Totally. I think comp is a necessary but not sufficient precondition for fixing government technology. The actual solutions (good authentication and least privilege systems, robust monitoring, rapid intrusion detection and response, secure by default system architectures) all take talented people to execute and the government doesn't have enough of those in-house. Instead most systems are built with a 7-figure contract to Booz Allen and friends and then maintenance and sustainment is left as an exercise to the reader.
This is a common misperception but it’s not that simple. Here’s an old study discussing how it varies based on the field, where the lower level jobs do tend to pay better but higher-skill jobs have the opposite trend:
Since the Obama era, this has gotten worse because there were a ton of people trying to score political points saying they were cutting waste by freezing civil servants’ salaries and that really got ugly in tech jobs because salaries were booming once things like the Silicon Valley wage collusion lawsuit and high demand for security, DevOps, etc. started raising the ceiling for the private sector. In 2010 the top end of the GS scale was competitive once you factored in benefits, hours, etc. but a decade later that just wasn’t the case. I knew multiple people who were trying to stay in the public sector but it was literally 2-3 times more money if they went private even though their skills were considered mission critical for their agencies.
This sabotages contract work, too, because there isn’t anyone qualified to guide or review the work and that tends to burn orders of magnitude more money than simply paying more directly would.
That study is a decade old and covers a very limited 4 year period right after the big 2008 recession where the private sector took big losses and had a glut of college graduates competing for entry level jobs. Even then it shows specialized and highly educated workers doing far better in the private sector.
On the other hand, private companies treat security as an almost unnecessary expense, cutting corners. And playing roulette with whether they get hacked.
I think our whole paradigm of computing is unfit for the adversarial world of today. Our systems are like loaded guns where you need to hold 1000 safeties (some of them hidden) for it to (probably) not fire. It's absurd how hard it is to make anything.
Oh, we're good on safeties. The problem is people for whom an additional click an hour or some thoughtfulness making some decisions is a breaking software issue.