Employment is not as cut and dry as you might expect, even for cybersecurity professionals. Growing up, we tend to picture employment as the standard 9-to-5 schedule that many of us remember our parents working. However, that is not the only employment form out there, and it is not the only viable version for cybersecurity professionals. Two primary options exist; full-time employment and contract work.
The real question is about which option is the best. While full-time employment offers a variety of benefits and advantages, contracting has its own benefits that you cannot usually have on a full-time schedule.
What is Full-Time Employment?
The most common and generally sought-after form of employment, full-time employment is the one with the most guaranteed hours. According to the Internal Revenue Service (IRS), full-time employment is defined as an employee that works at least thirty hours per week and one-hundred-and-thirty hours per month.
When trying to assess whether an employee is full-time or not, there are two methods used by the IRS’ standards:
- Monthly Measurement: The monthly measurement review for an employee’s work history in a company involves looking back at the employee’s work hours for the month. If the employee has worked a minimum of one-hundred-and-thirty hours, they are considered full-time.
- Look-Back Measurement: The look-back measurement review involves an employer examining the hours worked by an employee in the preceding pay period. If the employee has worked a minimum of thirty hours in the pay period, they are considered full-time.
The hours worked by a full-time employee include those where they are present in their place of employment and completing tasks. The hours worked also refers to those hours where an employee is incapacitated and unable to fulfill their duties. This includes illness, jury duty, and several other criteria that would otherwise impede their work attendance.
What is Contract Employment?
Unlike a full-time employee, who is expected to work a specific amount of time per month for a single company, contract employees are not bound to any one employer. A contractor is hired by companies or private parties to complete a specific assignment for a set fee that was negotiated before beginning the assignment.
Contractors are usually specialists hired for specific projects by an employer that requires niche expertise that is otherwise unavailable in the full-time employee skill pool. While contractors are hired specifically for these projects, they are rarely given full-time positions with the providers of these contracts and are dismissed after the project is completed.
Contractors and full-time employees are different in how they work for a company and the benefits and issues they face. Some of the primary differences include:
- Tax Forms: Full-time internal employees file W2 tax forms to the IRS, with their income tax directly deducted from their paycheck automatically. Contractors are issued 1099 tax forms, which means they are responsible for filing and deducting their taxes from their pay themselves.
- Duties: Full-time internal employees are expected to complete a set of tasks and assignments dictated by their employers on a regular basis. Contractors are hired for one-off projects and are released from the company’s employ after completion.
- Training: Full-time internal employees are given broad-spectrum training to encompass several necessary skills and duties. Contractors only receive provisional training on the company’s goals to complete the assigned project to the company’s satisfaction.
- Hours: Full-time internal employees are expected to work from a set beginning to a set end time every day. Contractors are free to choose when and how long they work on a project per day, subject to clauses in their contract.
- Pay: Full-time internal employees receive regular, set payments on a specific schedule. Contractors negotiate their price before being brought on to the project and receive their payment after the project in question is complete. Alternative payment schedules may also exist for larger ongoing projects, including deposits and milestone payments.
- Travel: Full-time internal employees who are required to travel for work purposes have their expenses handled by their employer. Contractors who are required to travel for work purposes are expected to handle the expenses themselves unless otherwise negotiated.
- Benefits: Full-time internal employees enjoy the benefit of health, life, dental, and vision insurance and occasionally 401(k) benefits. Contractors do not receive company-provided insurance benefits or 401(k) benefits due to being personally responsible for their own finances.
- Time Off: Full-time internal employees are given a legally mandated amount of paid time off per year. Contractors are not given any paid time off due to having no permanent ties to a company.
It is not hard to see the differences between contractors and full-time employees as they pertain to the companies they work for. While full-time employees enjoy a degree of stability even when ill or facing retirement, contractors enjoy the ability to negotiate their fees with their potential employers.
Like all positions, cybersecurity professionals enjoy all the benefits all full-time employees enjoy with their respective careers. A full-time cybersecurity professional will get the same paid time off, insurance, and general career benefits that a full-time employee at any other industry would. As for what a full-time cybersecurity professional deals with on average, a day in the life of a full-time cybersecurity professional is no walk in the park.
A full-time security engineer is responsible for solving the issues of a customer with an application or website designed by the firm for which they work. However, the average workday for a full-time employee of this nature does not have what you might view as a typical workday.
“There is no typical day. You have to be fluid, adaptable, and willing to change gears based on customer needs. A typical day is 8-10 hours made up of customer development, technology learning, relationship building and problem-solving.” – Anonymous Security Engineer.
Because an individual customer’s needs may differ from one another, a cybersecurity engineer must be ready to tackle multiple, varying issues on the same day without an issue. The frontline security analysts also need to adjust their schedules and daily activities to accommodate the issues that arise throughout the day rather than standing by a rigid schedule.
“Long. Meetings are typically scheduled from 8 am to 6 pm, but security incidents don’t really care about when you’re scheduled to be working so we’re very schedule-flexible. A typical day is all over the place. We’ll have an investigation or two, run through some security lab attack demos with prospective customers, and then taking customers through our DLS OPS process to make sure their DatAlert install is working for them as intended.” – Anonymous Security Analyst.
Full-time employment as a cybersecurity professional is challenging and time-consuming but offers the benefits of high pay, time off, and insurance that will allow you to maintain a stable career path.
When it comes to contract cybersecurity projects, you are likely looking at less of a long-term investment in whatever work you are doing for your employer. Contractors do not have the benefit of a constant, stable income with benefits that full-time employees enjoy.
The upshot of being a contractor is that you can negotiate your fee with the company soliciting your services. Contractors enjoy the potential to earn substantially more than full-time employees in the cybersecurity field but may encounter difficulty getting consistent work over those with full-time positions.
The main benefit of being an independent contractor is the flexibility in your work schedule. Because you exist as an outside source of labor for the company, you are free to pursue the schedule that suits your personal needs to work on their project. Obviously, this does not mean you can ignore the work but can instead prioritize the assignment with other professional and personal obligations as needed. It also means you are not required to report for duty at any specific time and are not required to remain at the office until any specific time.
“As long as I want it to be since I’m self-employed. That being said, I really enjoy what I do and it’s not unusual for me to spend 12 to 15 hours a day, either working on some project or practicing for CTFs, creating tools to help me be more efficient or improving my infrastructure by setting up a new service or improving the security of my own network. Once in a while, I’ll take an afternoon a week to try something completely new. I often just pick up a random video from an academic institution, a tech company, or a researcher to push my comfort zone a little bit.” – Anonymous Security Architect.
The freedom of schedule and income that a contractor enjoys can serve as excellent motivation to pursue such employment over full-time positions. However, it does require a great degree of self-discipline, fiscal responsibility, and time management that full-time employees may not necessarily require.
What is Expected?
One detail that should be considered is what your potential employer expects of you professionally in either full-time or contract work. While the main, generic differences between the two employment methods have already been discussed, your prospective employer will always have their own standard that they will want to be followed and their own list of responsibilities that will vary from one type of employment to the other.
One example of a full-time cybersecurity position for a cyber watch analyst found on Indeed’s website details exactly what kind of schedule and responsibilities they expect from you. The ManTech International Corporation expects its cyber watch analyst to maintain hours 24/7. Meaning they expect their employee to be available to report for duty whenever necessary regardless of holidays or weekends. With a salary estimate of approximately $116,000.00 a year, that likely seems like a small price to pay.
Another employment example found on Indeed is for a vulnerability management analyst for Next Generation. Unlike the position cited for ManTech International, Next Generation’s position is a contract position, meaning the completion of the contract terms means complete divorce from the company unless hired for additional work down the line. This position’s only schedule requirement is that the contractor operates during the company’s day shift and works on completing the project over six months. This allows for a bit more flexibility in the contractor’s schedule and allows them to participate in company-based operations around their own needs and requirements rather than a set, concrete schedule established by the employer.
What Should You Choose?
If you came here looking for a clear-cut answer as to whether full-time employment or contract-based employment is superior to the other, you might be disappointed to learn that there is no such answer. The reality is that the best route for cybersecurity professionals is entirely dependent on the sort of individual you are and your personal work ethic.
If you are looking for a career with stability, consistent income, and insurance benefits, you will likely be better off seeking full-time employment. You will enjoy the benefits and not have to concern yourself with deducting your income tax from your checks yourself. The real advantage is that you will have consistent work and not have to worry about dry spells in which your expertise is not needed.
If you are looking to self-manage, name your own price, and are not concerned with paying for your own insurance, benefits, and taxes, then contractor work is the ideal option. You will be able to seek employment with multiple companies without having to worry about exclusivity and negotiate your fees based on your professional background. Add to that your ability to make a schedule that works for you rather than your employer.
These are not the only two options available to a cybersecurity professional. Some cybersecurity professionals form their own companies and sell their services in a business-to-business relationship. Others work as third-party investigators for government and law enforcement agencies. There are many options available to a dedicated and self-motivated professional.
It all comes down to what kind of worker you are and how you prefer to get things done. Cybersecurity is an ever-growing field with an equally growing learning curve that will require you to keep up to date on the newer techniques and codes that develop. So, you must be able to adapt and grow with your field regardless of what kind of employee you are.