What's it like being a part of a cyber-security team in a government agency?
I'm really thinking about majoring in Computer Science (Information Assurance) and going into a government agency like FBI, CIA, DIA, DoD, or any of the other like-minded branches. What's it like? How different is the public sector in this career from the private sector? Would you switch to private? #technology #cyber-security #fbi #cia #dia #dod
Cyber security is very important to the government right now and we should expect it to stay important for the foreseeable future. That means that there are jobs available and many government employers are very supportive of their security team.
One of the best things about cyber security is how wide ranging it is, and how many different ways there are to apply security. Depending on which agency you join you could be working on the offensive or defensive side of cyber, in risk analysis, threat intelligence, secure coding and much more. The FBI has a large cyber crime division and works to catch criminals around the world with the help of local governments and DHS enforces cyber law at the border and supports emergency response for national cyber disasters.
Check out the certification requirements for government cyber security workers (http://iase.disa.mil/eta/iawip/content_pages/iabaseline.html) if you know what kind or role you want you can see the required certifications or if you dont know then just take a look at Security+ from CompTIA (https://certification.comptia.org/certifications/security)
The government sector is very different than the public sector, most companies are concerned with protecting their assets or not becoming a news story. Government cyber security is much more concerned with the public good and focuses on things like critical infrastructure and protecting national secrets. I have worked in both and I think a good cyber security professional should have a wide range of experiences so feel free to experiment with either one!
Things to think about: to work for the government in cyber security, you'll need a security clearance. Employees can either work for the government agencies themselves, or as contractors (meaning they work for a company that the government hires to do a job). These jobs generally will not be able to be done remotely, since classified information must be kept in a classified facility. You can look at job postings on USAJobs to get some background information on the types of jobs and job duties that are available.
I come from the analytical side, meaning I did not have a strong technical background, but I worked closely with technical teams. I worked on a cyber threat team for the State department. One of my duties was providing cyber threat trainings to employees to talk about all of the threats and all of the best practices they need to do to keep our networks safe. You wouldn't believe how much of cyber security is training people not to click spear phishing links! I also worked cyber at DIA as an analyst. The main thing I learned was how to translate tricky concepts into plain language so leaders and decisionmakers would understand the threat and could take action.
Two sides, one is technically, the speed of adoption can be quite slow and/or random, but many pieces can be the same as in the private sector. You usually have to work with a lot of contractors which has give you good exposure, but can be frustrating at the same time. On some gigs, you are protecting the agency's internal infrastructure that might be minimal risk all the way up to military with more significant assets to protect. On the political / process side, is can be daunting and frustrating as the people change so much.