Col. Michael Convertino came to Defcon for the first time last year, and after finding about 60 good candidates for both enlisted and civilian positions decided to come back again.
“The principal reason that I’m here is to recruit,” said Convertino, commander of the U.S. Air Force’s 318th Information Operations Group, speaking Thursday during a panel discussion at Defcon’s sister conference, Black Hat. “We have many empty jobs, empty slots that we can’t fill.”
Feds Look for Helpers
Federal agencies have only recently begun embracing the hacker crowd. When U.S. Department of Defense (DoD) director of futures exploration Jim Christy hosted his first Defcon “Meet the Fed” panel on 1999, he was one of two people onstage. At this week’s Defcon, there may be several thousand federal employees in attendance, he said.
Federal government employees first started coming to Defcon to get information and build relationships from the hacker community, Christy said during an interview, but now it is becoming more acceptable to find new recruits at the show, despite its reputation as a subversive hacking conference. “The character of Defcon has changed over the years,” he said in an interview. “Ninety-five percent of the people here are good guys.”
Christy expects that a couple of hundred of this year’s attendees will be recruited by federal agencies, but no one is recruiting more aggressively than the Air Force. “The Air Force has always been the leader in this area,” he said.
Recruitment Contests, Contacts
Convertino’s efforts reflect a government-wide effort to step up cybersecurity recruiting. On Monday, the DoD co-sponsored an effort to recruit 10,000 young computer experts through a series of cyber-contests, known as the U.S. Cyber Challenge
In an interview, Convertino said that by next year many of his recruits will have completed the hiring process and will be able to attend the conference and encourage others to enlist.
The federal government has long had a hard time attracting and keeping top computer security talent, even at the very top.
Although the Obama administration created a new high level cybersecurity advisor position earlier this year, it remains unfilled. According to a Forbes Magazine report, the job has already been turned down by several qualified candidates.
Cybersecurity is becoming a hot-button issue, which means more congressional interference, and for people in the field more time spent responding to political pressures instead of real security threats.
The recruitment process is long and tedious — obtaining a security clearance can take 18 months — and the pay is generally lower than in the private sector.
But the challenges are unique and at Defcon this week the DoD’s chief security officer made a recruiting pitch to attendees, describing it as a place where geeks could develop world-class cyber security skills. “I have never seen in my entire career a more concerted effort…. to focus on this are area of education, training and awareness,” CSO Robert Lentz told conference attendees. “Any one of you in this room who want to seek positions in the government…. the opportunities are there; the resources are there. “
There might be one other reason why a government job could appeal to Defcon attendees.
The feds like to talk about developing cybersecurity capabilities to protect the nation’s infrastructure, but they may also be spending time at Defcon looking for people who know how to attack systems as well, said Mikko Hypponen, chief research officer with security vendor F-Secure. “If you want people who know how to attack, this is the place.”