Enlisted or Officer, you’ll not break $200k annual earnings until at least 20 years of experience and Lieutenant General or higher rank.
NSA after a decade of experience you may approach 200k.
Anduril starts entry-level at $200k.
But in my experience, there comes a point where people start saying "OK, now I'm earning $x00,000 I'm rich enough to afford some luxuries, what luxuries would most improve my life?" and it turns out things like "not being on call" are kinda popular.
I'm not sure there's any reasonable amount of money that would make me want to go to a boot camp and get hazed by a bunch of jocks.
So they might need pay and fixes to the culture.
To be a comfortable place for a lot of us to work, the military would need to understand that "because I felt like it" is both a complete explanation and a valid justification for either a 100,000 line software project or a two day nap.
Marine Corps recruit training and Air Force BMT are world’s apart.
The pay is one issue, but the social aspects are the much bigger issue.
In bureaucracy where jobs are almost impossible to be fired from for lack of adequate performance there is always an entrenched notion that anyone performing better is making everyone else look bad, and this results in sideband bullying, silencing, and various other forms of coercion which meet a definition of torture.
This is why Academia, and Government have such a hard time finding and keeping qualified people. Structurally, those in charge are the ones promoting negative production value, they may say otherwise but people lie all the time and its only rational to take people by their actions over what words they speak.
There is no amount of money that someone will justify selling/losing their sanity in exchange for money. Money isn't worth anything if you can't spend it.
If you sieve the entry with arbitrary requirements, while also making the job intolerable... of course you aren't going to attract talent.
Its not mainly a matter of money, or for that a matter of culture. Its a matter of structure, and structural failures that incentivize these deficits, they are the same deficits found in central planning.
If you can't relieve people for doing a bad job, you only ever attract parasites which crowd out your productive members, and eventually the reputation gets around and no one even bothers to apply or go down that path if they can avoid it. Couple that with systems which are designed to propagate evils without the individuals alerting to the fact, and who would risk their soul for a job?
The wisest understand that the job you choose can warp and defines you. If you segment and compartmentalize information you'll never know when you commit attrocities, and you'll be equally responsible regardless of that knowing.
Overall, Government job? Academic Job? nope moving on. Sanity, and religious beliefs are valued well above anything so base as money; but there are those types too.
This sounds like it’s more a problem of boot camp, not so much the cyber department.
That means if you are a 12 year E6 and plan to stay in to 20 your real total comp is closer to $130k/year, and that’s not including BAS, retention bonuses, and other compensation. And it excludes tricare and other VA benefits post retirement.
The total potential compensation for military personnel is far more comparable than it looks, but is heavily weighted to non-cash compensation.
* Apologies if I’m being too pedantic here to much, but I wanted to make sure people who aren’t familiar with the subject can understand what I’m getting at as well.
The "total compensation" numbers that military recruiters tout are not actually real.
I know, I lived it for 23 years.
That's the thing people don't understand about all that -- those fake numbers are including a pension that for the majority of people who are in the military will never exist.
BRS was an attempt to give those people something, so they have some TSP matching, but even that only kicks in after six years IIRC.
Also DOD healthcare is worth every penny the service-member pays for it.
As well as the fact that many roles are tied to holding an active clearance, and while some things would be available in those amounts, debt generally is not one of them (a big opportunity cost).
So a bit more likely than the draft.
I'm technically also subject to the UCMJ for the rest of my life as well.
It wasn’t like you could get that right of the bat.
Military experience is valuable on itself.
Yes you don’t want to stay there for whole career- but doing 5 or 10 years is going to pay off later. Just be good for your mates ;)
Also a major point not covered was defined benefits vs the 401k model.
There are some aspects of the military culture that are a bit anachronistic, but it’s minor compared to the pay and the career progression problems the military creates. It forces an up and out system where you can’t continue doing what you’re good at for increasing amounts of pay.
$200k is huge for most people. Even $100k is a good salary for most of the country. Start adding in housing allowance and a defined benefits program and it's really pretty decent. Most branches will do direct commissions up to O5 for cyber roles now.
They aren't writing exploits or developing tools. Most (though certainly not all) of that work is done by contractors on very good money, or purchased from industry.
I'm arguing that if you're capable of performing cyberwarfare, $200k is a fairly low salary. The $122k median "cyber security professional" is including a lot of people with CCNAs who configure firewalls for a living.
The kind of people that tend to read about tech for fun, and have enough of an opinion on it to post, tend to be lean above average? At least I certainly like to think of myself as such.
People here are just remarking on what it would take to get them to take a job in the military.
Sure, but they also tend to understand the importance of data and bias. So things like looking at the median instead of making assumptions would be expected more on here than other places.
You aren’t likely to compare compare yourself to the median, but to those whom you consider your peers. If you peers all have higher compensation, you’ll feel bad, regardless of the fact you are objectively in the top 90% of compensation for your role.
The real point is that you can still pull competent professionals under $200k because that's an attractive number to the majority of cyber warfare operators or cyber security professionals being that it's at least $50k over the median for either. Reducing that to $150k is still somewhat to slightly over the medians for either, and thus still a financially attractive number to the majority of the candidate pool. Money isn't the real issue here, it's the other restrictions, culture, etc.
The thing about contractors is that paying $ x million for a project is "normal", but paying a entry-level software dev twice the salary of e.g. the national police's commander in chief is completely unacceptable. If you do that, people in other branches of government will most definitely strike, and doing it will involve incredible amounts of feather ruffling. It's probably one of the hardest things for a government to do, and it stands against everything governments traditionally stand for.
I don't think democratically-elected governments have a good way out of this problem. Propaganda about "protecting the nation" probably helps somewhat with convincing people to just stomach the lower pay, but that's far from enough.
Where is Anduril getting that money? They're paid the same rate for govt contracts as everyone else no? Do they boost that with investor cash?
Besides hiring talent, it carries through to career advancement and development (which plays heavily into personal fulfillment!) which on turn affects retention. If you're thinking of starting a family and settling down, being able to have more flexibility and significantly more money is a highly attractive option.
No. Where did you get the idea the government pays the same rate for every contract/contractor?
Defense procurement is notoriously complicated, and there are myriad ways contracts can be structured. There is definitely no single rate.
I worked on 3 different projects at two different defense companies and it worked the same.
Anduril, I assume, charges the government the 2x or whatever it pays for its labor. And the government pays because Anduril has convinced them they have something no other contractor can provide.
A mix of VC funding, foreign defense sales, and private sector deals, because their products are dual use. Also, as a private company, they don't have the same kinds of expenditures that a service has (pensions, capex on infra, etc)
> I think that it's complicated
Yep! Esprit de corps does play a role in retention to a limited extent.
Also, after this hearing happening in 2018, all the branches began pushing heavily for Cyber Reserves branches because it's the easiest way for them to remediate the skill and pay gap.
The idea is to be more like Microsoft or SpaceX. The government doesn't micromanage Microsoft's R&D, they simply purchase licenses for Windows off the shelf. Same thing happens for SpaceX rocket launches at this point.
You should go there for 5-10years if you are a poor shmuck so they train you, get some value from you and that’s it.
Sounds like you are really proud of your military. Well it might reflect how the things really work anyways. They should put it on their recruitment offices: "if you are a poor shmuck - come to us"
Military is one of valid options to improve their lives .
Even if you have a lot of time left on your current enlistment period and they don't have cause to toss you out, couldn't they reassign you for the rest of your term to something else?
1. Anduril is more competent than the people they can afford to hire.
2. Giving Anduril money funnels funds into local enconomies and individuals that are important to political objectives.
Interesting. They can't afford to hire person. But by paying to company like Anduril they somehow can afford not only salary of said competent person and a boatload of overhead. Kinda contradictionary.
The government outsources things to contractors because they have no idea how to manage those projects. Do you want your mayor as the foreman for the crew paving your roads?
As with most businesses, the government has the money but not the know-how so they need to outsource or contract.
But this also requires supervisors willing to actually supervise. Often these folks just get shuffled around, they know no one wants them, but they know no one will go through the trouble of firing them either. Shameless, worthless people will happily suffer that indignity for years if they're also getting a low six-figure salary and know they'd get $0 outside of government because private companies would fire them with cause and they'd stop getting any salary.
Note that this is logically impossible; if they can afford to pay Anduril to hire those people, they can more easily afford to hire the same people themselves.
GS-12/13 is a common working level for these jobs. Even on the cyber side which gets a 25% or so incentive pay on top, it's not competitive with what industry would pay. And only a handful of truly critical programs might, might, be able to get GS-14/15 billets for their technical staff, that'll still only be for SMEs with years of experience or certain key skillsets. Above GS you start requiring congressional appointments as well, and they aren't going to setup hearings so they can pay people over $200k, it's easier to get a contractor willing to pay that much.
Almost no one in tech gets into SES, and they wouldn't want to -- SESs don't write software.
> if they can afford to pay Anduril to hire those people, they can more easily afford to hire the same people themselves.
They can't afford to hire the same people because they can't (as in, they legally cannot) pay the salaries those people are going to demand. That's what I was responding to. The gov't cannot afford to hire the same people themselves, they can hire other people at lower salaries but not the same people.
You can't transform something into an affordability problem by wishing. Do you think giving the government more money would solve their hiring problem? No? Then their hiring problem isn't related to what they can afford.
??
Just asking, not accusing anyone of anything.
The moment you can't fire people for not meeting a base level of competence is the moment your systems start failing.
If Kamala had to actually pay for all of the stuff she did out of her $284,600/yr salary we'd see that number go way up real fast. I doubt that even covers her security detail if she stayed at the Observatory all year.
The USA has a revenue of ~4.5 Trillion and the 2nd in charge gets <300k while companies with well under 1T revenue have numerous employees with $xx million compensation.
> [1] The aggregate limitation on pay for members of the Senior Executive Service and employees in senior-level or scientific or professional positions covered by a certified performance appraisal system is the total annual compensation payable to the Vice President under 3 U.S.C. 104 on the last day of the calendar year.
[1]: https://www.opm.gov/policy-data-oversight/pay-leave/pay-admi...
2. Enlistees are bucketed based on rank and years within the service. It is almost impossible to make a case for Cyber Enlistees to get a separate payscale from other Enlistees because other enlistees can and do get pissed.
A mix of public-private offensive security partnerships plus a strong reserves component for cybersecurity related roles is the best solution - this is what Israel does.
Finally, CyberCom is a joint command, not a branch, so they are limited in comparison to what individual branches can do.
I wonder if (and maybe this is already in practice), there's an opportunity for warrant officers in this context. In the United States Army where I enlisted, our helicopter pilots were mostly warrant officers and then you had the staff officers who would always try and get more flying time.
The warrant officers were, I believe, paid less than the staff officers, but there's no reason to think the military can't provide additional pay. Retention and sign-on bonuses for expertly-trained cyber warfare and other compute-related activities warrant officers could be something to consider.
Even as an enlisted soldier since I worked in aviation we'd get extra pay because of the odd shifts we worked which was supposed to make up for/supplement on-base meals. I may be remembering incorrectly but being airborne trained provided some extra money as well, though nominal.
All that to say, if a W-1 is making $50,000 in base pay per year, if we wanted to we could just double that via retention and sign-on bonuses.
Of course you might say, well sure but then you know you really aren't making as much as that engineer who is pulling $180,000/year + bonus/equity, and you're right, but in a similar vein I'd say yea and you can only fly an AH-64 in the military....
Already in practice, but a WO's salary can't compete with private sector pay.
The Marines gives Cyber personnel an officer level, because the marines are very budget constrained so they don't have the money needed to send personnel to upskill, and wants to attract people who can hit the ground running.
> Of course you might say, well sure but then you know you really aren't making as much as that engineer who is pulling $180,000/year + bonus/equity, and you're right, but in a similar vein I'd say yea and you can only fly an AH-64 in the military....
Yep! Imo, there will always be some attrition to the private sector due to the pay differential, but making Cyber roles reservist friendly solves this issue. (<-- already starting to happen)
Also giving the option to enlistees to upskill helps solve the human capital gap, plus builds their loyalty to their service and minimizes attrition to a certain extent. A dedicated Cyber ROTC might help as well, just like how the NSA has a similar program. (<-- slowly starting to happen depending on branch)
Honestly, the best solution is to probably convert CyberCom into it's own branch, just like the USSF, because that at least allows Cyberwarfare to not be treated as an afterthought due to service/branch commitments. (<--- probably not happening in the near future sadly).
Nice argument when you are single...
I tried to put together a team of students to compete in one of MITRE's cybersecurity competitions, but struggled to get other students to create SSH keys so that they could get access to the competition server. Not hack into the server, just follow instructions that I gave them to create keys and give me the public ones so that they could log in and participate.
The industry has a similar problem that the military does: It's very difficult to take non-technical people and train them to be cybersecurity professionals, much less hackers.
You need to start with an engineering background, and it almost has to be electrical or computer engineering, or at least computer science. Of those people with that background, hacking in particular is a type of thinking, problem solving, and mentality that not everyone has.
If you want to defend, attack, or manipulate cyber infrastructure you need an understanding of how that infrastructure is designed and operates. An engineering background will at least give you the building blocks for that.
The person whose only degree is Art school dropout, but who's logged many hours coding personal projects, running their own Linux or BSD machines, playing with networking, tweaking a game binary, etc., will wipe the floor with more-credentialed others, at a lot of real-world computer technical stuff.
Compared to person with a Engineering degree, or even a Computer Science degree-- but who spent no time outside of classwork, Leetcode memorizing, and a GitHub profile that was motivated only by FAANG-application coaching.
Those people who couldn't create their keypairs probably have fine raw material for becoming the kind of Technical person you need. But they're just having a pile of information shoveled at them in lectures and homework. And maybe they just wanted a job. And nobody told them that, if you want to be good, you have to put in the hours of quality unstructured learning time.
The people who couldn't create their keypairs may have had the raw material, but they were trying perform at a level they weren't yet capable of - they couldn't google a simple task and follow instructions. They needed to go back to square zero and learn basics when they were in a graduate program. And because the graduate program was dumbed down, they weren't going to learn the basics in the program.
When I was doing consulting computer stuff for aviation safety[1], I used to joke to myself that I had The Right Stuff... for sitting on my butt, typing on a computer.
But I never voiced that joke in the presence of clients or partner organizations. Where some of the personnel were actual fighter pilots, and who knows what else.
[1] Incidentally, that might be the work I'm most proud of being a part of. I'm not disrespecting government work at all. I only pivoted from Federal technical consulting, back to tech industry startups, because of performing like a FAANG ~L7 for years, yet still not being able to afford a condo in my HCOLA. (And, just when I'd finally verbally negotiated a big chunk of work that would've fixed the money problem, a perfect storm of bad luck ruined that.)
That said, CyberCom still has issues because it's a unified command and not a branch, which means it has limited say and will always get overshadowed by individual branches and the NSA.
Another interesting change is the rise of private sector players and public-private partnerships to help remediate the pay gap - this is what China and Russia did due to similar issues around renumeration, and most other NATO+ allies like Israel, UAE, Singapore, etc leverage this model.
Anecdotally, outside of the NSA, it appears that most what I'd term "white collar lifers" within branches prefer Intel over Cyber because it's easier to learn due to less STEM, and a significant portion of those who do Cyber will tend to leave for private sector.
That said, Cyber Reserves forces are fairly prominent now and probably the best way to remediate this gap.
I'm biased, but imo, the US needs to adopt the Israeli model of public-private offensive security capabilities plus a strong reserves component, because the pay gap and the respect gap just won't be fixed due to internal intertia in the services.
https://www.navytimes.com/news/your-navy/2023/06/23/big-enli...
https://www.mynavyhr.navy.mil/Portals/55/Career/ECM/Nuclear/...
That said, individual branches absolutely are doing that, and have started doing that after the 2018 hearing referenced in the article above.
Actual operators already get the highest bonus the Army offers. But the reality is the Army will pay a civilian twice what a soldier gets (total compensation, including bonuses and intangibles) for the exact same job.
As someone who feels more like a thing-builder than a thief-saboteur, this description is definitely off-putting.
That said, some of it is a matter of perspective: To bacteria, individual humans are "too big to fail" in the same way geography is.
...which is why diseases rapidly evolve away from lethality?
Imagine some strain of surviving bacterial-descendants are a marginally less-deadly than their predecessors after one solar year. What measure would you use for the comparison?
If you were to pick "generations", that might be ~9000 for the bacteria, while applied to humans it's ~40x longer than all recorded history.
Anywho, point is that for every "too big to fail" things there is usually a longer timescale where it stops looking that way.