Podcast Season 5 Episode 4: Cyber Workforce Development – GovCon Jobs with Mike Crandall and Rick Rothenberger
In the Washington, DC area there are a plethora of jobs in the government, including a ton in the cybersecurity and IT services space. Mike Crandall of Digital Beachhead and Rick Rothenberger of Storm Giant join us to demystify what it’s like working for and with the government. They also help broaden our sense of the types of roles there and in which agencies and departments people can pursue. Have you always been fascinated by geology, well there may just be that perfect cybersecurity position you’ve been looking for in the USGS!
Transcript
Erin Keating:
Welcome back, everyone, to NeoCast with NeoSystems. Thank you all so much for joining us in this great series we’re calling Cybersecurity Workforce Development. We know that this is an interesting time when people are facing underemployment and unemployment, and we wanted to be here with some of the industry leaders out there who can help us prepare for this change. Whether you’re being forced into a career transition or you’re thinking about one, we’ve got some folks on the call today that can help you think specifically about what it might be like to go into government contracting. So without further ado, let me bring in our guests today. We have Rick Rothenberger and we have Mike Crandall. If each of you would just take a moment to introduce yourselves and your companies, I’d appreciate it. Then we’ll jump into questions.
Rick Rothenberger:
Sure. Hi, this is Rick Rothenberger. Well, I should say I work with a company called Storm Giant Company and we help government contractors of a certain size build their IT operations teams.
Mike Crandall:
Hi, my name is Mike Crandall. I’m the CEO of Digital Beachhead. We provide cyber risk management to government clientele and are bridging out into the small to medium sized businesses as well, basically providing assessments, penetration, and vulnerability tests.
Erin Keating:
Well, given that you both have an expertise in the government sector and there’s a lot of things that people might be considering if they’ve been in the private sector for awhile, what are some of the top things that you would advise people to consider if they’re moving from a private sector position into a government position or a government contracting position, I should say?
Mike Crandall:
Well, number one, a lot of your federal contracts, especially if you’re working with the military or even in the other government agencies, require some sort of clearance. So you have to think about how you lived your past life and what you’re doing now and how difficult it might be for you to get a clearance. A secret clearance, say for the DOD, takes a look at 10 years back of your life. So have a good idea of where and how you’ve lived previously, regardless of where you are now in your life.
Erin Keating:
And can you talk to our listeners a little bit about governor, I mean, government security clearance? We hit on it in another episode, but we can’t be sure that people are listening to this in any sequential order. But we know that security clearance isn’t a given and you can’t get it on your own. Can you explain a little bit about the cyclical nature or the cat chasing its tail scenario with government clearance?
Mike Crandall:
Right. In order to obtain a government clearance, you have to be in a position that requires you to have a government clearance. And for a government contracting business like myself, I have to have a contract that needs me to have a government clearance for the company and my employees. So I could not issue clearances on my own. I have to have a specific job for them to have. So it’s one of the catch 22s of you need a clearance to get a job, but you can’t get the clearance until you have the position available. That’s why I tend to recommend starting off small. Maybe if you’re going to get into cybersecurity, try to find a help desk position that may require a secret clearance or something where they tend to give you a greater leeway. When you don’t have a clearance, you can be doing other work until the clearance comes through. And again, know that you’ve got to go back 10 years. So know where you’ve lived, get your documents in order, because the quicker you can fill out the forms and answer the questions, the quicker you can get a clearance.
Erin Keating:
And Rick, with you recruiting for these specific agencies, how have you seen that be either a stumbling block for individuals or even a propeller of their career with security clearance?
Rick Rothenberger:
Yeah, it really is both. Mike hit on a few great things to do to start off help desk, et cetera, with a secret clearance or go to a civilian agency that doesn’t necessarily require one to get started. Because there really is a backlog. The federal government performs the clearance. They’re responsible for doing the investigation. And currently, there’s a backlog, Mike can probably speak to this a little bit better than I can, of somewhere like six months to a year. So that creates huge pressure for companies like Mike’s and mine to find technical folks that already have clearances that maybe are not opposed to moving to a new project or a new agency. If you think about that, you can pretty much put together that these folks that are technical and have technical skills and also some form of government clearance are highly desired and valuable and, let’s just say, in demand. It’s a great opportunity for you to create demand for yourself and increase your standard of living, pick and choose a little bit more as far as what projects you’re going to go to.
Erin Keating:
So we’ve talked a little bit about security clearance and the fact that that is, a lot of the times, especially if you’re working within the defense arena, a necessary thing that you need to have. But we know that in cybersecurity and managed IT and IT, there are a lot of certifications as well as programs and coding languages and so on and so forth that you can learn. And I’m saying this as the resident layman on this podcast because I have not been in this industry before. But for a layman like me who might be thinking about a career transition, what other types of things are the government contractors and government itself looking for in candidates in this particular type of field?
Mike Crandall:
I think one of the things that they should look at, if they’re going into the DOD, the DOD has a requirement 8570 that requires certain certifications for certain positions. CompTIA, (ISC)2, these are certification boards or certification agencies. So you would want to look at getting your Security Plus, your CISSP, which is a Certified Information System Security Professional, and a lot of spit out the alphabet soup after your name.
Erin Keating:
We know the government loves their acronyms, yep.
Mike Crandall:
They do.
Erin Keating:
IT has got-
Mike Crandall:
Cybersecurity is the same principle. There’s a lot of these types of certifications. And if you look out on any jobs board, you’ll see a list of kind of what jobs and what certifications they require. Starting off small, I would go into the CompTIA realm. Kind of look at getting a Network Plus, Security Plus, those types of certs to give you the basis of knowledge and the basis entry level certification.
Rick Rothenberger:
I would say also certifications are so, so important in the federal space, like Mike said. There are a number of institutions you can go to to get those certifications. But typically, well, I want to say we’ve found that the federal government, the agency, the agency down to the federal contractor are looking for some real specifics. And the clearance is the big. And as big are the certifications. So as opposed to the commercial world where may change a little bit more frequently based on the client’s needs, government tends to be a little bit more steady. Federal government does look at those specifics a little harder on a candidates resume. So can’t emphasize that enough.
Also, we’re finding that we do have some DOD work happening such as Mike’s company. This might seem obvious, but somebody coming from the military, having that background, we have a Navy contract, it’s just huge. A lot of times they sync really well with the project managers, et cetera, that are from the Navy, and what branch they’re from. And that sort of conversation always goes a long way. As well as Department of Veteran’s Affairs, which is the second largest agency in the United States, right behind the DOD, they love veterans. And they love service disabled veteran owned small businesses.
Erin Keating:
Mike’s grinning there.
Mike Crandall:
Yes. Being a service disabled veteran owned business, the VA has to provide to us first.
Erin Keating:
Right.
Mike Crandall:
We have the right of first of denial for contracts.
Erin Keating:
Right. Well, I’m thinking about the government contracting community. A lot of people, when we talk about cybersecurity or IT, people are thinking really granular, they’re thinking of certifications. They’re thinking of specific, again, I’m going to say it in layman’s terms, coding languages and things like this. But if I go to either of your websites, there are also jobs out there like proposal managers or project managers. And I was recently interviewing a gentleman who was a project manager in a completely different industry, but was able to transfer those skills into cyber security and IT. Can you give us a broad picture of what kinds roles you see government contractors and/or agencies hiring in this particular field?
Mike Crandall:
There’s all sorts of management positions, say, above the actual techie folks that are down doing the material work. You have project managers and program managers. Again, program manager in the government realm, you’re probably going to need your PMP certification, at least for project management or for program management or project management, maybe the Project Plus from CompTIA. But there are all sorts of jobs in the finance realm. Most large contracts need some sort of a financial controller to find out about the expenditures of ODCs or other direct costs apart from the employees, butts in seats, doing the actual work. So you’re going to have project managers, financial managers, project managers, those kind of things.
Rick Rothenberger:
Yeah. And of course, the technical positions may be in the cyber world, ACASS, ACAS engineers, HBSS engineers, firewall engineers, security operations center technicians and engineers, incident handlers or incident response, ISSOs, network engineers, information assurance. So I know Mike can go on and on about this as well, but there’s a lot happening and there’s a huge need. Yeah. I’d love to keep talking about it with candidates.
Erin Keating:
So what are some of the biggest misconceptions you’ve found working with the government? So when someone hears that you do contracting for the government or you do recruiting for government agencies, what are some of the things that they’ve got wrong or they think that are real but are not?
Mike Crandall:
The biggest one is they think they’re going to get rich quick. They think all contractors make lots of money.
Erin Keating:
Don’t we all?
Mike Crandall:
But the reality is the government gives to the lowest bidder. So when a contract renews, if it’s a brand new contract, the lowest bidder will win. If you give your employees raise, say over the five year contract, and then it comes up for recompete, you have to remember that the lowest bidder wins. So we probably got to go back to five year ago prices minus maybe two more positions. So yeah, it’s not always just the super lucrative. If you have the certs and the government needs it, there’s good money in there, some security over a five year contract. But one never knows exactly how little the government is willing to pay versus how much.
Rick Rothenberger:
I find that some people think the government position may be easy. Some think the government position may be difficult. My advice would be really need to look at the agency. Where is the client [inaudible 00:11:41]? The agencies are so different in, not just size, but culture. You can look at the Department of the Treasury and what they do. The IRS is just one piece of the Department of Treasury, right? So gigantic agency. And then on the up here in Reston, Virginia, you have USGS, so United States Geological Gurvey, which is kind of the culture or scientists and nature lovers and people who do water samples from creeks and are traipsing all around the United States and national forest and things. So really look at the agency you’re interested in, ask the government contractor about the agency, the culture, how long the contract is. Lots of details, ask questions.
Erin Keating:
I was going to say, to your point, thinking about the different agencies, cybersecurity, automation, AI, data analytics, the ability to build out software or dashboards or these types of things to keep track of everything that the government keeps track of goes across the board. So even the National Park Service or the geological survey, all of these things have a role, or I should say, cyber security and IT roles all have a role in those agencies. So you don’t need to think, “Oh, okay. I guess I just have to go to the Department of Defense if I want to be in cyber security.” It’s probably across the board. I would think that that would have been one of the misconceptions I would have had is that there’s only two or three departments I could go work in, or two or three agencies that I could go work in. But in reality, this is a skill set that probably transfers across the entire government.
Rick Rothenberger:
It really is. Like Mike said, sometimes you’re working on a financial, there’s a contract that needs financial capital planning and needs accountants, it needs finance people to go. Maybe they’re building an application helping track stuff like you said, Erin. But maybe NASA or USGS, in particular, they’re doing something science related, completely unrelated to tracking, et cetera. Maybe broadcasting the space shuttle launch or showing different water samples around the country in real time, et cetera, as far as USGS. So some really interesting things happen.
Mike Crandall:
And like you say, the national parks all have computers. If you’re curious as to who can do IT, look around your home.
Erin Keating:
Right, right.
Mike Crandall:
If you have Alexa, a laptop, and an iPhone, you’re an IT person because you’re managing your own IT.
Erin Keating:
Trust me, every morning I wake up feeling that way.
Mike Crandall:
Exactly. So you just expand from there and know that IT is everywhere, therefore the need for IT professionals is everywhere.
Erin Keating:
Right. Which is pretty neat to think about. So if you have specific interests in specific fields that you’re actually … If you’re really interested in space exploration, but you’re not going to be an astronaut, there could still be a role for you. And if you can go get the right certifications and look for the right connections in the industry, you could likely go and work for NASA, but just maybe in a very different capacity. And one specifically, cyber security and IT, I would imagine, is a great avenue. A lot of people do say that there is a lack of talent in that field and that there are plenty of jobs out there. So maybe this is a perfect time for someone to be thinking about a career transition into an area that they really like and are passionate about and didn’t even realize there was a way to get into it.
Mike Crandall:
And the jobs are there. Colorado has 50 plus thousand open cyber security jobs. Just in Colorado.
Erin Keating:
Right, right.
Mike Crandall:
So it’s not that you’re going to be working into a market where you have to be the best of the best in order to get the job. The jobs are there. It’s you just have to understand the knowledge or the technology and go out and go for it.
Erin Keating:
And that’s a good point because I think the other myth probably everybody has about the government is that if you work for them, you have to live in DC or in the Northern Virginia area. And you are a clear example of someone who lives in Colorado and you work with the government. So trust me, as a Northern Virginia resident, I would say if you can avoid having to come to this area with the cost of living and everything else, why not settle in in the mountains of beautiful Colorado and take a job with the government?
Mike Crandall:
Exactly. We have an office out in Virginia, but I’ll stay living here. Thank you.
Erin Keating:
Well, one of the last things I wanted to bring up is I don’t want to take too much more of your time is that a lot of the work we’ve been doing in an educational perspective is with the cybersecurity maturity model certification that’s coming out with all contractors that are working with the Department of Defense, which I’m sure both of you are pretty familiar with. One thing that I’m thinking about is how many positions that’s going to potentially create. First of all, the most obvious, there’s going to be needing auditors and assessors who are coming in to look at people who are trying to get the certification. But how are you all thinking about that particular certification coming on market and how it might impact jobs?
Mike Crandall:
To me, there’s three tracks. There is the businesses, the government contracting agencies and their supply chain, because this is going to go all the way down the supply chain. No longer is it just going to be booze required, but all of their suppliers will then also have to be certified. So they may have to plus up their individual IT cybersecurity departments. Secondarily, there’s going to be a rush of companies that are going out to help those companies become compliant. So they’re going to come through, provide them the tools and the checklist necessary to become compliant. And then thirdly, as you said, there’s going to be the assessors. There’s going to be companies. We’re looking to do that, to go out and assess the companies and keep them on board. My logic is if I’m an assessor, you have to be assessed every year. So while the revenue might not be as big upfront, it’ll be continuing. Go for the long slow burn instead of the quick burn upfront.
Erin Keating:
Right. And you do make the good point that a lot of the supply chain is going to be impacted by this. And it’s not going to just be the massive prime contractors. I know that that’s NeoSystems is looking at positioning themselves, that they can manage a lot of that for the smaller and mid-sized businesses that are having to become compliant. So when you need to outsource some of those types of things that you may need to rely on a vendor like NeoSystems to help you with that. So you’re right. That’s just going to open up. I’m sure NeoSystems will have to open up their hiring pipeline to accommodate that level of business. Rick, what are you seeing out there as related to CMMC?
Rick Rothenberger:
I mean, I think what I relate to is kind of the second piece of what Mike said. And I just view it as more opportunity for candidates, for companies, for increasing awareness, cybersecurity, positions, jobs, et cetera. So from our perspective, we would see opportunity in helping federal contractors become compliant and get certified under this federal certification. So it’s just more reason to collaborate. It’s more reason to stay ahead of the curve as far as cybersecurity and best practices. So yeah, from a provider standpoint, we would be helping companies get certified.
Erin Keating:
Okay, well that wraps up all the formal questions I have for you guys as far as career transitioning into government contracting. This is where I sort of ask for your parting thoughts. So Mike, Rick, anything that you’d like to leave our audience with as far as considering a career transition into either working, again, for an agency of the government or for a government contractor?
Mike Crandall:
One thing I’d like to say is to dispel the myth that we’re all 500 pounds living in the basement, eating Cheetos. It’s an actual-
Erin Keating:
What? You’re ruining it for me. No, I’m just kidding.
Mike Crandall:
I know, I know. Some of the fantasies about that-
Erin Keating:
I can tell you all, I’m on Zoom with them. They don’t live in their basements and they’re not 500 pounds.
Mike Crandall:
But it’s a wide mix of folks. You do have the guys that are just I care about ones and zeros and it’s all about the bits. And if you’re thinking, “Well, I’m not that and I don’t believe I could ever become that.” The career field is so varied to even just policy management, which is English, effectively. Understanding what the policy needs to be, writing policies to implement the procedures down the line so that the guy with the ones and zeros or the guy with the ones with zeros knows it. So it is a wide open career field with many aspects. So feel free, dip your toe in and then jump in. We need everyone.
Erin Keating:
Good point. Rick, how about you?
Rick Rothenberger:
I guess I would go back to if you’re pursuing a career, if you’re interested in a career with federal government or with federal government through a prime contractor or a federal contractor, just consider the different agencies like we talked about. Look at their missions and which mission speaks to you, right? Are you kind of interested in the outdoors and taking care of the national parks, et cetera, environment? USGS is a great example. Department of Veterans Affairs, they’re absolutely, for the veteran, providing so many different medical services to veterans. Look at that.
And then second would be talk to people, right? Everybody says that, but what does that mean? Depending on where you are in the country, for example, if you’re in Colorado, there’s not a ton of federal workers or contractors out there, but there are some. And look at Mike. Talk to veterans, ask them about where they were and their knowledge around federal contractors, federal contracts, and if they know information technology operations people. And if you’re living in the DC area and you can’t talk to people, then something’s wrong because everybody’s, not everybody, but so many people are working either as an employee of the fed or as a contractor. And sky’s the limit. So best of luck.
Erin Keating:
I agree with you. And as someone who does talking for a living by hosting podcasts for my corporate clients, I can tell you, it is amazing what you will find out when you simply ask questions. And people will tell you, people are excited to talk about their work, people are excited to talk to you about their career. And it just takes a moment to reach out to someone and ask them, what is it that they got excited about? How did they get to where they’re going? What career transitions did they need to make? Everybody’s got a pivot story and I have found them to be really fascinating. So I 100% agree with you, Rick.
Just check out the individuals that are on this podcast. Please feel free to reach out to them, ask them about their careers, reach out to NeoSystems. We’re happy to help guide you towards individuals that can get you to get better knowledge of the industry and better knowledge of the positions that might be available for you. So, Rick, Mike, thank you so much for joining us today and for imparting your knowledge on government contracting. We hope to be able to speak to you guys again in another episode coming up. We’re doing a boatload here on workforce development. But as NeoSystems, we do a lot of educational content and we can’t wait to have you guys back. Thanks so much for giving us your time.
Mike Crandall:
My pleasure.
Rick Rothenberger:
Thanks, Erin.