Cybersecurity Jobs Local in the Washington DC Area.

We understand the niche cybersecurity market & staffing need. We provide a platform connecting local leading companies and highly qualified job seekers by creating an economic opportunity for all individuals living in the Washington D.C. Metro Area. 

Job seekers

Upload your resume for FREE to start your career search.
Post resume


Advertise your jobs here to get qualified applicants.
Post a job

Latest Jobs

Trending Blog Articles

I asked cybersecurity experts to name the hackers who have had the biggest impact, good or bad, across the years. This is the result. Defining a hacker is almost guaranteed to kick off the kind of impassioned debate you might ordinarily associate with sports team rivalry. For this article, however, I deliberately backed away from the hacker or cracker debate. Instead, I opted to take the broadest possible meaning within the context of the cybersecurity industry: someone who explores methods to breach computer system defenses be that  to improve defensive capability , for  criminal gain , as part of a nation-state intelligence operation or  cyber-attack , political protest, just for fun or even  to advertise their own 'cybersecurity' services . Whether the hacker concerned wears a black hat, a white hat or a shade in-between, I wanted to know who the individuals, or groups, were who have made an impact upon security as we know it today. Here ‘s where the conversation took me. See the Full List of Hackers  HERE .  Article By:  Davey Winder  
Advent International and Crosspoint Capital Partners have agreed to acquire Forescout Technologies (Nasdaq: FSCT) for $33 per share in cash, or approximately $1.9B, in a deal that will take the cybersecurity software provider private. Michael DeCesare will remain as Forescout's president and CEO after the deal closes, the  company said Thursday . The agreement allows the San Jose, Calif.-based device security firm to solicit third-party acquisition bids during a "go-shop" period that runs through March 8. The two private equity firms seek to help Forescout build up its status as a provider of software designed to help government and enterprise customers protect operational technology and internet-of-things platforms from cyber threats. “We are still in early innings of a large market opportunity as every organization needs visibility into what is connecting to their network and how to mitigate against high risk devices, including non-traditional IoT and OT devices," DeCesare said.  All parties expect to close the transaction in the second quarter, pending customary closing conditions. The deal comes more than two weeks after Advent  completed  its approximately $5B purchase of U.K.-based aerospace and defense technology supplier Cobham. Link:
What does it take to crack the code of cybersecurity when it comes to best practices? A 2019  Fortinet  survey asked chief information security officers (CISOs) to comment on how the expanding complexity of cybersecurity impacts their ability to fulfill their responsibilities. CISOs said there is an increased need for learning and development for security team members. Other concerns included risk management and cybersecurity and strategy awareness. Enter cybersecurity conferences. Taking place across the U.S. and the world, cybersecurity conferences can offer unique opportunities for cybersecurity professionals, such as hands-on workshops, networking and certifications. They also provide cybersecurity leaders with greater security awareness of threats, tactics and best practices needed to effectively thwart attacks on the systems and assets they protect. Here,  Security  brings you a list of the top 20 cybersecurity conferences in the U.S. in 2020. Click HERE to view the list. 
Cybersecurity needs unconventional hires to help lead the next phase of development and innovation, coupled with salaries that aren't insulting  Think of the hottest high-tech regions and two words likely come to mind: Silicon Valley. There’s no question that the area stretching from San Francisco to San Jose continues to be the undisputed world leader when it comes to technology innovation and development, and of course, tech talent. This is especially true for cybersecurity technology and talent. So, naturally, it’s typically the first place many cybersecurity employers look when recruiting. However, there’s a bigger perspective I feel we are missing, even ignoring: Untapped talent. We’ve all seen the statistics about the cybersecurity staff shortage. One specific report,  The Cybersecurity Workforce Gap , published by the Center of Strategic and International Studies, reports that by 2022, "the global cybersecurity workforce shortage has been projected to reach upwards of 1.8 million unfilled positions." Further, "Workforce shortages exist for almost every position within cybersecurity, but the most acute needs are for highly skilled technical staff." Many other reports put that number above 3 million.  To me, this is both overwhelming, but also puzzling. It makes me wonder how much of the cybersecurity talent shortage is self-inflicted. Here are some of the variables in that equation that we as security professionals can address. Hiring desires don't align with salaries A  recent Forrester report  calls out what many of us in the hiring industry have seen for years: "The deeper failure of bias, expectation, compensation, and commitment to effective recruiting and retention." Often times, recruiters and hiring managers are looking for superheroes but pay them entry-level salaries. Forrester's Chase Cunningham notes, "Job postings will require a bachelor's degree with five to seven years of experience with all kinds of technology, and a master's degree preferred, but by the way we only want to pay you $85,000 a year." This alone creates huge alignment problems in organizations and the industry as a whole. You can’t expect to hire world-class talent if you're not willing to pay them what they're worth, and what the market requires you pay them. Unwillingness to challenge biases Many people who do not have technical degrees are automatically and immediately disqualified from careers in cybersecurity. This is a serious problem. While I understand the technical nature of many positions in this space, one can have immense technical knowledge and talent, without a computer science degree.  One of my industry colleagues told me that some of the best software engineers in his company had philosophy degrees, not engineering degrees. Cybersecurity also needs non-technical talent to help lead the next phase of what we need - strategists, leaders, product leaders, and facilitators to help companies better protect themselves. One of the places I’ve personally seen such incredible talent is Northern Ireland. The country has such diversity in its talent pool, and most don’t realize it. This may be a shock, but Northern Ireland is now the top area in the world for investment in US cybersecurity development projects. The region boasts an impressive roster of international companies as well as innovative cybersecurity startups, and it’s all supported by world-renowned university research and a strong incubation and entrepreneurial ecosystem.  Northern Ireland was also ahead of the game in foreseeing the need for cybersecurity education and training and has been investing heavily in it for two decades, with government, academia, and the private sector teaming up to encourage widespread adoption. The result is an absolute hot spot for world-class talent. We would not have known that this country was such an amazing pool of talent had we not started to challenge our assumptions about hiring in the cybersecurity industry. The Bottom Line The cybersecurity threat landscape doesn’t look to be changing any time soon, so the need for skilled talent will only continue to grow. But we need to start looking everywhere for talent, not just what and who we  think  are the right candidates and backgrounds.  Remember what Silicon Valley used to represent – that anyone, from any background, was able to create something from nothing, to defy the odds, to prove that technologies can be built by those with different viewpoints and qualifications, and still drive huge innovation, the very innovation that was fueled by recognizing that talent can come from all countries, experience levels, and different educational backgrounds. Link:
The Pentagon has finalized the long anticipated cybersecurity standards contractors will have to follow before winning contracts from the Department of Defense, a new process called the Cybersecurity Maturity Model Certification (CMMC) 1.0. The model is a tiered cybersecurity framework that grades companies on a scale of one to five based on the level of classification and security that necessary for the work they are performing. “The government and the contractor community must keep working together to address real and growing cybersecurity threats, and we need a robust response to protect our infrastructure, information, and supply chains,” said David Berteau, president and chief executive of the Professional Services Council, a trade association for federal contractors. “With today’s announcement, DoD has achieved a significant milestone. Here’s what industry officials need to know about the version finalized Jan. 31. Why it was needed Previously, the Pentagon did not have unified standard for cybersecurity that businesses needed to follow when bidding for contracts. Companies could claim to meet certain industry standards for cybersecurity, but those assertions were not tested by auditors, nor did the standards take into account the type of work a company was bidding to complete. Since then,  defense officials have said that cybersecurity is not a one size fits all approach . In the meantime, adversaries have discovered it is easier to target unsuspecting down tier suppliers, rather than prime contractors. “Adversaries know that in today’s great power competition environment, information and technology are both key cornerstones and attacking a sub-tier supplier is far more appealing than a prime,” Ellen Lord, the under secretary of defense for acquisition and sustainment, told reporters in a briefing at the Pentagon Jan. 31. What will change? Contracts will mandate bidders reach a certain level of certification to win specific jobs. For example, if businesses aren’t bidding on a contract that has extremely sensitive information, they must only achieve the first level of certification, which involves basic cybersecurity such as changing passwords and running antivirus software. More sensitive programs will require more stringent controls. Smaller companies down the supply chain will not, however, have to have the same level of certification as primes , said Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition and the point person for the certification. Another significant change with the new process is the creation of an accreditation board and assessors. The board is an outside entity, separate from DoD, that will be charged with approving assessors to certify companies in the process. The accreditation body was formed earlier this month and officials are working on identifying and training the assessors, which will be called Certified Third-Party Assessment Organizations (C3PAO). What’s next? Officials explained Jan. 31 that CMMC will follow a crawl, walk, run approach to ensure companies aren’t unprepared for the change. The accreditation board is in the process of training the auditors that will oversee the certificaion. Once the requirements are met, a company’s certification is good for 3 years. In the meantime, DoD plans to release 10 requests for information and 10 requests for proposals that will include the new cyber standards this year. The first solicitation could come as early as June. Arrington said earlier this week that she expects 1,500 companies to be certified by the end of 2021. She added that all new contracts starting in fiscal year 2026 will contain the cybersecurity requirements, however, Lord noted that they will not be not retroactive to previous contracts. Link: By:  Mark Pomerleau
Turns out, skill beats experience and an academic degree doesn't guarantee higher compensation for five security positions. In the rapidly growing cybersecurity industry, some positions don't offer a clear-cut path to a higher salary. An academic degree and years of experience, considered a promising combination in traditional industries, don't guarantee security employees a bigger paycheck. Cynet researchers polled 1,324 security practitioners this quarter to learn about industry salaries and the factors shaping them. Their data provided sufficient insight to profile five positions: security analyst/threat intelligence specialist, penetration tester, network security engineer, security architect/cloud security architect, and security manager/director. Some findings validated the team's suspicions. For example, they weren't surprised to learn banking and finance usually lead in security compensation, says Yiftach Keshet, director of product marketing for Cynet. In the financial sector, 4% of respondents reported salaries of $111,000 to $130,000, 2% earn $131,000 to 150,000, and 2% earn $271,000 to $290,000. Healthcare also has salaries on the high end, with 17% who earn $111,000 to 130,000. Location also had a tremendous impact on salary. Security analysts in North America report a significantly higher salary than in EMEA and APAC: More than 80% earn between $71,000 and $110,000 compared with less than 35% in EMEA and 21% in APAC earning the same. The highest-paid position recorded was security director, with top-tier earners making $290,000 or more. Still, some findings caught the researchers off-guard. "I was surprised to find out that an academic degree can have a relatively low impact on compensation," Keshet says. "That was surprising, especially in geographies like the United States and Europe." For some security roles, demonstrable skills are more valuable than academic degrees. Consider a level-one SOC analyst tasked with triaging alerts. The standard SOC is typically flooded with alerts, driving businesses' concern about alert fatigue. A strong SOC analyst will be someone who can address a certain capacity of alerts in a day and can write automated rules to discern between events that have to be escalated and those that can be handled locally. These skills are easily measurable. When a candidate applies for an entry-level SOC role, it's easy to see what they know how to do and how they do it. The same goes for a pen tester or network security engineer, who are tasked with testing an organization's defenses and maintaining network defenses, respectively. Sixty percent of pen testers with an academic degree made less than $50,000, while 60% of pen testers  without  an academic degree made the same amount. A larger percentage of pen testers without a degree made between $51,000 to $70,000 and $91,000 to $110,000 compared with their degree-earning counterparts. The same can be said of network security engineering, where a greater percentage of employees without degrees reported salaries on the higher end of the spectrum than employees with degrees. "Personally, I think it's good news," Keshet says about prioritizing skills for higher compensation. "If we eliminate degree or specification of experience, basically we're left with skill. Companies care more about what their security personnel can do rather than their formal certification." Some of these skills may not solely come from security experience.  Researchers found  employees who pivoted from an IT role into a cybersecurity role tend to earn more than peers who started out in cybersecurity. In his personal experience, Keshet says, a solid background in IT better prepares someone to take a deep dive into security. While a degree wasn't necessary to increase salaries for the five positions analyzed, he notes it is required for executive positions. "For a CISO, it definitely matters," Keshet says. Most CISOs have a security background but typically have an MBA or other advanced degree, he explains. Link:
View all blog posts