The growing acceptance of marijuana raises questions for cybersecurity industry about potential workforce adjustments.
In the ever-evolving landscape of workplaces and drug policies, two distinct areas have recently come under the spotlight: marijuana use and cybersecurity.
According to the 2020 State of Cannabis report, the overall use of marijuana increased in 2020 due to factors such as more time at home, external stresses, or increased legalization. This uptick was part of a larger issue companies are too comfortable avoiding, according to David "Moose" Wolpoff, CTO and co-founder of cybersecurity firm Randori.
On the other hand, the cybersecurity industry presents a different picture. Data from Burning Glass Technologies reveals that only 5%-6% of cybersecurity jobs require drug testing in the private sector, a stark contrast to more than 80% in government positions. Interestingly, compared to other IT jobs, cybersecurity roles are twice as likely to require drug testing.
As more states pass marijuana-tolerant laws, whether for medicinal or recreational use, the federal government and private industry are at a policy standstill. Approval of recreational marijuana has been on the rise for the last decade, with 68% of Americans supporting legalization, according to a Gallup survey.
In the United States, 40 states have legalized marijuana for medical purposes as of 2025, with varying years of enactment depending on the state. For instance, Washington was among the earlier states with medical cannabis laws by at least 2014. However, the federal government classifies cannabis as a Schedule I drug, meaning the substance currently has no "accepted medical use" and also has "a high potential for abuse," according to the Drug Enforcement Administration.
This dichotomy is particularly evident in the employment sector. John Jackson, a senior application security engineer at Shutterstock, has worked as a budtender in a medical dispensary in Colorado. Jackson finds drug screening for medicinal use unfair and feels that individuals who use marijuana for health-related reasons may opt out of a medical license because it goes on their record.
In an attempt to address this issue, employers in New Jersey are not allowed to take "adverse employment action" based purely on cannabis use. Similarly, in New Jersey and New York, applicants cannot be eliminated from job consideration if they test positive for marijuana under the law.
However, the FBI's drug policy, which applies to medicinal use of marijuana, remains a barrier to entry in the cybersecurity field, as other security-related fields have similar requirements. Former FBI Director James Comey criticized the FBI's longstanding drug policy, and the policy's rigidity could unintentionally deter candidates from applying for a cybersecurity job in public or private industry.
As companies in marijuana-friendly states move away from zero-tolerance drug policies and focus on behavior analysis based on performance or safety reviews, it seems that the future of drug policies in the workplace might be undergoing a significant shift. This shift, however, is not without challenges, as the intersection of marijuana use and cybersecurity continues to present complexities that need to be navigated carefully.
Read also:
- Understanding Hemorrhagic Gastroenteritis: Key Facts
- Stopping Osteoporosis Treatment: Timeline Considerations
- Tobacco industry's suggested changes on a legislative modification are disregarded by health journalists
- Expanded Community Health Involvement by CK Birla Hospitals, Jaipur, Maintained Through Consistent Outreach Programs Across Rajasthan
