Given the scope of ongoing national and international threats to the cybersecurity of individuals, businesses and governments, America is in dire need of more "white-hat" hackers. There are plenty of job openings, and the positions are well-paid. It's only the qualified candidates that are missing.
So argues Dr. Jared DeMott, formerly of the NSA and currently an associate professor of cybersecurity at Dakota State University. He's also the founder of VDA Labs in Michigan, a cybersecurity company. (VDA stands for Vulnerability Discovery and Analysis.)
In his spare time, DeMott does contract work for Synack, one of the 50 CNBC Disruptors of 2017, a company started by other ex-NSA types that hires good-guy hackers to act like bad-guy hackers in order to help clients realize and attend to their vulnerabilities.
Mark Kuhr, co-founder of Synack, agrees: He says business is booming. "Everything is hackable," he tells CNBC, so there is an endless need for the services of talented individuals who can help with risk mitigation. His company puts all potential freelance hackers through a five-step extreme vetting process that tests their skills and trustworthiness, and ultimately it accepts only 10 percent of those who apply.
Half of his contract workforce comes from a range of 50 countries overseas. English-speakers from India, Argentina, Northern Europe and elsewhere join in, since there aren't enough satisfactory applicants here in the States. He blames what he calls the "talent gap," and says, "I will always take more Americans."
Though, Kuhr points out, there are advantages to diversity, too: "Can't beat a Russian unless you have one on your team."
Qualities that will help you succeed in this dynamic field include tenacity and an affection for solving puzzles. Those who succeed at cyber-consulting also tend to be hard-working, says DeMott. In fact, they often have to be careful not to burn out.
Joining the team can be a lucrative proposition, since there are so many job openings and so few qualified candidates. You could "earn a good living," says DeMott, who estimates that an average day job in the field would pay $40,000 to $240,000 a year.
Overall, there's enough money to be made legitimately that you don't need to worry about getting tempted by the dark side. Top good-guy hackers, he says, can make $300,000 a year without even working full-time. And the "guy" part of "good guy" should not be taken literally, he notes: "I work with every shape and size." If you're capable, you could succeed. "There's so much work," marvels DeMott, and "so much opportunity."
After all, as Kuhr puts it, the "adversaries are watching," and they're not going anywhere.