back to article 'White hats don't want to work for us' moans understaffed FBI

The Federal Bureau of Investigation is struggling to hire computer scientists, according to a Department of Justice audit of the feeb's attempts to implement its Next Generation Cyber Initiative. A 34-page audit report (PDF) from the DoJ notes that, while making considerable progress, the FBI has "encountered challenges in …

  1. Yugguy

    Public sector it jobs

    Never pay well. this is not news.

    1. Ben Tasker

      Re: Public sector it jobs

      Yup, there tends to be one of two reasons for doing them

      A) idealistic (e.g. serving my country)

      B) No other choice (whether through proximity or some other reason, like pigeonholing yourself)

      It's easy to see something like an FBI (or better GCHQ) role and romanticise it a bit (playing with cool potentially secret stuff), but whilst it may be true that you _might_ get to see and do stuff you couldn't in civvy street, we all need to put bread on the table, which, as a rule, is easier the more you earn.

      1. Charles Manning

        Re: Public sector it jobs

        (C) You're really, really crap and can't get a proper job elsewhere.

        (D) You're really, really interested in a very niche field that nobody else will sponsor.

        1. Richard Taylor 2

          Re: Public sector it jobs

          (E) You want to be able to put it on your CV and move on in a year or two

      2. Buzzword

        Re: Public sector it jobs

        G) You're an American, and you want a job that includes good healthcare provision, paid sick leave, and a decent amount of paid vacation.

        H) You want a defined-benefit pension (even if the sums on offer aren't great, you value the security).

        I) You're a young woman, and you want an employer that won't screw you over when you go on maternity leave.

        1. Grikath

          Re: Public sector it jobs

          J) trying to recruit potential Outlaws into the Fold of Lawfulness.

          Seriously, you're trying to recruit highly intelligent people who are by nature extremely good in seeing patterns, processes and systems, and generally tend to be less "socially able/politically correct" because of this, into something that by all data to date is a bureaucratic, politics-ridden monolith run by career politicians.

          Suuuure, that's going to work...

          1. e^iπ+1=0

            Re: Public sector it jobs

            K) You want to ensure that your ~126 page security clearance document gets 'leaked' to the "right" interested parties.

            1. Keith Glass

              Re: Public sector it jobs

              126 pages ? More like 8-12. Been there, done that, have SF86s dating back to the 1980s. . .

        2. Michael Wojcik Silver badge

          Re: Public sector it jobs

          G) You're an American, and you want a job that includes good healthcare provision, paid sick leave, and a decent amount of paid vacation.

          I'm a US citizen and resident, and I get all of those through my private-sector IT job. If I decided to leave commercial IT and become a professional academic, I'd still get all of those things. No need to look to the public sector for them.

          Of course, there may be other reasons for getting a public-sector job; but healthcare, sick leave, and vacation are hardly unknown in the private sector.

    2. Anonymous Coward
      Anonymous Coward

      Re: Public sector it jobs

      F) You want the security clearance for more lucrative contracts in a year or two and this is the easiest way to get it

  2. Khaptain Silver badge

    Definition Required

    Can someone please define what a "Computer Scientist" is and does. Hopefully it is more interesting than simply analysing WireShark logs, if not then I can can easilly imagine that low pay + boring jobs are not being fillled.

    From what I have understood the medias portayal of the "exciting" life of the FBI, CIA, CSI etc is far removed from the real world scenario.

    1. streaky

      Re: Definition Required

      Somebody that applies the scientific method to computery stuff one would think?

  3. hplasm
    Big Brother

    Don't they just-

    present 'grey'hats with a job offer they can't refuse?

    That's what TV tells us...

    1. Rich 11

      Re: Don't they just-

      But first they have to catch them!

      1. Yet Another Anonymous coward Silver badge

        Re: Don't they just-

        And then reject them if they have a tattoo, facial hair outside acceptable guidelines or any previous police investigations against them.

  4. Hans 1

    I thought they were into Millenium-type gals (the movies) full of piercings/tatoo's etc, that act autistic, listen to aggressive music, and never wash ... hard to find, that, when you are also looking for tech savvy ...

    1. Richard Taylor 2
      Happy

      And of course they won't let you play that type of music at an appropriate level in their offices

    2. Anonymous Coward
      Anonymous Coward

      "...hard to find, that, when you are also looking for tech savvy ..."

      You probably think that you are kidding, but this is true. Public sector is based on "fair access" spread sheets which means "targets over ability". It's to the point of "50% of the population is under an IQ of 100 and we must have a representative workforce". Heck - having a degree is probably a bad thing to them as that's an elitist hiring process.

      That's before they try to compete with salaries in the financial sector.

      1. TimeMaster T
        Boffin

        I have to challenge your 50% under 100 claim.

        There can be many more people under 100 than you think.

        Consider that you can have eight people with an IQ of 90 and two people at 140 and still have the average be 100.

        1. Robert Helpmann??
          FAIL

          IQ Optional

          I have to challenge your 50% under 100 claim.

          Challenge accepted. Pulling memories from $years ago when I studied this in grad school, the way IQ is defined involves forcing the normative data into a bell curve. By definition, 100 is the median with 50% above and below.

          1. LucreLout

            Re: IQ Optional

            @Robert

            Sorry, but he is probably right, just not for the reasons he thinks.

            I agree that IQ is bell curved such that 100 is always in the middle of the curve. Half above, half below. The reason he's probably right, is that head injuries occur which damage the brain, reducing the IQ of the injured party. As these are as likely to happen to someone in the top half of the stack as the lower half, some people must be dropping through the 100 threshold.

            I'm assuming the bell curve is not adjusted to reflect this, and I may be wrong, which is why I said "probably right".

          2. Expectingtheworst
            FAIL

            Re: IQ Optional

            Please read, He said average, not median.

            They are quite different and give different results in most cases.

  5. Anonymous Coward
    Anonymous Coward

    *One* of the (un)?intended consequences

    of the "War on Drugs" (tm).

  6. Shane McCarrick

    Unfortunately- its not just the crap pay that discourages people from applying.

    I don't know how many of you work in the Public Sector- but the bureaucracy and rigid structures- are such that many well meaning and public spirited people- who think they can make a difference to the world- even if only a little bit at a time- slowly have their enthusiasm and spirit are killed off.......

    Computer Science- is also a massive field. Just calling it 'computer science'- is like looking for specific skillsets in chemistry- but opening it to anyone with a chem minor. I even have a chem minor from a forestry degree (organic chemistry).

    These guys need to throw away the rulebook if they want to fill these positions. Short term contracts- on reasonable pay scales- proper security clearance which enables them to re-enter public sector service in the US or the EU at will- and recruitment for specific skillsets- and not just a broad 'computer science' tag- various database, programming and even robotics skills- need to be properly accounted for. In addition- you are not going to get a broad skillbase in every field office- and indeed- most people like running code against one another- have a team who can assign members to field offices, as and when they are needed- with dual reporting functions- both to the individual field office and its management- and also- centrally to the core group of whom they are would remain members- regardless of which field office they were assigned to.

    It would also help if they broadened their security clearance rules- there are significant numbers of Europeans who could help out- US agencies insist on citizenship- as do posts in GCHQ, or even smaller organisations- such as the Irish Rangers- all have their own citizen rules. The time to focus on a single state- I would argue- is over. Many educated citizens of the democratic world- ethnically are all over the place. My wife is part German, part Jewish, part Irish. My own godmother is Polish, and I have grandparents who were US citizens (I'm Irish). Etc. etc. using rules that rigidly exclude vast numbers of potential candidates- who have a lot to offer- solely on the grounds of citizenship- esp. in the many fields of computer science- is simply untenable.

    There are very many different paths that could be take to swell the ranks of very competent and experienced computer scientists, programmers, hackers etc- not least recognising that its not just another public sector job- its a series of disciplines- they are recruiting for.

    The days of saying- its a public sector job with a good pension- they will come (akin to if they build it they will come)- are over. If they want to fill the vacant posts- there needs to be an acceptance of the new reality- flexible working arrangements, significant pay for specific skills, vast mobility options etc etc.

    The threats the FBI are fighting against- are global threats- and are the selfsame threats that all sane democratic countries are fighting against. Not all of them are against rogue nationstates- though many are- corporate espionage, international hacking groups- and indeed- random people hopping in and out of hacking- are all targets the closure of whom we need to put to the fore.

    We do need proper safeguards too- whitehats demonstrating proof of concept code- are not criminals. Low skillset required hackers- perhaps checking the security of high profile websites before entrusting them with our data- should not be ignored for finding flaws- they need to be given prescribed reporting protocols they can follow- which all to often, they are not.

    We need a logical and clearheaded debate on the entire subject.

    1. Khaptain Silver badge

      Amongst all the altruism you also have to find staff that won't whistleblow about the "dubious" goings on "within" the establishment.

      Status Quo

    2. Anonymous Coward
      Anonymous Coward

      I never even made it past the job posting. They want people with the same quals as a field agent, yet sitting at a desk 40+ hrs/week. They shotgun their position postings, which is stupid. Oh? Yeah, we need people for a Cyber Security position! Let's put down every sub-field into a single posting! You need to be an expert in 5+ languages and an expert in networking architecture and an expert in physical security and an expert in forensics and..... yeah... You need network security? Get a specialist in the field. Programming? Get an expert. Forensics? You guessed it. Don't try to roll the entirety of Cyber Security into a single person. Knowledge of each area is fine.. for supervision/management. For the individuals, you want a person who is great in one or two areas, not half-arsed in a whole bunch of areas.

      I've been spending a significant amount of time on a government CS project.... and it is complete BS. At the end of the day, they'll have a bunch of check marks in boxes. Supervisors will get gold stars on their score cards, and actual security level will be worse than before.... because they "think" they have increased security. If you try to state otherwise... well... you're bashed down by higher-ups and/or shown the door. And they wonder why they're in such a crisis for CS talent.

      1. Grikath

        @ AC

        That's not a problem unique to the FBI.

        You know how it works... Department-in-need states specific qualifications, then it goes up through Management and finally HR, where the need to pee in the pot becomes greater in inverse relation to actual understanding of the subject at hand.

        By the time the actual job posting gets out, it's unrecogniseable to the department that's actually requested it.

      2. Anonymous Coward
        Anonymous Coward

        "They shotgun their position postings, which is stupid. Oh? Yeah, we need people for a Cyber Security position! Let's put down every sub-field into a single posting! You need to be an expert in 5+ languages and an expert in networking architecture and an expert in physical security and an expert in forensics and..... yeah... You need network security? Get a specialist in the field. Programming? Get an expert. Forensics? You guessed it. Don't try to roll the entirety of Cyber Security into a single person."

        Well - the article states that 5 of 56 field offices don't have a CS person on their team. Based on hiring 134 people, spread between HQ and field offices, the CS person could be the FBI's only expert in the state - so being an expert in multiple specialties might be required.

        Candidates might not want to relocate to say, Springfield, or there might not be any qualified frinks in that city. However, since we are dealing with computer crimes, could not a national team at HQ serve the needs of all field offices?

      3. VulSec

        True

        Isn't this true of many jobs in today's market. Penny pinching higher ups trying to get the most "bang for their buck", because it's all run by accountants the management get pats on the back for keeping costs down and still finding the "right" people.

        I agree look for someone who is a specialist to fill a specialist role, putting generalists into the roles is not the answer. George Osborne (UK Chancellor) stated a £1.9 billion investment into Cyber Security, I said it then and I'll say it now...it's not enough!

        Don't even get me started on the snoopers charter (Investigatory Powers Bill), having too few generalist analysts to sift through the potential torrent of captured data...yet another way to weaken the Cyber Security of a country, not strengthen it.

    3. Anonymous Coward
      Anonymous Coward

      In my day of getting UK clearance, you had to not only be British from birth your parents had to be British AND have been born in a commonwealth country.

      Common joke was that half the royal family would fail positive vetting.

    4. Preston Munchensonton
      Trollface

      We need a logical and clearheaded debate on the entire subject.

      You had me right up until this point, matey. May I recommend some place other than the Internet. Otherwise, you'll never get logical, clearheaded, or debates.

      Of course, troll....

    5. Anonymous Coward
      Anonymous Coward

      Nothing new here

      We need people who actually know what they are doing, hackers as opposed to hacks, committed people as opposed to time servers, people who actually give a damn. Thanks for your post. Successful human endeavor typically includes real leaders and people who believe in what they are doing, and those people can be found everywhere. Just check the human race.

  7. Anonymous Coward
    Anonymous Coward

    Is the invasive application process filling in one of those 83-page forms that are then stored on world-readable OPM? I can see where that might be a problem.

    1. Anonymous Coward
      Anonymous Coward

      Oh, forms....

      As in "Give five examples of how you supported diversity in your previous job"? That kind of form? (BTW, a similar question used to be on the standard application form for Greater Manchester Police.)

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh, forms....

        A bit worse than that...one of the losses on the OPM thing was Form 86 (127 pages now I've bothered to look it up). Covers you, relatives, anyone you've ever met who might be sketchy...just everything.

        1. Orv Silver badge

          Re: Oh, forms....

          Yup. A friend once let me know he was listing me on one of those forms, when he applied for a job at NASA. They never called me up, though.

  8. Trollslayer

    CGHQ is no better

    Pay freezes for years, rubbish pension and little gangs throughout the place doing whatever they want.

    HR are like frightened rabbits.

    I had an interview there and couldn't afford to travel to work there, got a job a few months later at >50% more, local and great people to work with.

    1. Disgruntled of TW

      Re: CGHQ is no better

      If you pay peanuts, you attract a certain kind of primate. Not usually the capable white hat sort.

  9. Anonymous Coward
    Anonymous Coward

    Invasive hiring process?

    Are they still doing positive vetting? That's a nasty process, for the potential employee, family and even friends.

    1. Boris the Cockroach Silver badge
      FAIL

      Re: Invasive hiring process?

      yes

      along with the 900 page application form with questions such as

      "Have you at any time been a member of a terrorist organisation?" yes/no

      "If the answer is yes, please detail the groups and length of membership below"

      I ask you.. who the f*** is going to say yes to that?

      and more so, whos going to be dumb enough to fill in the details of membership?

      1. Anonymous Coward
        Anonymous Coward

        Re: Invasive hiring process?

        Those questions are there for that exact reason. It is to turn away people before they ever submit an application. If you lie, and it comes out in the background investigation.. you're going to get nailed with an extra charge for falsifying your application.

        For questions about criminal offenses, those are actually weighed upon. You could have a felony gun charge for some idiotic reason (like the guy who got put in jail for moving his belongings to a new state, got pulled over in-transit, cop noticed the guns/cases, and he got sent to jail....) If you lie, they will nail you. If you tell the truth, they will look at the court ruling. Obviously, some criminal offenses fall into the same category as the terrorism question.. where it is meant to keep people from even applying.

      2. Irony Deficient

        Re: Invasive hiring process?

        Boris the Cockroach, perhaps someone who would prefer to admit his two-week dalliance with the Pennsyltucky Vegetable Liberation Front during his gap year over leaving himself open to a felony charge of perjury?

      3. e^iπ+1=0

        Re: Invasive hiring process?

        Hypothetically, this could be positive:

        "Have you at any time been a member of a terrorist organisation?" yes/no"

        Yes, I was freedom fighter against (e.g.) the Nazis / Viet Cong / Apartheid regime, under the circumstances that you were applying for a job with some government organization that just happened to be against the same mob.

  10. Mark 85

    This is pure bullshit...

    I'm surprised they're not insisting that candidates are lawyers like they do for field agents although I recall reading where they going to drop that requirement. But I don't know if they did.

    The people you want for this are a bit "outside" the norm. So they should relax or change the requirements.

  11. Erik4872

    FBI agent and white hat hacker aren't even in the same Venn diagram

    As mentioned by other commenters, the FBI isn't exactly welcoming of people who typically live outside of normal law enforcement culture. Even if you're a "cybersecurity specialist", you're a Special Agent first. This means it's a law enforcement job predominantly, there's a huge gun culture, and the "bully police officer" mentality is strong. If you don't fit that mold you're not going to do well there.

    To lawfully get a top secret clearance, you basically need to not use drugs ever, have very little outstanding debt, have absolutely nothing in your background that some overworked investigator won't find alarming, and never have had any run in of any kind with the police. There's a good reason for this; it's been shown that people with things to hide are easily converted into spies. But at the same time, it makes a lot of hacker types ineligible. In addition, the bureaucracy is an anathema to most people who would be desirable candidates. As a result, ex-military people gravitate towards jobs like this, but they aren't necessarily the best fit.

    1. Orv Silver badge

      Re: FBI agent and white hat hacker aren't even in the same Venn diagram

      "Little outstanding debt" is going to make it hard to recruit anyone who graduated from college in the last decade or two.

      1. John McCallum

        Re: FBI agent and white hat hacker aren't even in the same Venn diagram

        Make that the last 60 years I have heard of 80 year old people still not having paid of their student loans.

  12. Anonymous Coward
    Anonymous Coward

    It's more fun being a crim

    I suspect a number of white hats by day are black hats by night as Snowden proved to be. The bottom feeders are not very good at stable employment.

  13. Henry Wertz 1 Gold badge

    "Working for the man"

    I have the suspicion that, some whitehats also figure that the NSA has been operating illegally for at least a decade, homeland security has been given excessive authority, and don't want anything to do with this. They don't realize the government is not monolithic, and that the FBI has nothing to do with these other agencies.

    1. Trevor_Pott Gold badge

      Re: "Working for the man"

      You mean the 'independent' FBI run by crazypants fucktards that want to backdoor or ban encryption?

      Yeah, they're benign. Totally kosher. Yup.

    2. Anonymous Coward
      Anonymous Coward

      Re: "Working for the man"

      "They don't realize the government is not monolithic, and that the FBI has nothing to do with these other agencies."

      You really believe in that? How about 'data exchange programs' between NSA and FBI?

      NSA and FBI are as close as two sides of a coin, brothers in arms. They've more common operations than those which aren't common.

  14. Trevor_Pott Gold badge

    Dear FBI,

    Have you tried not being dicks?

  15. Mike 16

    A few data points

    Government IT pay poorly? Well, I decided not to take such a job because I wanted to finish college. It too four years after graduation to match that salary.

    Retirement? That's the thing. As a former phone-freak, I considered monetizing my skills by providing "communications consulting" to a local bookie. Then I remembered the guy in our town who was killed in a (alleged, never solved) botched holdup of his liquor store. Seems he was running a floating card game and fell behind on his payments to the local police. If you lie down with dogs, you'd better hope you get up with nothing worse than fleas. As one of the premier organized crime groups (OK, the Chinese PLA has them beat), the FBI are unlikely to let someone with both knowledge and a conscience just quit.

  16. MrDamage Silver badge

    Of course they don't want to work for you.

    The fact that they wear white hats, shows they actually have morals, and are unwilling to sacrifice those morals working for a TLA that has none.

  17. Spaceman Spiff

    Pay is irrelevant

    The FBI these days are just a bunch of unbridled assholes. No wonder competent tech workers don't want to work there! I can make 3x as much working for trading companies in Chicago. Why work for the FBI and get smacked by even worse bosses?

  18. Visual Echo
    Unhappy

    Where are these jobs listed?

    I've just been to the FBI 'jobs' web page, there are three (3) "Information Technology" jobs listed, two in Virginia and one in Alabama. Are you sure these job requisitions exist, as I would think this would be somewhere they would want to list them.

    Guess I'll stay 'retired'.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like