Main image of article How Cybersecurity Pros Can Pivot Their Career During Federal Layoffs

Summary

The first three months of the second Trump administration have proven especially difficult and anxious for federal workers, with the Elon Musk-led Department of Government Efficiency (a.k.a. DOGE) overseeing significant cuts to agency budgets and their workforces. 

While keeping track of various firings and announcements is challenging, one estimate by Oxford Economics calculates that about 200,000 federal employees will be affected by these cuts, with an economic impact that will be felt across the U.S., especially in the Washington D.C. area. (Federal judges have also ordered the administration to rehire thousands of workers as court challenges and lawsuits make their way through the judicial system.)

These cuts have affected federal IT and cybersecurity workers as well as other employees. At the U.S. Cybersecurity and Infrastructure Security Agency, approximately 300 to 400 employees have been fired—about 10 percent of the workforce—and grants and contracts with outside partners have also been eliminated, according to published reports.

The federal government’s loss, however, is a gain for some state and local governments in need of skilled cybersecurity professionals during a time when the cybersecurity labor market remains tight. The Wall Street Journal reported that New York, New Mexico, Pennsylvania and other state governments are actively recruiting CISA workers and other displaced cyber pros to help boost security defenses at the local level.

Besides knowledge of state and federal systems, the WSJ reported that many of these cybersecurity pros are needed for their skills in regulatory and compliance issues as well as overall security planning. It’s not surprising that enterprising state agencies and recruiters are eager to hire these tech professionals from CISA and other federal agencies, said Dave Gerry, CEO at Bugcrowd.

“CISA workers have a strong reputation in the cyber industry—based on the work they've accomplished in the last few years,” Gerry recently told Dice. “While the federal government may believe they don't need them, states are eager to scoop up strong cyber talent. For the workers, focus on the measurable advances that CISA has made—from public/private partnerships, expanded vulnerability reporting and the recent Secure by Design launch.”

As more cuts are likely to be announced, and the Trump administration signals that its plans to move more cybersecurity responsibility to the state level, federal cyber workers who are interested in state and even municipal work can sharpen their resumes and skills to make themselves more attractive to recruiters eager to bolster their workforces with new talent.

Since the start of the year, CompTIA estimates there are about 1,700 open cybersecurity positions at the state and municipal level within the U.S., according to the WSJ. This situation is creating opportunities for cyber pros leaving or being forced out of federal government jobs and willing to relocate while staying within the public sector.

While working at CISA or another federal agency helps with making initial inroads with recruiters, there are other ways to change a resume or CV to get noticed for state and municipal opportunities, noted Jason Soroko, a senior fellow at security firm Sectigo. These skills can include experience with federal security protocols as well as hands-on experience automating systems that can save money as budgets tighten.

“By highlighting hands-on experience with automated monitoring, incident response and digital transformation initiatives—such as state-sponsored bug bounty programs—candidates can demonstrate their ability to meet the unique challenges of state-level operations,” Soroko told Dice. “This approach should underscore a commitment to innovation and align with the need for agile, cost-efficient cybersecurity strategies in state agencies looking to modernize.”

Another way to create a more strategic resume for state and municipal work is to review the document and remove federal government jargon and highlight universal skills instead, said Stephen Kowski, field CTO of SlashNext.

An example Kowski used is to change a phrase such as “Trained junior analysts on security protocols” to “Mentored team of five analysts, leading to faster incident response times.” 

“State employers value professionals who can detect sophisticated threats in real-time across multiple channels, so emphasize your experience with advanced detection technologies and your ability to stop zero-hour attacks before they compromise systems,” Kowski told Dice. “Remember that state agencies face many of the same challenges as federal ones but often with smaller teams, so demonstrate how you’ve maximized resources while maintaining strong security postures.”

While federal cybersecurity workers have many of the skills needed by state and municipal agencies, these pros can face some of the same obstacles military veterans encounter when translating their experience into new positions in either the public or private sector, said Chris Gray, field CTO at Deepwatch.

Federal workers need to find ways to communicate their skills, ensuring alignment to the needs of potential employers while breaking free from the jargon-laden language that they have operated within for several years, Gray added.

“I generally recommend that those transitioning take a moment to look for job roles that equate to what they have done. Keyword searches, role titles, and job descriptions all provide ample comparison points,” Gray told Dice. “From there, the job seeker should look at the other desired duties, capabilities, and metrics that trend across various instances of their desired roles. For good or ill, there will be considerable overlap, and this is the language that must be spoken. The leap from federal to state is not as huge as many believe.”

Federal workers must also understand the requirements—such as location—that state government agencies are looking to fill. An upside, however, is that with New York, California, Colorado and Washington in the hunt for workers, salaries are likely to be competitive even with the temptation of private sector work.

“Many of these salaries may be excessive to expectations at state-level employment. We know that the private sector tends to pay out more aggressively. That said, understanding how things compare can help temper the temptation to jump at the first opportunity,” Gray noted.

One clear advantage that CISA workers have is that many worked with their state counterparts on various cyber initiatives over the past several years, which helps during the transition to a new agency, said Darren Guccione, the CEO and co-founder of Keeper Security, which is based in Chicago.

“Those [cyber pros] looking to transition into state roles can stand out by highlighting their experience in securing critical infrastructure, managing public-sector risks and responding to complex threats—critical skills for protecting essential services and mitigating the impact of cyber-attacks on public systems,” Guccione told Dice. “Federal agencies like CISA already collaborate closely with state governments through joint risk assessments, incident response efforts and the sharing of threat intelligence. These overlapping areas of expertise can facilitate a smooth transition, allowing federal cybersecurity professionals to build on these familiar partnerships.”

The one issue that Guccione sees: by hiring former federal cyber workers, states and municipalities will not automatically solve all of their security woes. “To build resilient defenses, states must go beyond hiring—investing in continuous training and encouraging strong public-private partnerships to equip and position their teams to stay ahead of the cybersecurity curve.”