyber Command/Tenth Fleet: FCC is in charge of the Navy’s cyber warfare programs. It has operational control over Navy information, computer, cryptologic and space forces.
    2. Naval Information Forces (NAVIFOR): NAVIFOR is intended to maximize Fleet readiness and conduct prompt and sustained naval, joint and combined operations in support of U.S. national interests.

    In 2014, the Navy also established Task Force Cyber Awakening (TFCA), a 100-person force dedicated to improving cyber security measures and shoring up defense of the Navy’s computer networks.

    The Unofficial Line

    In common with other military branches, the USN is feeling digitally vulnerable. For instance, in September 2013, the Wall Street Journal reported that Iranian hackers were able to penetrate an unclassified Navy Marine Corps Intranet that was used for email and the service’s internal intranet. Some systems are rapidly becoming outdated.

    In response, the USN is looking at ways to invest more money in IT training for enlisted personnel and improve onboard expertise. According to a 2014 article in the Military Times, it is offering certain enlistees with cyber backgrounds “an automatic advancement to the E-4 pay grade if they agree to enlist for six years.”

    Always, remember that this is a military job. In return for training, job security and benefits, you’ll be expected to serve long hours and take what assignments are given.

Other Options to Consider

DISA

The Defense Information Systems Agency (DISA) provides IT and communications support to the President, Vice President, Secretary of Defense, the military and combatant commands. It’s made up of military personnel, federal civilians and contractors.

Learn more about DISA Careers.

Federally Funded Research & Development Centers

There are scores of National Laboratories (e.g. Argonne, Los Alamos, Sandia, etc.) and public-private institutes (e.g. Software Engineering Institute) in need of qualified professionals. These FFRDCS are sponsored by a variety of government departments (e.g. Department of Energy, Department of Defense) and administered by universities and corporations.

Find a list of Federally Funded Research & Development Centers.

Federal Reserve

The Federal Reserve is the central banking system of the United States. It has a small and secretive cyber security unit called the National Incident Response Team (NIRT) that operates out of East Rutherford, New Jersey. NIRT is tasked with protecting the Fed’s financial infrastructure, including the Fedwire Funds Service.

Learn more about Federal Reserve Careers.

MITRE

The MITRE Corporation (MITRE) is a non-profit organization that supports a variety of government agencies, including the DoD. It manages a number of Federally Funded Research and Development Centers (FFRDCs) such as the National Security Engineering Center (NSEC).

Learn more about MITRE Careers.

Recommended Reading

15 Best Online Master’s in Cybersecurity Programs 2021

15 Best Online Master’s in Cybersecurity Programs 2021

April 29, 2021   |   Staff Writers

An online master's in cybersecurity can boost your career options and earning potential. Check out our program rankings to kick off your search.

Top 15 Cybersecurity Schools 2021

Top 15 Cybersecurity Schools 2021

April 29, 2021   |   Staff Writers

The best cybersecurity schools prepare students for exciting and lucrative IT careers. Explore our ranking of the best cybersecurity bachelor's degree programs.

Are you ready to find a school that's aligned with your interests?

Find the right education path to take advantage of this fast-growing industry and join the front-lines on technology and security.