From Dotcom to Dotmil: A Matter of Hearts and Minds

December 3, 2014

For special access to experts and other members of the national security community, check out the new War on the Rocks membership.

National security analysts frequently lament that the United States is losing the innovation race and forfeiting its technical edge. While there are many dimensions to this problem, a prominent facet of the national security technology challenge lies in personnel. A common theme observed in articles about defense innovations is the need to lure people away from Silicon Valley to the DC area so that they will put their big brains to work innovating for the Department of Defense and the Intelligence Community. Given that the government will never compete with the private sector in terms of pay, defense analysts seek to appeal to softer motivations. The pitch: working for the government is a unique and exciting adventure that benefits the public good.

First, it is important to note that the frame the defense community has chosen — luring the Silicon Valley hacker to the Pentagon — is not the only way to develop a workforce to support technical excellence and disruptive innovation. There are alternative mechanisms that the defense community should explore. Regardless, grabbing the tech world’s best and brightest at least could be one component of a more comprehensive solution.

To crib from a well-known recruiting slogan, the security world’s pitch might be summarized as “The Few. The Proud. The United States Geek Corps.” But prospective recruits are likely to ask two inconvenient questions: does the national security enterprise value my expertise, and is taking on the military-industrial complex’s mission really the best way to make a positive impact? In other words, the government cannot just think about technologists as equivalent to the machines they build. It has to fight for their hearts and minds

Specifically, security organizations need to consider whether the people they are trying to attract feel like the military-industrial complex will value their efforts, appreciate their skills, and take their concerns seriously. Additionally, security and defense organizations looking to siphon off tech talent should also think very carefully about what their desired employees see or don’t see as the purpose and meaning of working for Uncle Sam. They should not assume that it is the only or best way to do public good, or that the people they seek to attract share their ideological and political commitments.

Clearances, secrecy, pay gaps, and other aspects of government service aside, does the government demonstrate that it values the technologists it wants to attract? Money isn’t the only way of demonstrating that someone is a vital part of an organization. There’s also, to quote that master of workplace relations Aretha Franklin, R-E-S-P-E-CT. Working in a job that makes you feel bad about yourself and bad about others isn’t a good way to go through life, and many people enter the technology field precisely in the hope of escaping such a grim reality. Unfortunately, in some prominent cases technologists have reason to believe that working for the government will demoralize them instead of inspire them to rise to the challenge of public service.

For example, the White House frequently proclaims the importance of cybersecurity expertise while simultaneously demonstrating that it cares little for that expertise. White House cyber czar Michael Daniels was recently quoted labeling technical knowledge a “distraction” from policy. As a writer for Vox noted, it is hard to envision a White House economics advisor, attorney general, or surgeon general bragging about how their lack of knowledge and experience in their subject area enhances their ability to see the “strategic picture.” Daniels’ statement sends a very harmful message to prospective cybersecurity hires that is worth unpacking in some detail.

A boss without a technical background who brags that technical backgrounds are unimportant is not a boss that is likely to understand and appreciate the technical details that define challenges his or her employees face. It is true that the job of a senior official is to handle high-level decisions and get whatever information is needed from his or her staffers to do so — no one expects Daniels to do his own penetration testing or malware analysis. But while Robert Gates (a longtime civilian) never shouldered a rifle and fought on the ground, he at least took an active interest in infantry combat. Why would he not, given that the infantry soldier was the backbone of the Iraq and Afghan wars and success depended on taking their needs into consideration?

Leading a complex modern organization requires integrating various levels of abstraction, knowing when to intervene and when to delegate authority, and knowing how the small stuff impacts the big strategic picture. This is true of any organization, not just one that involves science and technology. Why should employees spend their time serving a leader that not only lacks that quality, but brags about lacking it? If Robert Gates had suggested that his lack of combat experience made him that much more qualified to lead the Department of Defense because he wasn’t stuck “in the weeds” of IED explosions and gun battles with Taliban snipers, what do you think the effect on morale would be?

Leaders that technologists will serve must demonstrate that they care about the details. Achieving this is harder than it sounds, as technology (emerging and otherwise) and innovation must be balanced with other policy concerns. However, government leaders at least can avoid repeating Daniels’ mistake. If the head honcho isn’t someone with a technical background, do they at least evince interest? Do they seek out information needed to make good decisions? What steps are they taking to gain the confidence and trust of their employees? Questions of the heart may not be as technically oriented as to what the next great military innovation will be, but security organizations seeking quality technical personnel cannot afford to ignore them.

Providing an appealing workplace, however, is only one half of motivating a technical workforce. Government organizations may frame their mission as public service to benefit the greater good, but they must also put themselves in the shoes of people who have not yet committed themselves to working for Washington. Is working for the national security enterprise the best way to good for the public? Can the military-industrial complex compete with many other valid alternatives?

For example, if Google or another company succeeds in developing and deploying autonomous vehicles, it will fundamentally change American transportation. Traffic accidents may be substantially reduced, parking lot space could be re-allocated to more productive uses, and people could make something out of their commute instead of glaring at the slowly moving car in front of them. In sum, it could completely transform the fabric of modern American life for the better. How does working for the military or intelligence community compare to that?

Surely service to country is a powerful draw, readers may object. Protecting the nation against its adversaries is powerful enough of a motivation to go toe to toe with self-driving cars. Yet mentally remove yourself from the SCIF and try to “think different.” Service to country in the abstract is a fairly powerful motivation. But what does it actually mean? Consider, for example, the complex emotions exhibited by many Iraq war veterans who made great sacrifices and lost friends in battle. Looking at the rapid advance of the Islamic State of Iraq and the Levant (ISIL) into towns they had bled over, many veterans wondered what the point of it all was. Did their sacrifices have meaning? Why did they fight? Certainly fighting for the man with the gun next to you matters, but it also doesn’t quiet these concerns either.

As difficult as it is for veterans to answer such questions, they may be much more difficult for someone outside of the defense community. Defense analysts project their own ideological and political commitments onto the geeks they seek to recruit, without ever considering that the people they seek to woo may at best weakly share those commitments or eschew them altogether. Maybe, as per World War II, talented engineers and scientists would be elbowing each other aside to work for the government if they woke up one morning to see the modern equivalent of Pearl Harbor. But for everything else, the defense world has to make an actual case for why you should help The Man instead of assuming that it is a self-evident or obvious motivator. Aside from Matthew Burton’s blog of the same name, it is difficult to find many examples of government organizations or individual figures making a convincing pitch to the (sometimes skeptical) technical audience they covet.

It’s hard to say whether Burton’s pitch is the best way of making the case for why someone should take their coffee mug and personalized set of Vim plugins to the SCIF. However, Burton gets one core thing right: he anticipates his audience’s skepticism about the moral concerns involved in making oneself complicit by enabling the operations of the security state. Burton relates the story of how James Comey protected his then-boss (a bed-ridden John Ashcroft) from predatory White House officials seeking to usurp the Attorney General’s authority. A security institution cannot base its pitch solely on how obeying authority furthers the mission. It must also emphasize ways in which employees can sometimes further the mission by — like Comey did — dissenting and resisting when the top brass screws up and/or does wrong. Burton, in making his personal case, does not avoid the moral complexity of government service and thus makes a more effective sales pitch. After the Edward Snowden disclosures, tackling this moral issue head-on ought to be at the top of any national security institution’s considerations when thinking about how to gain and retain technically skilled employees.

Besides making an affirmative case for working for the national security enterprise, the government should also emphasize opportunities for synergies between defense applications and wider civilian applications, as DARPA often does. The science and technology behind Apple’s Siri personal assistant, after all, originates from DARPA. Emphasize other larger motivations beyond simply building things that (directly or indirectly) can kill or spy on people more efficiently than the last gadget. After all, to return to the earlier example of the Iraq War, there are many motivations that compel someone to carry a rifle and don a uniform. Services that considered those motivations and needs have gained and retained talented personnel.

The National Security Agency’s recent release of open source data automation software is an example of the kind of small things security organizations can do to make employees feel that they are doing something beyond what is just “good enough for government work.” Finding efficient data science solutions is a hot topic in technology circles, and few organizations (for better or worse) know more about dealing with big data than the NSA. Not all components of the national security community can give away their tools for public use, obviously, but if an organization as secretive as the NSA can contribute to the open source software ecosystem there’s no excuse for other entities to use secret squirrel justifications to avoid at least making the attempt. As Google’s Peter Norvig observed, technologists enjoy being part of larger open-source efforts like programming language standardizations. They create, extend, and maintain projects on open-source sites like Github. The security community should find a way to ensure that it caters to such motivations.

Sweating the soft staff isn’t a panacea. Government work is unlikely to match or surpass the excitement, glamor, and buzz that comes with making a startup or working for a leading tech company, and it certainly will never offer anything close to the high salaries commanded by engineers working for the technology industry’s elite. But even if it is not in the technology industry’s league, the government needs to understand human factors and motivations if it is to play the game well at all. Anyone going on StackOverFlow to make a help request knows better than to ignore forum etiquette — disrespecting forum participants through superfluous or poorly phrased questions is a ticket to getting flamed. The military-industrial complex needs to approach its outreach with a similar mindset. Technologists may spend their time around machines but they are human beings with feelings, emotions, and a desire for purpose and meaning. Unless the government can speak to those needs and motivations, they will be unable to compete with private sector alternatives that both pay well and make technologists feel like they are part of something worthwhile.


Adam Elkus is a PhD student in Computational Social Science at George Mason University and a columnist at War on the Rocks. He has published articles on defense, international security, and technology at CTOVision, The Atlantic, the West Point Combating Terrorism Center’s Sentinel, and Foreign Policy.

We have retired our comments section, but if you want to talk to other members of the natsec community about War on the Rocks articles, the War Hall is the place for you. Check out our membership at!

2 thoughts on “From Dotcom to Dotmil: A Matter of Hearts and Minds

  1. Having been in the private sector of information security since 2000, I have had the pleasure of attending numerous conferences in the DC area and liaising with many in the mil/gov sector. While the article does distinctly point to a much needed cultural approach, it fails to account for antiquated and insufficient requirements, such has requiring advanced analysts to obtain generalist junior level and entry level certifications, regardless of the advanced certification obtainment already achieved. Leaving many in the private sector losing their appetite for bringing expertise to the public sector. As this is similar to back-peddling in one’s career, wasting time and effort, to meet an arbitrary requirement which was not, obviously, designated by anyone of technical prowess but rather chosen at random by someone with, at best, a cursory understanding of information security. Limiting employment eligibility to only those with degrees only in computer science/engineering is also a disservice, as excelling in this field is not based on what you studied in college, but is based on the willingness to learn, to pursue relevant certifications, talent, OTJT, and continual growth and experience in the field. Further, given my experience in companies which scale that of the of the military complex; though innovation is encouraged, navigating the bureaucratic channels can be stifling to bring those innovations to fruition even in the private sector. While the new pitch may be good PR it differs greatly from my colleagues in the government sector describing the hurdles they must endure, those stories bring into sharp relief the agility of private sector information security professionals to meet rapidly changing threats and priorities.

  2. Agree with all of that. But I think that it sort of gets to the more general issue I pegged with my ref to the White House czar flap.

    One specific way that a decision maker might demonstrate valuation of skills and knowledge is by lowering such hurdles and arbitrary requirements. That being said, I didn’t go into that level of detail because I felt that a lot of articles of this nature are rooted in laundry lists of policy suggestions.

    The overall issue is, I think, whether policymakers take an active interest in such policy details to begin with — as opposed to ignoring them. That’s something I want to encourage them to do.