A cybersecurity professional in Arlington, Va., who protects the Pentagon, makes 72% less than someone doing similar work in Minneapolis.
According to a study from Indeed, IT security staff in Washington, D.C., and surrounding areas like Arlington make substantially less than their counterparts in other cities, such as Salt Lake City and Denver. The study compared salaries from information security specialists in 15 cities. The salaries had been adjusted to account for cost of living using data from the Bureau of Economic Analysis (BEA). Cost of living makes a big difference in comparing salaries, as a security specialist in Austin probably spends less money on a house than one in Arlington.
Faisal Iqbal, chief technical officer for U.S. Public Sector of Citrix Systems, said another reason for the discrepancy in salaries for workers in the Beltway area is the lure of the private sector. He said that Wall Street startups are able to offer their cybersecurity professionals more money than the government can; for this reason, more workers flock to those jobs. He also said that private companies, such as Minneapolis-based Target, are doubling down on cybersecurity and are drawing professionals.
“We have to compete for the same people,” Faisal said. “I think that’s what’s driving people to the highest bidder.”
According to Iqbal, the government faces heavy competition in attracting the same professionals that lucrative startups and private companies also seek out. One solution, he said, is for the government to adjust its compliance efforts. Instead of spending time and money to address compliance for a certain application, Iqbal thinks that applications should already have compliance strategies attached.
“There’s a lot of noise in terms of what needs to be done in cybersecurity. Programs should have compliance built in,” Iqbal said. “Compliance should be built in to applications and not something you have to bolt on later.”
In order to reduce the layers of complexity associated with app compliance, Citrix continually meets with agencies to see how they can leverage new technology. Iqbal said one goal is to have agency compliance become a “push-button exercise” instead of a matter of hiring 10 new people. He said that, if agencies can streamline compliance strategies, then they can focus their human capital on other issues.
Cybersecurity will continue to be a priority among agencies, Iqbal said. For example, agencies will always want to preserve integrity after a contractor finishes his or her year long term and ensure that the contractor cannot regain access to the servers once their job is over.
“It’s hard to protect. There’s always going to be vulnerabilities in software,” Iqbal said. “If we can reduce the noise level, we can leverage our efforts. Compliance should be the easy stuff.”