The U.S. Army commissioned a new program aimed at hiring cyber officers over the next five years, but experts are...
uncertain the plan's incentives are enough to attract the best talent.
The military is looking for "Army cyber officers [to] build tools and devices, write algorithms, ciphers, programs and scripts and conduct research based on their current industry expertise," in order to "start building the future of Army Cyber warfare."
According to a post on the program, the Army is targeting civilians under the age of 41 with a four-year college degree "in a computer science or related field" and the ability to obtain Top Secret security clearance and pass an Army physical. Those accepted to be an Army cyber officer would be required to attend six-week and 12-week courses and commit to "a total of eight years of service with at least three years on active duty, followed by service in the U.S. Army Reserve or Army National Guard."
New hires would be accepted at the rank of first lieutenant or higher, which means a base salary starting at $41,958 per year for those on active duty, depending on experience. After including benefits like healthcare, tax advantages and allowances for housing and food, the total compensation would be approximately $66,786 per year.
Attracting high-level candidates
However, experts argued whether this would be enough to attract talent away from the private sector.
Kathie Miley, COO at Cybrary, a cybersecurity and IT training platform headquartered in Greenbelt, Md., said the offer to bring viable candidates into the military as high-ranking officers separates this Army cyber officer hiring plan from past efforts.
"Unfortunately, the unicorn-like requirements for these officer positions will make it near impossible to attract the people who are truly the best of the best. Because of the worldwide skills shortage, private employers and governments are paying premium rates for people with even minimal expertise," Miley told SearchSecurity. "Limiting the offer to people with degrees, under the age of 41, to $42k per year and nearly a decade of commitment will be undoubtedly unattractive to most people already skilled, per their requirement. They would be better off contracting with civilian companies to bridge their talent gap."
Ken Spinner, vice president of field engineering at Varonis, said it was smart to raise the age limit to 41 and streamline the Army cyber officer hiring process.
Kathie MileyCOO, Cybrary
"Still, eight years is a long time to commit to a single organization and the starting salary is likely going to be significantly lower than the six-figure salaries that most qualified security experts expect to receive in a very competitive, growing marketplace," Spinner told SearchSecurity. "That being said, this opportunity will likely attract individuals who are driven by the idea of helping their country and are motivated to join to achieve personal and professional fulfillment."
Lisa Wiswell, advisor to HackerOne and principal consultant at GRIMM, a cybersecurity consulting firm headquartered in Arlington, Va., said the Army cyber officer program "finding innovative ways to recruit and retain the best cyberspace workforce is absolutely in line with the broader cultural shift we've seen from the Army in the last few years."
"The Army's initiative is a solid one that will result in finding highly skilled folks, who choose the Army over a job in the private sector not necessarily for the money, but because the mission is important, and because they can make a real difference," Wiswell told SearchSecurity. "While a first year pentester at a Silicon Valley tech firm will certainly earn more than a first lieutenant at Fort Gordon starting at around $42K a year, the mission is far more fulfilling."
Jonathan Couch, former Air Force network engineer for the Joint Task Force at the NSA and current senior vice president of strategy at ThreatQuotient, a threat intelligence company based in Reston, Va., said only hiring five Army cyber officers per year seems low and "the job description doesn't give much detail into their overall responsibilities and organizational role."
"I am sure there will be applicants, especially if they are looking for only five candidates per year. I would question the quality of the candidates," Couch told SearchSecurity. "Are they looking to bring in the 'ringers' onto the teams in ARCYBER? This program would seem to indicate that these folks will be brought in for a specialized function to leverage their expertise to help guide other 'traditional' cyber teams the Army has in place."