A private security firm is boasting that it has hired several of the world's foremost cybersecurity experts, who until recently all worked for the US government and were responsible for investigating and prosecuting some of the highest profile cybercriminals seen in recent years. Berkeley Research Group (BRG), a global strategic advisory and consulting firm, is the new employer of former FBI agents Thomas Kiernan, Christopher Tabell and Ilhwan Yum, as well as former federal prosecutor Thomas Brown.
These five cybercrime sleuths were instrumental in helping to bring down the Silk Road Dark Web marketplace in 2013, as well as investigating the hacking collectives Anonymous and LulzSec, and working directly with Hector Monsegur, the Anonymous hacker known as Sabu who turned super-informant on his former friends. The team of cybercrime sleuths also investigated a range of different data breaches affecting Citibank, PNC Bank and the Russian hack of Nasdaq, as well as the Rove Digital botnet, and found and prosecuted the former Société Générale trader who stole proprietary computer code used in the French bank's high-frequency trading business.
"Tom and his team aren't your run-of-the-mill cyber security consultants—they've been at the tip of the spear on cases where the whole world was watching," BRG Chairman Dr David Teece said in a press release. "Given the immense scope of cyber security today, both geographically and on a sector level, we have no doubt that this veteran team will be of incredible value to our clients across the board."
And they're not the only ones
While such appointments of former government operatives to private industry might not be reported in the UK, there are other known instances where the cream of the crop in cybersecurity are leaving the US government.
In August 2015, Leo Taddeo, who was formerly in charge of the Cyber and Special Operations Division for the FBI's New York Field Office left to work for security software company Cryptzone, and Joseph Demarest Jr, who was previously assistant director of the FBI's Cyber Division, left in October 2015 to work for professional services giant Ernest & Young.
The Daily Dot points out that the reason BRG is so keen on these high-profile US government employees is because they have deep global connections across both the government and the private sector, as well as an in-depth knowledge of how intelligence agencies work and experience dealing with national security issues.
Both the FBI in the US and GCHQ in the UK have complained that they struggle to find enough trained cybersecurity professionals to fill available job positions, which is why the FBI is now considering accepting hackers who smoke weed, and the UK government has started the Cyber Security Challenge initiative to identify new talent.
The manpower shortage also affects critical infrastructure, where cybersecurity is serious business, also struggles to find enough people who want to secure power plants and water treatment facilities.
IT graduates prefer private industry to government posts
"They don't want to work in cybersecurity at a power plant – most of the computing students I talk to at Cambridge just want to go work for Google or Facebook," Eirann Leverett, a risk researcher with the Centre of Risk Studies at Cambridge Judge Business School, Cambridge University told IBTimes UK.
The problem, according to a report released by the FBI Office of the Inspector General in July 2015, is that low salaries and exhaustive background checks carried out by intelligence agencies turn off many talented IT professionals and computer scientists that might be interested in a career in government cybersecurity.
"We found that the recruitment and retention of cyber personnel is an ongoing challenge for the FBI… [one factor] may be that private sector entities are able to offer technically trained, cyber professionals higher salaries than the FBI can offer," the report said.
The report found in one situation that while 5,000 candidates were initially interested in joining the FBI, the agency's stringent eligibility criteria further whittled the candidate base down to 2,000, and then eventually the agency only hired two people from that group.
"Private industry provides a lot of opportunity, so I think the best people out there are working for private companies and not for the government," Thomas Galati, the NYPD's intelligence bureau chief told Congress at a hearing where the FBI was requesting an additional budget of $38m (£26m) to fight encryption for the 2017 fiscal year.
It is clear that something needs to be done to interest more IT professionals and computing students in a career in cybersecurity, especially since data breaches on average cost companies an average of $3.79m, according to IBM's 2015 Cost of Data Breach Study. Government intelligence agencies and third party contractors are often the first ones to detect and alert industry to key security problems, such as penetration attempts by foreign state-sponsored hackers.