Security Clearances with John F.

Matt from StartaCyberCareer.com 

This is an interview with John Fenner, who works as a Security Architect for a government contractor. In this interview, John explains some of the nuances of having a security clearance. If you need more information on security clearances, you can view our security clearance guide here.

Hi everybody, this is Matt with startaCyberCareer.com.  I’m in the office with John Fenner, who is a systems engineer and security architect.  So, you work for a for-profit company, you have a security clearance and your company will sign a contract with a federal agency to perform some kind of cybersecurity service, or systems maintenance, whatever it might be, and you’re part of that contract.  Is that right?

John Fenner:

That’s correct.

Matt from StartaCyberCareer.com 

So the security clearance is required in your situation because you’re working with a federal agency, although not for a federal agency? 

John Fenner:

That’s exactly it.  So we are on a day-to-day basis dealing with classified systems or protected systems, and because of that the federal requirements are that the contractors have to supply cleared individuals.

Matt from StartaCyberCareer.com 

Okay.  So to be clear to everyone, none of the systems that you’re working on are for-profit systems, like Amazon’s database or things like that, but are government systems.

John Fenner:

Exactly.  In the world of security clearances, once you’ve got that clearance you really do want to hold on to it, because it’s much easier to hold that clearance than it is to give it up and try to get reclassified.

Matt from StartaCyberCareer.com 

Is there a pay difference that you’re aware of, that you’ve seen from a job like yours that does have a clearance and the exact same job that does not have a clearance?

John Fenner:

I have not done a position to position salary comparison, but I would assume that there is a benefit to having the cleared position.  I do know that once you have the clearance, my company is always looking to hire someone who already has the clearance, and there are some pretty substantial retention incentive bonuses, if I can bring somebody in who already has a clearance.

Matt from StartaCyberCareer.com 

If someone is watching and they do not have a clearance, and they feel that based on their background they could get a clearance, and that’s the route they want to go, how can they get started on the clearance track?

John Fenner:

So I would say there are probably two paths for that.  One track would be through the contractor. I would say the contractor route is a little more difficult, especially if you’re coming in from an entry-level position, because typically if the contract requires a cleared person, the company can’t hire you and immediately put you on a contract.  They have to hire you, put you on overhead while the investigations are going in place, and companies are a little bit less likely to do that because it cuts into their profit.

Much more common is to go into the government route. There is a website that is specifically to recruit security professionals that are going into government service.  That way the government can take you onboard, maybe give you an interim clearance, until you get a final clearance and can progress in your career. 

Matt from StartaCyberCareer.com 

The security clearance is a huge thing in our field.  So to review, you have the option of getting directly into the government, and if you do that, the government would sponsor you.  You could always leave the government at some point, and take the clearance with you, because it’s yours. Or less likely, try to get a job with a contractor and hope that they can put you through the process to get your clearance.  That’s asking a lot of a company to hire you and bring you onboard and pay you, especially since they can’t put you on a contract.

John Fenner:

Especially the small companies, that might not have the overhead where they can afford that.  The larger companies, certainly they can probably do it, and many of their contracts might not require a security clearance, so they can put you on a different contract while your clearance is being adjudicated.

Matt from StartaCyberCareer.com 

What restrictions do you have on you now that you have a clearance?

John Fenner:

There are a couple. There are what’s called three lifelong commitments that you have. One is to report any time that there is a  breach of confidentiality. If secure information that is under my control has been inadvertently released oh, I have an obligation to report that. Even after my clearance is gone.  That’s a lifelong obligation that I have. Another one of the lifelong obligations that I have is called a pre-publication review. Any time that I submit a document that is going to be published or put into the public domain, It has to be reviewed by a government agency, to review it to see if there are any security disclosures.  The third requirement is to report any kind of suspicious contact. Even after my clearance has been revoked or I’m retired. If someone approaches me and if it appears they are trying to get classified information, I have an obligation to report that. So those are my lifelong obligations. 

In terms of my day-to-day requirements, things like if I want to go out of the country, I have to get permission to leave the country before I leave.  There are some exceptions with Canada and the Bahamas, places that are close to our borders, if you’re just going for a day. By far it is much more advisable that if you’re planning a vacation, about six months before, you tell somebody and get permission before that happens.  Also, my resume, If I want to put my resume out there in the public domain, that means it has to be reviewed.

Matt from StartaCyberCareer.com 

So, if you were looking for another position, they would know, because it has to be reviewed? 

John Fenner:

Correct.

Matt from StartaCyberCareer.com 

So you do need permission to leave the country. I assume that when you get back, there are some questions?

John Fenner:

There is some paperwork that has to be filled out. It’s basically, ‘was there anyone who approached you, was there anyone looking for information, were you detained unnecessarily’. Things that would indicate that a foreign agent was trying to leverage you to get information.

Matt from StartaCyberCareer.com 

One thing that I’ve heard of is that they will ask during a background check if the person has a lot of debt, or is the person under financial stress.  If you decide that you want a side income or to start a side business, do you have to report that? 

John Fenner:

Yes, absolutely. And there are other lifestyle events that you must report. Any kind of law infraction. If I get a speeding ticket, I have to report that to my company. Not so much that they care that I was speeding. But if it’s something that could be leveraged, so that I could provide classified information to someone who had that knowledge, the government wants to know about that, and my company wants to know about that.  So I do have to report that to them.

Matt from StartaCyberCareer.com 

If you were to get a DUI, how does that affect your job or your clearance?

John Fenner:

It’s definitely not an automatic revocation of your clearance. But it doesn’t look good. The government is looking for people who are reliable, have good character, and not someone who is going to be perceived as having a weakness that a foreign actor could exploit.

Matt from StartaCyberCareer.com 

What do they want to know about your family?

John Fenner:

Any kind of foreign national association has to be reported. Either it’s from me or from my immediate family. Even if I were to have a step-sister or sister-in-law who is making frequent trips out of the country because that is her line of work, I would have to report that.  Even if I were to have a next door neighbor who is a foreign national, I would have to report that. Because it is an association with a foreign national. And that comes out in your security background investigation. Background investigations are periodically reviewed about every three years or so. About every three years I have to fill out my whole family history all over again, places I’ve lived, cars I’ve owned.  And investigators will go and verify that information.

Matt from StartaCyberCareer.com 

Let’s say that you disclose that you have three new Porsches. Are they going to be curious about that?

John Fenner:

Absolutely!  As a matter of fact, the financial disclosure is an annual requirement. So every year I fill out a security financial disclosure statement, where I list all of my bank accounts, all of my holdings, where my income is, where my money is.  Additionally, if there are any kind of debt obligations against me, unpaid bills, or things like that. They are looking for an unexplained increase or absence of wealth. They are looking for someone who may have been compromised, or could be compromised.

Matt Day

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity and technology training fields. He holds CompTIA A+, Network+, Security+ and Cisco CCNA certifications, and is the author of the book CCENT Troubleshooting Guide.