CybersecurityCybersecurity firms hire former military, intelligence cyber experts

community computer experts to help combat hackers targeting the U.S. private sector. For the new private sector employees, the wages are higher and opportunities are endless.

“I have a blank canvas to paint whatever I want,” says Brian Varner, who left a position with the U.S. Department of Defense, where he broke into foreign networks, to be a security engineer at Symantec Corp. An added benefit to his job is that he gets to work remotely from Florida.

Symantec has increased the size of its security services division by almost a third, to 500 people, in the past year.

Hundreds of ex-government cybersecurity workers represent the competitive advantage of a cybersecurity services industry expected to bring in more than $48 billion in revenue next year, up 41 percent from 2012, according to Gartner Inc. “The people coming out of the military and the intelligence community are really, really good,” says Nir Zuk, co-founder of Palo Alto Networks Inc. and himself a former Israeli army computer hacker. “They know the attackers. They know how they work.”

Mobile security startup Lacoon Mobile Security, which reached an agreement this month to be purchased by Check Point Software Technologies Ltd., has hired fifteen people from the Israeli military’s sig-int Unit 8200, said co-founder Michael Shaulov, who, like Zuk, served in the unit.

One of Zuk’s recent hires was Chief Security Officer Rick Howard, who spent more than two decades in the U.S. Army. He last served as head of the computer emergency response team before entering the private sector.

“There’s a bit of a run on security talent,” said Rob Owens, an analyst at Pacific Crest Securities in Portland, Oregon.

Since 2013, FireEye has hired more than 100 ex-government hackers, part of an international expansion that has cost more than $1 billion, according to CEO Dave DeWalt. The expansion has drawn concerns from investors. FireEye spends 48 percent of revenue on research and development, the highest ratio of any of the thirty-one companies in the ISE Cyber Security Index. The index average is 18 percent, Bloomberg News notes.

After FireEye’s shares fell from a high of $95.63 in March 2014 to a low of $25.76 in October, partly because of concerns about spending, the stock has been up more than 30 percent this year. “The costs are so much bigger now for the security industry than they ever were — the threat landscape has changed so much,” DeWalt said. “You can’t just have a product. You need the people to match it. There’s no shiny bullet that does it all.”

Some ex-government cybersecurity hires, though, find it difficult to transition into the private sector. Bloomberg reported in February that JPMorgan Chase & Co. hired two former Air Force colonels in its cybersecurity division, but they clashed with the FBI, Secret Service, and some members of their own staff about their insistence that Russia’s intelligence services were behind a 2014 hack against the bank. Law enforcement has since determined the attack was conducted by ordinary cyber criminals.

Insiders said the clash was an example of how military training can lead some to see state-sponsored attacks where there are none.