teen hacker (Monkey Business Images/Shutterstock.com)

Agencies need younger, more experienced hackers

With a 17-year-old Tampa student charged with last month's Twitter hack, it’s becoming clear that in the digital domain, practical experience quickly outstrips age and even credentials in importance.

Federal agencies could do much to improve their cybersecurity talent pool if they moved away from restrictive General Schedule hiring practices and were more open to bringing on younger candidates, according to Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency.

"You know at this point, particularly in cyber, I'm not sure it matters if you're 45 or 17, which speaks to the ways that we need to evolve our hiring practices," Krebs said during an Aug. 3 online discussion hosted by the Wilson Center.

"I'm getting, 17, 18-year-olds that apply for a job and [they] have six years of practical -- operational effectively -- experience in security research," Krebs said. "So, they've been online white hat hackers since they could … turn on a computer."

The federal government’s General Schedule hiring system doesn't credit the skills and experience of younger hackers. The current standards are "based on a system from 1929, almost a clerical hiring approach … that really prioritizes experience in a professional setting" such as graduate and post graduate degrees, Krebs said. That approach, where higher levels of credentialing and experience dictate higher performance, is "just not how cyber works," he said.

It's a recurring argument for the agency. In a budget hearing last year, Krebs complained that he couldn't appropriately compensate younger job candidates who had all the skills needed to excel but don't meet traditional educational and credentialing milestones. The result is that CISA and the federal government may be losing out on candidates at the same time it and the private sector are in fierce competition for an increasingly shrinking pool of cyber talent.

The solution, he argued, lies in diversifying STEM education, both in K-12 education and expanding technology trade schools so that two-year degrees replace "the equivalent of … having to go to law school."

The Office of Personnel Management, meanwhile, plans to revamp the hiring process to eliminate "unnecessary obstacles" to federal employment by focusing on skill assessments over credentials like college degrees. Draft changes to General Schedule qualification policies will be issued by Aug. 21.

Reader comments

Sun, Aug 16, 2020

No maturity, lack of focus and they feel that they should be recognized and awarded for doing what typically other professionals do in a complete 8 hr plus work day. They feel entitled to do what they want on a whim and that experienced older individuals are nothing more than a collection of worthless and senile people collecting a pay check. I guess when growing up they were awarded for dismal failures and continue this behavior.

Tue, Aug 11, 2020

Unfortunately the children of baby boomers in general have no idea about responsibility, respect for other generations and they have no attention span beyond their electronic toys. Other generations went through the hiring and mentoring provided by older individuals who have experience and knowledge of their organizations. The newer generation do not understand the idea of full work day for a full paid day. Incentives were not awarded to earlier generations and the motto was work and learn and obtain experience.

Wed, Aug 5, 2020 MikeM

I don't think the process matters nearly as much as the lack of pay. GS-12 no locality starts at $66,000 You aren't gonna hire many developers at that rate. And for cybersecurity, a GS-15 starts at $109,000 and no way a rookie gets that even tho they will on the outside.

Wed, Aug 5, 2020

True, to a certain extent, but maybe they need something as challenging for real work as their cell phone toys. The leading technical private sector has figured out how to engage them and hold their interest in productive ways. If the federal vetting and hiring does not figure it out most of the talent will go to the private sector and the feds will be beholden to the private sector for needed technology.

Wed, Aug 5, 2020 SAM USA

Being good at hacking is NOT the same thing as being good at Programming computer systems to make them safer from being hacked. Just as being a good Bank Robber does not make anyone good at managing a Bank.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above