

Contractors Vie for Plum Work, Hacking for U.S. Government - asnyder
http://www.nytimes.com/2009/05/31/us/31cyber.html

======
tptacek
I don't think so. I've lost intern candidates to one of these outfits, and
have had subcontracting conversations from another, and I think "top young
talent" needs to be ignorant about the market to wind up in the middle of
nowhere working for some bloated defense giant.

Raytheon and Lockheed are, I'm sure, making a mint off these initiatives. But
the talent can, from what I'm seeing, do more than 2x better working in
industry.

It's simple to see why: even the largest penetration test requires minimal
project management overhead, and that overhead actually gets less as the work
gets more complicated (software -> hardware -> math) --- the work is more
specialized, the outputs are more discrete and measurable, the work cycles are
longer, the workers more senior. And yet a typical project run under a DoD
subcontract will likely have more than 8 layers of management.

There are people who really do "hack for the government" and make real money
doing it; their work predates Obama, isn't public, and has more to do with
<http://www.nomorefreebugs.com/> than with Raytheon.

------
psifertex
I'm quite glad we nabbed that particular hire (your potential intern), and I
think he's very happy with his decision as well. Ironically, he was probably
one of the better informed people we've hired lately in terms of being aware
of what his options are.

I seriously doubt I could do 2x better in industry, especially considering
cost-of-living calculations. And our location is an asset, liability.
Seriously; a gorgeous beach across the street from the office? And you can
actually afford a place on the water if you want? You can't beat that.

I think you're basing your opinions on a mental image you have (and most
people have) of who we are and what we do that is inaccurate.

As mentioned in the article, we were a separate company purchased last year.
We still operate fairly independently from our corporate overlords (someone
actually used that reference when we were first meeting them). We have exactly
one layer of management for any given project. Our customers work with a PM at
most, but usually also directly with the engineers.

While I'm sure your criticisms are quite accurate for many large government
jobs, for us (and a number of others I know of doing some similar work), the
situation is quite different.

In regards to people working here because they don't know their other options,
let me put it this way -- in the company's entire existence, we've had exactly
two employees leave for another job, and it was to another small contractor,
not the commercial sector. I'd suggest it's unlikely that the retention rate
is so high just because we're all so ignorant of our options. There's a lot of
reasons for it -- I'd be happy to talk about it more at Defcon if you're there
this year.

~~~
tptacek
If we're talking about the same person --- weird that you'd comment about it
here --- that wasn't an intern candidate.

The rest of it, well, you're just wrong. At the bill rates on top C/C++
projects, at 80% utilization, President Barack Obama makes significantly less
than a pentester. Tell me all you want that Lockheed's beating that.

~~~
psifertex
Fortunately, pay was hardly the rest of it. As I said above, the environment
at many contractors is not at all what you'd expect, the overhead much less
than usual, and the people are all extremely sharp, good at what they do.

No, as to convincing you of that with the little info that's public -- that's
a tougher challenge.

------
dinkumthinkum
When was this piece written? I feel like the writer didn't include enough
cliches.

~~~
mattyb
_Published: May 30, 2009_

~~~
dinkumthinkum
Yeah, I was just being facetious. This piece is just cliche drivel.

