By Humphrey Cheung
August 7, 2006
Las Vegas (NV) - The great need for qualified computer security
personnel is now forcing the government to rethink rigid hiring
guidelines. At the Defcon computer security convention in Las Vegas,
more than a dozen federal agents told attendees that traditional
requirements like college degrees and polygraph tests were no longer
strictly required for government employment. They also said security
clearances are being approved quickly.
In a rather surprising change of strategy, the government is
streamlining its process of attracting hacking talent. Jerry Dixon,
deputy director for the United States Computer Emergency Readiness
Team, told journalists that his organization has hired several people
without degrees. Jim Christy, director of the Defense Cyber Crime
Institute told attendees that most of the people who come to work for
him usually come in as contractors and have no background with the
government. "We're gonna teach you how to do the job... without
college degrees," Christy said.
Apparently, "very gifted" have the chance of being hired even without
a high-school degree. "I just spent five and a half hours last night
talking with someone who has never graduated high school. And he is
one of the most innovative people I know," said Dr. Linton Wells II,
assistant secretary of defense for the Department of Defense.
Wells expalined that the government desperately needs qualified people
as 40% of the senior personnel will be retiring during the next few
years. With this upcoming shortage, the government is willing to
accept people gaining skills away from schools. "The last standing
perception of government service is that you need a college degree,"
said Wells. He said this perception does not match reality. According
to Wells, many employees, contractors and even people in the senior
executive service do not have degrees.
Christy told us that becoming a contractor first is the "easiest and
quickest" way to eventually getting a government job and said 60% of
his organization is composed of contractors. Government hiring
procedures often can be "slow and antiquated" and working with
contractors sometimes is the only option to complete a critical job,
"If we need immediate help, we will hire someone as a contractor and
then try to create a government position to move him into," said
Christy. He added it can take "two to three years" for that position
to be created.
Another misconception, according to the Defcon speakers, is that
security clearances take months or even years to complete. Christy
told us that new hires are getting cleared surprisingly quickly. In
many cases, hires can receive an interim secret clearance in about 3
to 4 weeks. According to Christy, the interim check consists of a
"quick little" background inquiry and a check for warrants and
convictions. "Even some people in government are surprised at how
quickly people are being cleared," Christy said.
Even though the government is willing to drop the four-year degree
requirement, other federal agents on the panel warned of requirements
that cannot be eliminated. Mike Jacobs, vice president and director of
SRA and a former deputy associate director of the NSA, warned about
"You gotta sit and take the polygraphy, folks," said Jacobs. However
this strict polygraph requirement only exists at some agencies - like
the NSA. Both Dr. Wells and Christy told us that polygraphs are
usually not required for other government agencies.
Many people and probably most Defcon attendees believe polygraphs are
required for most government jobs, but Wells said, "This is absolutely
not true... polygraphs are not required for most secret level jobs."
Christy told us, "Everyone doesn't have to be polygraphed. In certain
programs, up to 90% are not polygraphed."
The applicants that must face a polygraph often just take a basic
polygraph instead of the much tougher "lifestyle" polygraph test.
"Basically, we ask if you are a spy in the basic test," said Christy.
Other factors that could disqualify an applicant are financial
problems and drug use. Financial responsibility is the "number one"
disqualifier, but Christy adds that drug use is also a major
disqualifier. "If you used drugs in the last year, you would probably
Visit the InfoSec News store!