Conventional wisdom holds that your security clearance lands you a bigger paycheck in the cybersecurity world. While this is true statistically, it may not be true for you. In cyber, clearance doesn't automatically mean more money.
Certainly, it can mean that: A worker with secret clearance makes 5.8 percent more, on average, than one without clearance, according to the Human Resource Association of the National Capital Area, which is home to many clearance jobs.
A top secret clearance can draw as much as 12.8 percent more compensation. Translated into cybersecurity, this means an average salary of more than $102,000, according to ClearanceJobs.com.
But claiming that differential can be tricky. "It is a chicken-and-egg situation," said Cody Cornell, a former Coast Guard petty officer third class who now hires cleared professionals as CEO of cybersecurity software vendor Swimline.
On one hand, the rules of clearance say you can't discuss your clearance or advertise it.
On the other, if a job requires clearance, the job-seeker needs to make that known.
Most people skirt the rule, naming their cleared status on their resumes — but that's not the same as making it a selling point.
"Your clearance is not a marketing tool," Cornell said.
At the end of the day, while you may not be able to crow about your clearance from the rooftops, you need not hide it under a bushel, either.
"People are afraid to talk about their clearance at all. The fact that you have a clearance by itself is not classified," said Yinon Weiss, a former Army Special Forces captain who is now CEO of RallyPoint, an online military networking site.
"I have seen employers search our database, and they will go right past the people who have not identified their clearance status," Weiss said. "You need to be willing to indicate that you have that clearance. You do have to understand what you can and can't say, what you can disclose, but it is typically not the case that you cannot say anything at all. A normal security clearance typically is not classified."
There are ways to leverage clearance to land that higher cyber salary. A few strategic moves can help a veteran gain an edge. Here are five tips:
1. Get certified.
In working with the government or a military contractor, clearance alone isn't enough to secure a top cybersecurity job. Those looking to do such work also must comply with the Information Assurance Workforce Improvement Program (DoD 8570).
That program applies to anyone performing information assurance (security) work with access to DoD systems. The directive lays out guidelines and procedures for the training, certification and management of workers involved in secret cyber work.
"If you want to do this work, you have to get certified. Ninety percent of cyber jobs that require clearance also want DoD 8570 certification," said Evan Lesser, managing director of ClearanceJobs.com. "It's not something that is optional. If an employer doesn't see that certification on your profile, they are going to quickly move on to the next."
There are various levels and types of certification, detailed here.
2. Sell yourself as trainable.
Considering the pace of change in cyber, a new employer likely will need to make some investment in bringing a new employee up to speed. As someone with clearance, this can give you an edge. Many employers will take your clearance as a sign that you are ready to get in there and slay the dragon — that you'll be a quick and eager study.
"It's often easier for us to train a cleared but under-educated candidate for a cybersecurity position than it is to help shepherd a more qualified candidate without a clearance through the process," said Laura Carmack, vice president of human resources for SAP National Security Services.
Because cleared workers may be fast learners, this can help to smooth over any educational gaps in a resume. "In particular, the clearance can remove any perceived stigma from the lack of a college degree," Carmack said.
3. Don't cross that line.
Clearance means you are ethically dependable, and yet cybersecurity professionals often are tempted to act in just the opposite way, illicitly hacking into others' systems. In principle, such "white hat" hacking is OK. It's a way to hone skills and test defenses. It's also a way to scuttle the value of clearance, if you do it wrong.
"You have to be wary of testing your skills on the Internet or on private servers. There is a huge gray area. The government wants people who have certain expertise, but sometimes people will break a number of laws in getting that expertise," Lesser said. "Even if your intentions are good, this type of activity can put your clearance at risk."
Want to hack around without jeopardizing that generous salary? Basicsofhacking.com offers some guidelines:
- The ethical hacker should use cyber tools and knowledge only for legal purposes.
- Hack only to identify security issues with a system and recommend solutions as a defense strategy.
- Get management approval prior to hacking into a system.
- Set limits: Define the purpose of testing and get this plan approved by the organization first before venturing further. Stick to the plan.
4. Ease of use.
As a person with clearance, you have a big leg up on competitors applying for a cleared job. You are ready to go on Day 1, where a non-cleared person might take several months to pass all the hurdles and gain clearance. That's time lost to a potential employer.
"If you already have clearance, that makes it extremely easy for a contractor to hire you and to get you accepted by their military clients," said Bob Larned, executive director of military education at ECPI University.
To make that promise pay off, make sure you do your legwork. Check in with your commander or unit security officer to make sure your clearance paperwork is in order — and to make sure your clearance is current. Clearance expires if it isn't being used, and you'll want documentation that you have been working on a cleared project within the expiration period.
5. Go long.
Cyber professionals are known to be short-timers, always moving on to the next place where they can learn a new skill, tackle a new challenge, confront an emerging threat. That can make for a really great skills base — and a really lousy career path.
To convert clearance into greenbacks, it sometimes makes sense to park it in one place for a while. "When that employer sees you have been jumping around from job to job every six months or so, it does make them wary," Lesser said.
It's all too easy to make those jumps in the cleared world, where contracts come and go — especially in cyber, where inherently short-term tasks such as vulnerability testing may call for an employee to come onboard for as little as 90 days.
"We do see jobs where the company needs someone just to come in and test a system or fix a specific problem. But then there are other jobs where there might be a three-year contract," Lesser said.
That longer contract may or may not pay more, but it will pay off in the long term, showing employers that a cleared cyber pro is ready to hang in there for the long haul.