We are almost fully into the computer-age. In nearly every aspect of our lives and jobs, computers* in some form or another, are integrated. This means that if you have the inclination and ability to work with computers, your time has come. The world is your oyster as the doors are not only open with information security careers, but employers are fighting over you as their next new hire. This is kinda true with law enforcement, but not so much.
<*by “computers”, I mean everything that encompasses technology from writing code to developing the devices>
Let me give a little personal insight into one small aspect of a future career that is of interest to many: law enforcement. I’ve never directly hired anyone into law enforcement, although I have participated in the interview process for those wanting to be hired, given my input on specific persons that I’ve known who applied to law enforcement, and I have seen people fired for doing some amazing dumb things as cops (and federal agents). With that, here is one suggestion on increasing the odds you get hired if you work in information security.
Be careful if you call yourself a hacker if you are not a criminal hacker.
Without clear context, calling yourself a ‘hacker’ implies calling yourself a ‘criminal’, which will cut you out the hiring process faster than a long-tailed cat running out of a room full of rocking chairs. The primary mission of hiring in LE is to not hire criminals or anyone with the potential of committing crimes in the future. Remember…past behavior is the best indicator of future performance and behavior. Do not think that you will have an opportunity to spend a half hour as to why a hacker may or may not be a criminal. Thousands of applications are submitted each month and one of the best ways to cut the workload of a background investigator is to dismiss as many applications as possible before doing too much work on them. The easy ones are first, such as those not meeting the job requirements. Then go the ones with blatant problems (serious drugs, arrests, etc...). Writing "hacker" on your application is a red flag.
I write this only because fairly recently, I was contacted by a background investigator for my thoughts on a police department hiring someone who is a self-proclaimed hacker on their social media. Having to explain what a hacker is, is not, or could be to someone who is not in the community is not usually productive in less than 10 minutes, especially if they are looking for an easy out to go on to the next application.
My opinion is that many times, we may call ourselves “hackers” but for all practical purposes, are actually “counter-hackers” or “anti-hackers”. In the most commonly accepted perception of a hacker, the public sees a hacker as someone who steals their ID by hacking into their computers. Regardless of how much you may try to explain that you are using “hacker” as a marketing slogan or that not all hackers commit crimes, it does not matter because you most likely will not be hired because of the perception and perception is reality for all intent purposes. The liability of hiring someone into law enforcement who openly claims to be a hacker is not something a government agency will want to take on as a full-time employee. Sure, maybe some contract work while you are escorted around the building while you work on a limited project, but not as a full-time, badge carrying, free to roam anywhere you want officer. Do I agree with this? It doesn’t matter because liability and the perception of future liability is what matters.
So, if you want a better chance of being hired in law enforcement, be careful with calling yourself a “hacker”. I can promise you, without hesitation, that everything you put online, say at a conference, write in a blog, or speak to a future job reference, will be looked at by the agency that is considering hiring you. Law enforcement needs better technically proficient cops, so get that job by marketing yourself as such.