Having worked in the DOD as a civilian--many of us have left the DOD for bigger paychecks. Why work for 90K when you can get nearly twice as much working for civilian companies. All who are now heavily investing in InfoSec. Another up-side, is I don't have to live life like an angel...worrying about losing my security clearance... and/or having my life turned upside down every 5 years dealing with a clearance investigation.
This is putting the DoD in hard times with InfoSec. Most of the civilians/military leadership O-5/GS-15 and above aren't proficient in technological computer fields--let alone information security. They are pilots, business grads, etc. Almost everything but a computer engineer, MIS, development, etc. education. So they aren't exactly proficient at leading--or understanding the support needs of computer professionals. Such as security hardware, cloud infrastructure, etc. Since they don't understand it... they don't get the right items implemented and make poor decisions.
Until the DoD and defense contractors get in line with civilian salaries, they will only be able to attract professionals right out of college--only to watch them leave after 4 years.