The demand for experienced cybersecurity experts is close to an all-time high according to industry experts, and private cybersecurity firms are increasingly outbidding government agencies in hiring the top analysts.
A recent BloombergBusiness article highlights that cybersecurity firms have hired hundreds of ex-government hackers over the last couple of years, largely due to increased business related to fears over hackers who stole over one billion transaction records containing personal financial data last year. The former government spies and hackers are now moving to the front lines of the cybersecurity services industry (over $48 billion in revenue next year, up 41% from 2012, according to data from research firm Gartner).
More on private security firms and ex-government hackers
FireEye has hired more than 100 ex-government hackers since 2013, part of an international expansion that has cost more than $1 billion, according to Chief Executive Officer Dave DeWalt. Symantec has increased the size of its security services division by almost a third, to 500 people, in the past year.
Even smaller companies are snagging top talent. Lacoon Mobile Security, a mobile-security startup that Check Point Software Technologies Ltd. agreed to buy this month, has hired 15 people from Israel’s Unit 8200, said Michael Shaulov, a Lacoon co-founder who, like Zuk, served in the Israeli military’s computer-hacking group. The hires usually had five to eight competing offers and each earned more than $100,000 straight out of the armed services, Shaulov said.
Statement from private security firm co-founder
“The people coming out of the military and the intelligence community are really, really good,” commented Nir Zuk, a co-founder of Palo Alto Networks and an ex-Israeli army hacker. “They know the attackers. They know how they work.”
Military background can create blindspots
It was reported earlier this year that JPMorgan Chase has hired two ex-Air Force colonels to executive positions in its cybersecurity division, and that they argued with federal law enforcement and members of their own staff when they insisted that Russia’s intelligence services were the perpetrators of a major hack on the bank a few months earlier.
It has since been conclusively determined the JPM attack was the work of individual cyber-criminals. Analysts noted this situation was a classic example of how military training can create blind spots and lead to errors.