ClearanceJobs’ President Evan Lesser was recently interviewed by President of the Diversa Group,Derrick Dortch. He discussed federal hiring trends, cybersecurity hiring and the ongoing efforts to understand the insider threat.
Derrick: What’s happening in terms of the defense community since the President elect has been nominated?
Evan: “It’s been exciting, and we are seeing things change fairly quickly. One of the things that was talked about in the campaign was a federal hiring freeze, and fed workers are concerned about that. It should be mentioned that the hiring freeze wouldn’t be for public health or safety agencies, or DoD or intel agencies – but it would be everyone else. That’s a lot of people. The federal workforce for civilians is roughly 2 million people… So it’s understandable that people have concerns that the federal hiring freeze could be pushed through, when, and who it might affect.
“The other thing to keep in mind, if you’ve been following the news even remotely closely, some of the federal heads being nominated are people that don’t really have a great history with that agency, in fact they may have called for it to be dismantled or downplayed in the past – I speak of possible incoming education secretary and possible incoming energy secretary. It’s interesting to look at that, and it definitely has federal workers on edge.”
Derrick: Some of programs that Trump talked about require a lot of workers, for example building the wall, or defense hiring – both of these initiatives require a lot of workers, but with the talk of the Federal hiring freeze, there’s two messages we’re hearing – how do we reconcile that?
Evan: “That’s an astute point, and I think one of the things we heard a lot about during the campaign season was that catch phrase ‘drain the swamp.’ I think people assumed that was aimed at the very top positions of government, but as time moves on, people are starting to wonder if ‘drain the swamp’ applies to them too.
“The argument against reducing the federal workforce is, if you’re trying to improve an agency, sometimes the best way to do that is through hiring. For instance, we can talk about cybersecurity, it’s a great example. Cybersecurity is something we need government for, in all levels, in all agencies. Removing cyber talent will have the opposite effect of what people want, which basically is a more efficient government.
“I wish I had a crystal ball to prognosticate better, but until we get into January and February, I don’t think we’re going to know the full impact of what ‘drain the swamp’ actually means. But the overall outcome is a federal workforce that is on edge.”
Derrick: Is fake news/propaganda going to compel a new area of government to build around dealing with fake news?
Evan: “Yes – I think it will. Think about the earliest days of the Department of Homeland Security (DHS). A lot of it was physical security – how do we protect our infrastructure? The last few years, it has moved toward the digital realm. How do we protect servers, classified information, etc. And how does that mesh with industry? If Google went down, that would be a huge national security issue – a huge financial hit.
“DHS is going to have to figure out how to deal with fake news… when you have fake news that looks real, and works its way into society, that’s a problem. But who controls what gets seen on the internet? This is not Russia, this is not North Korea… We have a free and open system. DoD has been working with industry on putting a lid on fake news, but they also need to protect people’s right to free speech – there’s a fine lane.”
Cybersecurity Hiring Trends in 2017
Derrick: Do we sense that cybersecurity will take a turn in priority for the year?
Evan: “Yes – look at what we’ve learned this year, that there are varying levels of penetration into our electoral system:
- One level: the ability to affect individual votes – turn one vote into another.
- Higher level: The ability to influence a vote by breaking into email servers – for example the DNC – and releasing information at key points during the election cycle; and
- Highest level: Changing news, editing news, creating fake news or propaganda – we’ve seen a huge amount of it over this election season. And there’s every indication from the intel agencies that it has had an effect on voting, and on people.
“It’s definitely a weird era that we’re in – people feel the world has been turned upside down a bit. Cybersecurity is not just about how to protect our systems. With fake news influencing people – look at the recent attack on a DC pizzeria – that came about because of a fake news story – this impacts national security, and our defense department will need to address it. Both industry and government are starting to think about what information is getting out there digitally.
“It’s interesting too to think about the different phases of cybersecurity. Cyber started off with protection – how do we protect our system – how do we block cyberattacks. Then it was more about emergency response – who do we alert, how do we shore up the threat. Now you see a bigger focus on cyber offensive – how do we counter attack.”
“Because of cyberattacks, we’re seeing more instant messaging. Government and industry are talking about ways to communicate that would be safer, more secure – and there’s a trend toward instant messaging because it’s cloud based.”
Topic: Insider Threat
Derrick: What are we seeing as it relates to the insider threat movement? Is that still a big deal? How has that moved into our private sector?
Evan: “Since Edward Snowden, there has been a huge amount of effort in trying to understand insider threat. Making sure that people’s clearance level makes sense for the work they’re doing – this is a huge effort. Earlier this year, there was another insider making information available publicly. There’s been a lot of raising awareness, briefings, training, sharing of best practices, knowledge sharing – there’s been a lot of that. But the actual movement to literally monitor what’s going on with certain employees – that’s where the government hasn’t gotten started yet. Plenty of work left to do on insider threat. As we saw with Snowden, it just takes one person with bad intentions to create a world shift.”
Derrick: With the insider threat – you have to figure out someone’s behavior. Look at the info they’re reading online – get in their head. How are they going to do that?
Evan: “The government has developed an access score. This looks at an individual worker to determine what level of access they need to be granted. We can take a look at their score and see how much of a threat they could be, based on the information they have access to. So the next step would be to consider additional monitoring for people with high access scores. So heavier monitoring for people with higher access scores. The government is working on it, it’s just going to take a while.”
National Background Investigation Bureau (NBIB) and Backlog of Investigations
Derrick: Let’s talk about the National Background Investigation Bureau (NBIB). There seems to have been a slowdown of investigations – let’s talk about that. But also, where is the NBIB going, and are they going to be digging deeper to try to find people who would be an insider threat in the future?
Evan: “So, the NBIB launched in October 2016, and we knew there would be a transition period – moving people over from FIS to NBIB, hiring new contractors, getting people trained, setting up infrastructure. We knew there would be a time delay, but what has contractors spooked is the backlog of clearances and reinvestigations. There have been a few numbers that have come out this year…. One, we learned there are more than 500,000 investigations waiting to be completed.
“The other is the time delay to get a new clearance. In 2013 – getting a TS clearance could be done in 80 days, which sounds like a dream at this point. Now it’s 220 days, and that is just for the investigation portion. That doesn’t include time to adjudicate, or to get the final clearance award. So, 220 days is just part of the entire process.
“Also, we always have to remember, as reported by the OPM, that’s the fastest 90% of investigations… Meaning, there are 10% of investigations that are taking way more than 220 days, sometimes longer than a year, to get their TS clearance.”
Derrick: Why the delay? Just the need for more clearances? Or not enough people in place to do the clearance investigations?
Evan: “NBIB has been trying to speed up the process, but there are a few different factors at play:
- Hiring – they’ve always relied on contractors to do the investigation. Keypoint and CACI are two of their current contractors. But it takes time, and training.
- Movement of data from FIS to NBIB – red tape with transition from one agency to another.
- Social media is now being used by investigators to corroborate information found in clearance applications – and that takes longer.
“The last factor is – towards the beginning of 2015, there were certain investigators that were being rushed through the process, producing substandard work – people slipped through the cracks that shouldn’t have had a clearance. So companies like Keypoint, CACI – these companies have been put on notice, and they know that they need to produce high quality investigations, but they also need to do so in a timely manner to reduce this backlog. It’s a balancing act.”
Derrick: How do you prioritize incoming administration’s clearances? There will be 4k new employees who need clearance, how does that impact other candidates waiting on their clearances?
Evan: “Four thousand is a small number, so it shouldn’t impact the background investigation delay too much, but those 4,000 people coming in will take priority over those who have been waiting, so it will slow the process down a little bit.”
Derrick: Does technology speed up or slow down the investigation process?
Evan: “There’s been a lot of testing to figure out how we can use technology to empower the investigators – again, it’s a balancing act. The OPB previously and now the NBIB is always trying to balance quantity over quality, and to be fair, that is difficult. If you move too far in one direction, you have things happen like a falsified investigation, or Edward Snowden. It’s tough – I don’t think government quite has a handle on what that balance is, and it may have to be fluid and shift over time based on the number of people waiting on their investigation to complete.
“What I can say is that the government has been fairly open and flexible noting that there have been delays. One of the new memorandums that came out recently said that if you have a security clearance and your investigation is out of date, you can still keep your job, have access to classified information, you can still do your work – that caused a huge sigh of relief, because think about it, you’d be looking at 500,000 people that would not be able to step into their work place. So, cleared workers waiting for periodic reinvestigation are not going to lose their access.”
Social Media and continuous monitoring
Derrick: Do people need to be more careful on social media?
Evan: “Fed workers and contractors need to understand whatever gets on the web, stays on the web. Data breaches are a daily occurrence. Info gets all over the web. If your information is more protected, the hackers will move on to someone else. Fed workers should understand the sites they’re going to, the sites’ privacy measures, how they use your information – keep as much of your info off LinkedIn as possible. Understand that info on Facebook, LinkedIn, Twitter is public. You need to be proactive, don’t think that these companies are going to protect your data. You have to be in charge.”
Derrick: What about apps/games/browsers that are collecting information on users?
Evan: “There have been more than a number of cases where a user’s phone or laptop computer – the cameras are recording information, without the person knowing. You just have to be careful, especially if you are in the federal government. When determining clearance, the NBIB will definitely take a look at how public someone is online, and whether that makes them more of a target for coercion. That will factor into whether they’re granted a clearance.”
Derrick: What is ClearanceJobs doing that helps job seekers, and helps recruiters find the right people?
Evan: “We are surely in a time period where the candidate has the power. Think about it, there are 3.4 million people with a clearance, and only a fraction of those people are career minded and interested in hearing about job opportunities, and an even smaller faction of those people are actually looking for a job.
“So, there are far more open positions than there are available or interested candidates. Candidates are able to ask for higher compensation – and get it… They’re able to switch between employers more quickly… Candidates are in control – there are very few active job seekers. When you get into the high level engineering or cyber jobs, it’s even tighter. The market is weird – far too many open jobs compared to the number of candidates – that’s really putting the recruiters and HR teams on edge.
“And recruiters are less scrutinous than they were in the past. These days – if they can find someone with the right clearance, and a reasonable amount of experience, they are likely to give them a try.”