FBI director James Comey admitted this week that the Bureau may have to change its zero tolerance policy on operatives who smoke marijuana after claiming that many potentially top cyber recruits enjoy the occasional toke.
Speaking at the White Collar Crime Institute in New York on Monday, Comey claimed that he was “grappling with the question right now” of how to reconcile the fact that many IT whizz kids smoke weed, with the FBI’s stance, according to the Wall Street Journal.
The Bureau’s strict screening procedure apparently excludes anyone who has had a smoke in the three years prior to an application.
However, having just been authorized by Congress to recruit 2,000 additional agents this year – many of whom will be assigned to work on cybercrimes – Comey has found himself under increasing pressure.
“I have to hire a great work force to compete with those cybercriminals and some of those kids want to smoke weed on the way to the interview,” he said, according to the report.
Comey even reportedly told a conference goer whose friend had backed away from applying because of the policy, to “go ahead and apply” anyway.
The comments highlight the continued difficulty law enforcers have in competing with cyber gangs to recruit the best programmers and hackers out there.
More than half of respondents (56%) to the most recent Global Information Security Workforce Study from ISC² last year said they felt their security teams were short-staffed.
The UK’s National Crime Agency announced plans last October to recruit another 400 specialist cybersecurity officers to join its existing team of 4,000, however it’s not known whether all of these positions have been filled yet.
Brian Honan, special advisor to Europol’s Cybercrime Centre (EC3) told Infosecurity that many law enforcement agencies have strict rules on hiring to ensure they do not open themselves up to criminal charges.
“However, I do not think the challenge the FBI, or any other law enforcement agency, faces in hiring top notch security talent is whether or not the candidates have had minor brushes with the law in their past,” he added.
“Rather it is these agencies inability to compete with the salaries and remuneration packages top talented people can get in the private sector.”
This was highlighted perfectly by reports emerging last week that a cybercrime boss had offered hackers-for-hire a Ferrari if they could win an “employee of the month” competition to develop the most lucrative attack campaign.
By contrast, an annual starting salary for one of the NCA’s new intake will be just £22,407, rising to £24,717 after two years training.
Honan argued that law enforcers could overcome the challenge by establishing a “police reserve force” where experts can volunteer their time to assist in investigations.
For the record, the NCA told Infosecurity it has a “zero tolerance approach to undeclared drug taking by serving officers”.
“Whilst previous drug taking is not necessarily a barrier to employment provided people are open about it, applicants are told not to apply if they have taken illegal drugs in the preceding 12 months. All successful applicants are subject to security vetting checks,” it added.
John Colley, MD for ISC² EMEA, told Infosecurity that UK cops have tried to combat recruitment problems by training up existing officers.
“The issue that has arisen is that once these officers get the appropriate skills and experience they are enticed away from law enforcement by the higher salaries these skills attract in industry,” he added. “There is no easy solution to this problem, one approach might be for industry to work with law enforcement and provide some of the expertise to fill this skills base on either a pro-bono or voluntary basis.”