Marijuana shouldn’t be obstacle for federal cybersecurity jobs, Kemba Walden tells DEF CON

The Office of the National Cyber Director (ONCD) wants to recruit hackers to help pull off the federal government’s ambitious cybersecurity agenda—and current or past cannabis use isn’t necessarily a disqualifier anymore, its chief said.

Acting NCD Kemba Walden told attendees at DEF CON 31 in Las Vegas on Aug. 11 that the recently released National Cybersecurity Strategy and its implementation plan are “recognizing that cybersecurity risk and responsibilities now fall down to the least capable actors.” Walden said she and her team came to the hacker conference in part because  new cybersecurity talent is badly needed to raise that bar.

“I’m finding that the private sector is suffering too, but the one barrier the private sector doesn’t have but what we do have is you pay a lot more,” Walden said. “But we have a better mission.”

DEF CON founder and security expert Jeff Moss quipped: “But in private sectors, they can smoke marijuana.” Moss argued that the “quantitative lifestyle difference” demanded of federal employees poses additional barriers to recruitment.

“I actually agree with you,” Walden said. “And I will tell you that we are thinking about how to evolve our process.”

“I would suggest that if you do smoke marijuana or have in the past, you can still apply for a job,” she added.

Walden recently withdrew as a candidate to remain permanent national cyber director, reportedly in part because the White House concluded she had disqualifying amounts of personal debt. The decision was reportedly unpopular throughout the cybersecurity community. Joe Biden’s administration has nominated career intel official Harry Coker Jr. instead.

The Daily Beast reported in early 2021 that even after the Biden administration indicated it would look the other way on marijuana usage for White House personnel, it disciplined or requested the resignation of dozens of staffers whose background checks contained admissions of cannabis use. Former press secretary Jen Psaki later tweeted that “only five people” were fired. That year, Cybersecurity Dive reported, data from Burning Glass Technologies indicated only 5%–6% of private cybersecurity jobs involved drug tests, while over 80% of government ones did.

The New York Times reported that several agencies acknowledged the rules had become a major obstacle to finding qualified candidates, and have since shortened marijuana abstention requirements. A recent survey of 18–30 year olds found that 21% worried that reporting prior drug and alcohol use would bar them from obtaining government jobs requiring security clearances.

Last month, representatives from both parties cosponsored a bill in the House that would roll back rules against current or former marijuana users gaining security clearances or federal jobs, as well as allow those previously rejected on those grounds to appeal their denials.

But drug use is far from the only obstacle to recruiting the feds face, Walden told the audience at DEF CON.

“We need to figure out what barriers we put on ourselves, and how do we now close them,” Walden said. “Do we need four-year degrees? Do we need really expensive certification? Or how do we get people trained in these skills, upskilled, and meet them where they are? Not everybody has over a thousand dollars to take a training course.”