Slashdot Mirror
DHS Wants To Hire 1,000 Cybersecurity Experts
Cyrus writes "DHS Secretary Janet Napolitano plans to hire 1,000 security experts over the next three years. 'Department officials could not say precisely how many cyberexperts now work at DHS and its various component agencies such as the Secret Service and Immigration and Customs Enforcement. Napolitano said she doubts it will be necessary to fill all 1,000 of the authorized positions, but she is focused on making DHS a "world-class cyberorganization."'" Cringely points out, "There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!," except he uses all caps and bold.
...may as well throw my hat in the ring.
The CB App. What's your 20?
Cringely points out, "There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!,"
No matter. These guys will be the "cybersecurity" equivalent of the TSA goons at the airport, probably with a management culture even worse than those poor slobs have to live with.
When information is power, privacy is freedom.
When they can make over 6 figures easily, with private company perks and bonuses working outside the government.
If the DHS wants qualified people, they need to pay a competitive salary. Of course, u
The price is always right if someone else is paying.
Is there a major I can take in college?
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
If you have a good shot at faking your way through being a cybersecurity "expert", seems to me this would be a pretty sweet gig. Few things are more entertaining than being paid big bucks to be part of a giant clusterfuck as it unfolds.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
Would knowing that there aren't a thousand experts out there make me an expert?
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
Yes, when a home land is equipped with 1000 security experts and 1000 other mathematics experts, that's the ultimate security and we can all sleep well.
"...she is focused on making DHS a "world-class cyberorganization."'"
Because heaven forbid a US federal government agency should be satisfied with being only US class. After all, we have a world to protect from itself.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Of course after the web-site of the organisation was attacked.
And he then joined the ranks of NATO headquarters in Brussels
as a security expert.
level enough?
of course a US citizen
...as long as they can't hire Bruce.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
..."There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!,"
And he would certainly know, wouldn't he? World-reknowned expert that he is. On everything.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
type "sudo yes > /dev/sda"
It will secure /dev/sda by making sure only root can say yes to system operations.
he's their kinda guy.
Build your own energy sources from scratch. http://otherpower.com/
GS-15 pays 6 figures. combined with federal Job For Live(TM) job security, retirement perks that will allow you to continue as a "consultant" making the same salary for 20 more years, and virtually unlimited teleworking... i think that is pretty good deal. I'll sign up
aEN
Will you idiots please stop prefixing stuff with "cyber"? I know you're trying to make yourselves sound all cool and tech-savvy, but all you're really doing is sounding like someone from a bad 80s sci-fi movie.
"Cyberorganization"? What the hell does that even mean? You use computers and computer networks? Computers and computer networks are your primary focus? Big goddamn deal! You don't see Microsoft or IBM or Cisco calling themselves "cybercorporations", do you?
Look at me, I spend a lot of my time on the Internet! I'm a cyberperson!
I repeat:
DHS == Gestapo
to confirm, DHS === Gestapo
DHS's cyber security operation is headed by Phil Reitinger, who's from Microsoft. So DHS won't be allowed to do anything that would seriously impact Microsoft's business models. Which means nothing significant will happen. Here's his list of priorities. You'll see the problem.
The first guy in that job, Amit Yoran, came out and said the big problem was weak security in Microsoft operating systems. He was ignored, then quit in disgust. The next guy was Cisco's lobbyist, who was not only useless, the job was downgraded during his tenure.
I'm not expecting much from that crowd.
and here's a good first choice: pick a more secure operating system for their servers and workstations. Last I heard, Microsoft had a fat contract to supply Windows to DHS. If they really want to make themselves look good (from a security perspective) dropping Microsoft would be a good first step.
The higher the technology, the sharper that two-edged sword.
I have a fairly long track record in the security industry, and I'm really puzzled by Cringely's assertion. It's hard to tell if he is trying to make a point out of a semantic squabble, or if he genuinely believes that the information security community has fewer than 1,000 competent experts.
If the former, yeah, the term "cybersecurity expert" is unfortunate - but it's clear it's just PR speak for "information security professional". Cringely then attempts to define that first, largely meaningless term, and then polls his anonymous friends (who themselves probably do not fall within that definition) to come up with wild guessess.
If the latter, yes, we definitely have more than 1,000 security experts. There is something around 500 emitent, internationally recognized folks publishing books, research, and otherwise contributing to the "cutting edge" of the industry. Then there's another 500-1,000 top-tier, notable security VPs, CEOs, etc, working for Fortune 500 companies (they may not all be technically savvy, but they *are* the industry). Then, there is probably something close to 200,000 security professionals working for companies around the world - we have something like 50,000 registered CISSPs alone (which is a certification largely inaccessible to hobbyists, and pursued by a minority of infosec workers), something around 50,000 subscribers to BUGTRAQ and other security mailing lists, etc.
Does this mean that DHS would be able to hire 1,000 competent experts? Unlikely, as the government historically did a pretty poor job of competing with commercial corporations (in terms of compensation and work culture), and many agencies may lack the hiring rigor and expertise to make the right calls. Given the size of the networked infrastructure in the US, this number is high, but does not sound outlandish by itself, though (many large corporations have 20-100 security people on their payroll).
What is a security expert? Is it people who believe that they are experts in one single area, and that area is called security?
I work with IT security for a living, and there are many areas within that field. We have people who are good at network and data analysis, some who can reverse engineer malware, others who do a good forensics job, one group focuses on incident response and others works with standards and procedures. And this is just a few areas. Encryption is a part of this. Tempest too.
So again, what is a security expert? One who is an expert in one or all of this areas? What is DHS looking for?
being paid big bucks
Government paychecks are capped at a maximum that is significantly less than commercial starting pay for cyber-security experts...
Now we can get all those BA's and MBAs with a single computer course on how to use Windows out of the commercial job market and into the government where they belong.
Undetectable Steganography? Yep, there's an app fo
I sure hope that DHS knows exactly what a cybersecurity expert is...
I feel like I have no faith in the Homeland Security Agency's stated mission. Other than securing airports and border checkpoints such that it makes things even more difficult to get in or out of the country than it is going to visit inmates at your local correctional facility, I have no faith in that agency whatsoever. It was created in a knee jerk reaction to a terrible event that was likely orchestrated if not pulled off entirely by our very own government. Nah, I liked it better when we had much less security in this country and we could come and go as we pleased. I don't think body cavity searches are needed just to get on a bus, do you?
Government pay is capped at $149,000. If you know your stuff, you can start at $160k easily in commercial space, or more if you know people. Not to mention commercial benefits typically beat government benefits such as better travel (government travel rates barely get you into a super 8), better Per Diem, the ability to telecommute (you can't telecommute for secure government work), better vacation time (you only start with 2 weeks in government work)... I haven't had less than 4 weeks since I was fresh out of college, better medical, better retirement (matching 401k funds), stock options, better equipment and resources in your work, company parties (the government is very limited on what it can spend on holiday parties/etc)... etc...
The government has always trailed the commercial industry for IT compensation, and in specialist fields like security the government is pathetic.
All you have to do is become friends with this guy.
Apparently, he decides on who gets to be one and determines the global quota of "Cybersecurity Experts".
You may have to hurry though, as he might just decide that 640 "cybersecurity experts" should be enough for everyone.
And he already knows at least six.
Mit der Dummheit kämpfen Götter selbst vergebens
Spammers brings much more harm to the world economy than Afghan tribesmen. Billions of people are working as slaves for free for spammers sorting out and deleting their junk day and night. Billions of hours of working time are being stolen as matter of course.
Maybe the DHS decided at last to tackle this problem? These experts and predators could make the word to sigh with relief. Godspeed!
security expert=security professional
And as everyone knows, professional=employed
So, they are saying that they're going to employ 1000 people with security nametags.
Business as usual, in other words.
This paragraph from the article is probably the most interesting point:
"Another item of great importance is a security clearance to do the work. This is where you will get only one brand of thinking; DoD or DoE clearance. This will prohibit the security "black hat" types from ever being involved in the project without coming from the DoD or Energy."
This will limit the pool of resources to such an extent to make the project worthless.
There ain't too many Gs-15s. In the corporate world, they would be like SVPs. Most of the technical and engineering people are GS-12 to 13 outside of DC, and 13-14 inside DC.
EVERYTHING is better with a cyber- prefix.
Mit der Dummheit kämpfen Götter selbst vergebens
But that doesn't mean they will. And quite frankly, my experience with DHS has been that to make something happen, they hire an incompetent contractor to do the screening and hiring for them which, in turn, hires a the first 1000 people with resumes who have enough of the right keywords matching on their resumes.
I once worked for the TSA and I was astounded by the criteria, or lack thereof, in their hiring practices. One teenager was hired on in a supervisory role simply because he applied for it and was early enough in the list of applicants to have not yet filled out their supervisor staffing. Why was this teenager qualified? He wasn't. We knows this because it was his first job...ever! This kid hadn't even mowed a lawn for pocket change.
The DHS screens at airports but barely anywhere else. The airport screeners are beholden to the air carriers and quite literally have to follow their instructions at times. Meanwhile the border crossings of the U.S. were wide open for years and years before people took any notice.
Putting important organizations like FEMA under the DHS showed the world what a great move that was when the hurricane season came in with great force. The only thing we really got out of that was "FEMA Camps" where the angle of the razor wire seems to be be intended to keep people "in" rather than "out" and has U.S. Army equipment parked on it. (Google "FEMA Camps" for more information on the topic... scary... freakin' scary)
The DHS is the agency under the executive that most represents the words "power grab" and "power consolidation."
Napolitano said she doubts it will be necessary to fill all 1,000 of the authorized positions, but she is focused on making DHS a "world-class cyberorganization.""
Umm I thought the TSA was supposed to secure the American transit systems from terrorist and non terrorist threats alike. How does being a world class cyberorganization help achive that goal? Or more blatantly why does the TSA need to be 'world class' in anything?
I don't mean to rant but come on shouldn't Napolitano be saying that they are hiring these people so they can provide a better service to the American people. It is nice to have world class organizations at our national level but with world class comes world class cost and world class complication. Two things America could do without right now if you know what i mean.
DHS's cyber security operation is headed by Phil Reitinger, who's from Microsoft. So DHS won't be allowed to do anything that would seriously impact Microsoft's business models. Which means nothing significant will happen.
Here's his list of priorities. You'll see the problem.
+1
1. Building Capability: âoeThatâ(TM)s primarily about people. I have some awesome people here at DHS; we have a great team, but we just donâ(TM)t have enough of them yetâ¦â
2. Building Partnerships: âoeWeâ(TM)re defining our partnership models, making sure theyâ(TM)re as efficient as possible, that they let the private sector work effectively with us and as one, and weâ(TM)re starting the process of developing a national cyberincident response processâ¦â
3. Building the âoeEcosystem of the Future:â âoeMaking sure that weâ(TM)re building the Internet and the cyberinfrastructure of the future that will have the foundations of a more secure tomorrowâ¦â
4. Establish Cyber Metrics. âoe[Metrics] enable the people throughout government and industry to make better decisions about cybersecurity, so they donâ(TM)t do this or that based on religion, but based on dataâ¦â
5. Identity Management. âoeIf weâ(TM)re going to allow people to protect themselves, theyâ(TM)re going to need to be able to make effective decisions about, do they want to communicate with this person or not, do they want to open this file, do they want to open this program, do they want to allow a machine to connect to their machineâ¦â
So, that seems to be his single-point agenda. :-)
He starts well by obfuscating the aim itself !!
Seriously. If I'm even close to how fucked up those are, who direct the DHS & co, becoming a mole and after some time publishing all the data anonymously but provable, would be good for nearly everyone on this planet. Except for some fucked up bastards.
Americans, non-Americans, all alike would profit.
Who's in? ^^
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Summary: DHS gets to look more important.
If that is all that they do then be thankful. Be fearful that they start to push pointless rules on everyone.
That's bullshit, you're going to have to cite that. The US government does have issues with corruption, but it's not any worse that most places. And definitely not "EXTREMELY" corrupt. If you want to know what extreme corruption looks like take a looksy at all those African nations that have ultra riches in minerals but mysteriously can't find the money to pay for food for their own people and somehow manage to do worse than nations without any resources to speak of.
In this case I'd say it's about damn time, that's probably a good starting point considering that so much of the military network is so completely hopeless right now, depending upon who their looking for it would take a goodly number of entry level employees just to get the simple stuff done. Let alone the more complex tasks.
Those who want corruption make sure that government departments have corrupt leaders.
No, they aren't. The Information Assurance and other Information Technology positions in the Federal Government are usually grade GS-13. A GS-13 Step 1 in the Metro DC Area makes $70,615, Step 10 makes $91,801. This is competitive with most commercial salaries. Factor in the generous benefits (retirement, commute cost compensation, flextime, etc.) and the Civil Service positions are lucrative.
In the land of the blind, the one-eyed man is usually crucified.
Russia called, they want their corruption back.
Ezekiel 23:20
This brings back bad memories of the Scholarship for Service program I applied for nearly a decade ago now. Was supposed to get a job with the DoD when I graduated. In practice--it was impossible to get a clearance.
I stayed in a hotel and went to conference with nearly 2000 other students. With the exception of the ones from the NPS in Monterey, a few from CMU, and the some other rare individuals--most of them didn't know their ass from a hole in the wall. Three students from my university who knew way less than me did get into it (Really--two of them couldn't differentiate between a port scanner and a rootkit on their exams, and none of them were familiar with sanitizing input or fuzzing)
I didn't make it--and was specifically criticized multiple times in the application process for independent learning. Wrote a virus myself to see if I could. Used to run warez nearly 15 years ago, and after that got into system cracking. Yes, I said cracking...not hacking. But unlike most of the applicants I understood the tools that were out there, and had developed skills to a point where I could write them myself. After that I kept developing tools, but ran them on my own system--period. It didn't matter to most of the interviewers--one equated it to building bombs in my dorm room.
They'd rather have incompetent people with a scotchguard background, who don't know the difference between TCP and UDP after four years of school, than somebody with independent learning that willingly left the blackhat culture.
If things haven't changed--and I've heard no reason to think they have--this program will be a disastrous waste of money.
The Department of Homeland Stupidity.
and just another bureaucratic fail belonging to the 16 plus security agencies of the u.s. known as the alphabet soup gang.
You left off locality pay... a GS 13-1 in Metro DC makes $87K, step 10 makes $113K. So, even better!
http://www.fedjobs.com/pay/washington.html
The key point here is that in order to be hired as a cyber-security expert in the private sector, you probably need to be an actual cyber-security expert. In order to be hired as a cyber-security expert by DHS, along with 999 other "experts" all being sought within the same timeframe, you probably just need to study up on your buzzwords and you're good to go.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
... but there are surely tens of thousands of people that currently have, or can get, cyber security certification. This is good enough for government work.
now we need to go OSS in diesel cars
From the referenced link on list of priorities:
Building Partnerships: "We're defining our partnership models, making sure they're as efficient as possible, that they let the private sector work effectively with us and as one, and we're starting the process of developing a national cyberincident response process..."
Translation: If it's a problem with a security exposure in Microsoft Windows, hand it over to Microsoft to deal with. Let them do the coverup.
now we need to go OSS in diesel cars
Could you translate that for us nonamerican types ? What would the numbers for those various GS classes add up to ?
What a depressingly stupid machine.
"Secretary Napolitano says she might not need all 1,000, which to me says she is really looking for 3-5 people. And frankly that ought to be enough if they are truly experts and are both properly led and supported" Cringely is insane (or very misinformed) if he thinks that 5 really good people will be able to make a dent in the role that will be required of DHS as they attempt to secure there own network. When the DHS takes on the task of guarding all government networks.
And yes there are over 1000 experts. I know 5 myself, plus another 100+ who make there living doing InfoSec work. This is not to say that the DHS will have an easy time finding real experts that are willing to work in the environment that DHS will provide for the wages that they will be able to offer.
I think you can lay the blame at Chicago's loss of the Olympics squarely at the feet of DHS and Customs enforcement. The USA is NOT a friendly place to visit. I wish President Obama would have put an end to this Bush era foolishness, but it seems he wanted to cuddle up with the right wing Republicans instead. Strike, one. Strike, two.
* Carthago Delenda Est *
No, he's not. What is it with people on the internet thinking that others have to sit and research topics for them? If you're that interested, go prove it right/wrong yourself. Some people are just having a conversation, and *gasp* aren't actually paid to provide your education.
Because if you don't have a citation to back up your assertion, especially one as ridiculous as yours, you look like a fucking clown.
Research != evidence, you red-nosed cunt.
For any specific topic, there is exactly 1 (one) expert. All the rest are just people with less expertise proclaiming themselves to be experts, yet denying people with less expertise than that the same title. So who decides where to draw the line of what we call an "expert"? In the end it's always a subjective title.
If you define "expert" as "the 999 best", then indeed there are not 1,000 experts in the world.
If you define "expert" in this context as somebody who can take a random website or system and independantly find new security holes in it, there are WAY more than 1,000 experts in the world.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
The first thing I think about when I hear cyber is a verb. As in 'Want to cyber?'
It makes all these cyberorganizations sound interesting.
"The US government does have issues with corruption, but it's not any worse that most places."
I guess that you are not someone who reads books. I suggest that anyone who loves the U.S. do some serious research.
The U.S. has more people in prison than farmers. The U.S. has 6 times the percentage of its citizens in prison as European countries.
In the U.S., prisons are a big business.
Those who are not willing to do research cannot say they love the United States. Can you say you love a woman if you aren't interested in anything about her? Can you say you love a woman if you don't want to know anything about her that you don't like? Can you say you love a woman if you live in a fantasy world about who she really is?
Agreed. We've had a national security state since the 1950's -- since the nineteen-teens, if you want to count Federal raids during the Palmer Red Scare -- and yet we're told we need more and newer agencies. The FBI and the CIA won't do. Defense Intelligence Agency, National Security Council, not good enough. Tobacco and Firearms ... Christ, how did those two get lumped together? And the list goes on and on, endless heads of the security hydra. And yet, and yet ...
And yet we need more agencies. New agencies. Why?
Not because the current agencies are broken and unfixable (though it may be true).
More and new agencies represent the emergence of new players -- new stakeholders in the security game -- men who represent new wealth and new factions, outsiders who want into the game -- startups in competition with the existing agencies.
-kgj
"Recent evidence suggests not only has Wall Street survived, but it is essentially unchanged."
Yes, he is. The burden of proof is on the accuser.
In the land of the blind, the one-eyed man is usually crucified.
Read the book, Fast Food Nation The U.S. government allows abuses that are far, far worse and more extensive than mentioned in this New York Times article: E. Coli Path Shows Flaws in Ground Beef Inspection.
You're way off base. IA and IT positions with the government usually start at GS 5 or 7. Most reach full grade at 12. Getting to a 13 generally requires going into management. Of course, all this assumes you're somewhere other than DC. In DC, nearly every job is inflated by one or two grades.
In the rest of the country, an IT tech or entry-level security wonk will be a 7, making a touch over $33K to start. Support techs are dual-tracked in many agencies with most topping out at GS 9.
And the days of good retirement are long past. It's been 25 years since new employees were placed under the Civil Service Retirement System, the high-quality retirement scheme for long-term employees that most people think of when they think of federal retirement. The new Federal Employees Retirement System is significantly more chancy and requires the employee to pay lots more attention to their investments over the years. It's no longer a case of "put in your time, get your dime."
Retirement from federal service is better than most places in some ways and worse in others. A career fed is likely to retire with better life and health insurance than most folks and no danger that it'll be taken away when the company goes belly up. But a career fed is also likely to retire with a much smaller pension and lower net worth than his private industry counterparts.
I like those tradeoffs and have stayed with federal service even though I routinely (that is, at least once a quarter) turned down job offers during the dotcom boom that would have quadrupled my salary. I valued the good work rules and long term stability of my employer. Others place very little value on stability. For those folks, government service is definitely not the way to go.
Yes, he is. The burden of proof is on the accuser.
Does an assertion require supporting evidence? In a formal debate, yes.
On /.? If having logically supportable arguments were a requirement to post on /. even your post would fail to make the grade.
Why? You failed to post evidence from a recognized authority on debating to support your position....
"while democracy seeks equality in liberty, socialism seeks equality in restraint and servitude." de Tocqueville
is who are these "security experts" going to be "defending" against? The way our government is going they are going to be working on removing the privacy of our own citizens, not defending against the threats out there in the big bad world-at-large.
"while democracy seeks equality in liberty, socialism seeks equality in restraint and servitude." de Tocqueville
I knew I should have actually tried it before putting my ambulatory organs so close to my food intake port.
Can you be Even More Awesome?!
i put on my robe and wizard hat...
Not always... I'm a InfoSec ITS in DHS and am a GS 15. I could make better money in the private sector, but $140k isn't terrible in DC. If you're good, they'll do what they need to get you. But as always, YMMV.
GS-14 in DC pays 6 figures as well, and I believe GS-13 does as well once you pass a certain step.
And the number of GS-15s in the organization varies widely by the organization. FBI has an huge number of them, DNI has a ton as well. But you're right, they're a good deal more rare in DHS.
Naaahhh....they'll be offshoring those jobs to Communist China and Communist Vietnam in no time anyway. After all, Corporate America can't compete unless they do on the backs of the Commies....what's this about capitalism? I missed something?????
I think Cringley is defining "security expert" as someone who is in the process of completing or has completed a doctorate in computer science and done significant peer reviewed research in the area of network security, while the government is seeing a "security expert" as someone with a CS background and some coursework in security or someone with advanced security certs (Eg: CISSP)
The term "expert" has a very different meanings in acadmenia than in industry/government.
The key point here is that in order to be hired as a cyber-security expert in the private sector, you probably need to be an actual cyber-security expert.
BWAHAHAHAHA!
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Napolitano said she doubts it will be necessary to fill all 1,000 of the authorized positions, but she is focused on making DHS a "world-class cyberorganization."
Nice to know that we're hiring a bunch of random people for spits and giggles. Wasn't there some sort of economic crisis, or did that fix itself up already?
-- I prefer the term "karma escort."
No, a contractor is who the Government hires because Congress want's to funnel more money to businesses (optimally in their districts.) This is usually backed up with bogus statistics and other Damned Lies that portend to show that it's actually cheaper.
Of course without good oversight the contractor becomes the only one capable of the job, knows they have the government by the short-and-curlys, and can way overbid the next time since the spin-up/learning-curve costs of replacing them is too painful.
Oh, and if its time-and-materials, they get paid to f*** things up, and paid again to fix them.
"You saved 1968." - Ms. Valerie Pringle to the crew of Apollo 8
1. 800 of them will have degrees from online schools
2. 500 of them will have been enlisted in the military at some point in their lives
3. 950 of them will have no interest in computers other than making money
4. 400 of them will drive motorcycles
5. 200 of the youngest will live in trendy neighborhoods in Arlington Virginia
6. 800 of them will live in McMansions, mostly in Northern Virginia
7. 700 of them will drive either a Mercedes or a BMW
8. 1,000 of them will take multiple long vacations each year (no, not to Defcon and Blackhat)
9. After 10 years on the job only 25 of the 1,000 will be competent to have a real technical conversation with a real security expert without embarrassing themselves and the United States government
No, I'm not off base. I get a weekly e-mail from USA Jobs that lists these positions, and the lowest I've seen is a GS-11.
In the land of the blind, the one-eyed man is usually crucified.
Bullshit. I'm a mediocre hacker turned world-class ethical hacker and I make ~$250K/y. I will pwn anyone you try to fit into a GXX salary. There are at least 1000 hackers in the world better than me, and only 10 of them have to work for the dark side for this plan to SUCK.
Paying a hacker is like giving a wolf meat, and then asking that wolf why he likes to chase.
Cyber god for hire. I can run malwarebytes and av. Meh!
I've read a number of posts and they generally seem sarcastic and pessimistic. For those that seem genuine, I see a willingness to consider this as an opportunity to address security issues. As someone new to blogging, is there a way that this can be viewed as an opportunity to bring your skills to help our country?
http://www.fedjobs.com/pay/pay.html
GS 12 starts at $59383.
GS 14 starts at $83445.
If you were in San Francisco at GS 14, then you'd make $112108 at step 1. A little explanation about the steps and advancement: http://ohcm.gsfc.nasa.gov/pay/gs.htm
Is Janet Napolitano heading in the wrong direction with her proposal?
> Yes, he is. The burden of proof is on the accuser.
;).
[Citation needed]
Hmmm. I work in cybersecurity consulting and nobody I work with (save the secretary) makes under 6-figures. Most are well over $200k. Dunno where you get those numbers.
But, I think our team (a dozen people) are maybe on the "expert" ladder, at least at a middle rung.
Is a catch 'em and hire 'em policy appropriate?
who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
huh! having dealt with a few NHS IT 'experts' most of them started off in the accounts department and then learned how to fill the photocopier. They are a joke!
You mean like the nation of The US of A - which is financing two foreign wars right now, but has food deserts in all its' major cities, where the poorest people cannot buy healthy food and so are left with a diet that makes them obese, ill and sends them to a VERY early grave with a reduced quality of life? It also fails to provide healthcare for these citizens too...
You may not have pictures of bony children with enormous bellies - so the message isn't as "emotionally" strong - but having people obese and dying from their poor diets everyday is almost as bad.
So I can assert that unicorns exist, and then tell you to google for it, and if you don't then it means I'm right?
Don't think so.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
While that is certainly true, its not evidence of political corruption. Its not the politicians that keep those people from having food, its the people who elect the politicians and don't want their tax money paying for expensive but healthy foods.
-The world would be a better place if everyone had a hoverboard
What area of "cybersecurity" do they mean?
Unless they can define their terms, I don't see much point in discussing the issue.
They'll give up and outsource it to a Chinese company...
Rotsa Ruck on that. I was up for a DHS Cybersecurity position, that AFTER I was deemed "acceptable" suddenly plummeted 30+K in salary, because they were talking "Engineer" pay and suddenly only had "Analyst" slots available. . .
Wouldn't it be more accurate for DHS to refer to themselves as the Schutzstaffel. We have way too many spying organizations in this country as it is. I wonder who else feels this way?
Not sure what you think is "common" but an experienced "cyber security EXPERT" makes a whole lot more than $100K in all of the large enterprises Ive worked with. More like $200K.
Ahhh yes, the ones that suggest that I (a recent college grad) should apply for DEPARTMENT HEAD OF IT PROJECTS or something asking me for 5 years project management experence over a mid sized team and a protfolio of completed large scale projects.
Well I've done some neat little projects, but I don't think leading a team in a math modeling comp counts and somehow, I think my supermod position on a yaoi slash site doesn't cut the bill for management experience. But after the damn near hundredth message, one actually sent to me by the dept. through monster, I actually put those things in a cover letter and sent it to them. I even called them and got the manager who actually apologized for sending me the requests through monster.
However being asked "What is yaoi slash?" by an HR person is what really made my day
Government pay is capped at $149,000. If you consider this to be good pay for a cyber security "expert", then you are not a cyber security expert. The experts in the field command significantly more than this. $100k is entry level for "security". Experts make $250k+.
4 Score and about 30 years ago, our wretched national fathers dreampt up a new nation, vivid with color and nocturnal. The primordial soup of the internet and now because it has become so intrenched in society that it needs further extrusion of the excrament created in cyberspace by having cyber-thugs doing the cleaning with clear cut violations of the 4th Amendment (at least as far as the UsA is concerned). I for one do not agree that the DHS needs to hire 1000 new people for IT related work. Actually, the USAF is doing a very fine job with the assistance of Lockheed-Martin in cyber-defense. Why not utilize them and create more positions in the military to fill this void that DHS claims to have and need?
The recent years under the Republican's "starve the (evil corrupt) beast" philosophy was demoralizing to the bureaucracy to say the least. No matter who you are, it always sucks to be working for people who don't know anything, don't care or want to know anything, but who are chronically suspicious of your competence and work ethic.
Homeland Security has been a mess ever since it was "organized". Security is too broad a term and area even for a massively overreaching organization like DHS. They focused on security against terrorism, and neglected security against hurricanes. They've been distracted by fake security needs such as the security of drug company profits against their own citizens trying to bring back drugs from Canada, the use of and defense of telecoms' warrantless wiretapping of domestic phone calls on their behalf, the rampant security theater, and more.
Now this push to hire 1000 security experts. Sounds like more theater.
One area some have pushed hard is formal verification, but they keep screwing that up. They're too focused on security, and they keep overlooking that bug free is a long way to security. Formally verify that the software is bug free, institute programming methods (mostly, KISS) to ensure that new software can be formally verified, and set up so that any such new software can be formally verified quickly. Currently, if it can be done at all, it can take years to prove the correctness of a program. Part of the process is altering the programs to make them easier to prove (when not fixing actual bugs), while trying to keep any changes to the functionality trivial. A primary consideration in recent language design has been the avoidance of constructs that make compilation overly complex. Designing a language to make proofs easier hasn't been as popular. And forget security considerations. You get a lot closer to a secure system by focusing on correct operation than by verifying some simplistic security model and having to add the proviso that the proof of the security assumes that the underlying software works correctly. Good security on a buggy platform is like a nice house with a bad foundation. SELinux potentially can be pwned every time by the next kernel exploit.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
Man, you critics of the Department of Vaterland/Homeland Security have got to get your priorities straight! This is serious! From TFA:
The FBI said fraudsters continue to hijack accounts on social networking sites and spread malicious software using various techniques.
Now do you see just how urgent this is? The government must act at once and with the uttermost severity to eliminate this grave threat to our freedoms and security! If our MyFace pages are under threat, then we must back our government to the hilt; no sacrifice is too great. In fact, I think everyone who reads /. should immediately volunteer to become a Cyber Enforcement Agent with the DV/HS, and work without pay until the threat has passed.
Alas, due to certain political affiliations and mishaps dating back to Berkeley in the 60s, I don't qualify for any kind of government clearance, so I will have to remain in my boring job while a younger generation marches forth to smash the threat. But I cheer you on!
Great men are almost always bad men--Lord Acton's Corollary
The area of saving social networking sites of course! RTFA!
Great men are almost always bad men--Lord Acton's Corollary
Of course, everyone wait until they can't find 'qualified' positions for civil service and end up contracting outside to the local beltway bandits (SAIC, BAE, MITRE, The Universities, BAH, LM, NG, Boeing, GE, etc...), then you can add an additional 15% to that salary, which makes one's salary greater than a commercial position and you still get competitive benefits (sans retirement) and a secure job (hey! you're in the gov't industrial complex).
DC contractors are fleecing the taxpayer as I speak. Instead of having cool workspaces, inefficient spending of cash for parties and perks, they just pocket the dough. Sure wish I was back there for the recent boom.
One of the reasons I refer to the agency at which I work as a "family business" is that there are so many multi-generation family members and spouses in the place. Why is that? Because it takes an act of unselfish love to guide someone through the horrific maze of federal hiring. When you look at your emails from USAJobs, you may think you're seeing entry-level positions. You're not.
(By "entry-level" I mean "enter into your first job with the federal government" not "suitable only for beginners." Keep that in mind.)
Go to USAJOBS right now and search for 2210 series jobs with "security" somewhere in the title. You'll find 67 current openings. Arrange them in salary order (I don't see an easy way to export them to a spreadsheet, which would make this a lot easier) and scan down the list. The first ones you'll see are Territory Managers, project managers, senior technical leads and the like. Salaries can start as high as $120K and some are actually considered "executive" positions, a designation that has a real definition with the federal government. Mostly it means you get to drag an entourage around with you.
Those decidedly non-entry-level positions take up the first 25 positions.
The next 25 positions are (approximately) GS 11 techs of various sorts. If you actually click through to the Qualifications tab and then click through to the agency qualifications documents, you find that GS 11 positions typically can be entry level positions if you have a PhD. If you don't have a PhD, you have to have had a year of experience as a GS 9. To get that job, you need a year as a GS 7. To get that job, you need a year as a GS 5. That's the typical upgrade path. If you have a masters, you can insert yourself into the career path at the GS 9 level ... (wait for it...) ... if you also have a year as a GS 7.
Counting down the list, we come to the lowest level. The last group of real, entry level jobs can be gotten if you have a bachelor's degree with superior academic achievement (GPA 3.0, which doesn't sound all that superior to me, but whatever) and a year of qualifying experience. No one has a year of qualifying experience right out of college. Ranking panels take great pride in thinking that their positions are somehow special and no matter what you did on the outside, it doesn't qualify for this particular job. These positions are GS 7 and the only for-sure qualifying experience is a year at GS 5. Still, if you have a bachelors, some graduate-level time in a related field, and a year or two of related experience, you can probably score a GS 7 job. That's the last 8 positions on the list. The best pay of any of them is just over $44K a year.
(The numbers don't add up to 67 because there are too many errors on the list for it to add up properly. My search for "2210 security" managed to snag 5 pharmacists, 2 amendment documents making corrections to previous announcements, 1 military test plans analyst, and 1 HR analyst.)
All of this isn't to imply that there aren't some fun jobs out there. The Army is hiring interdisciplinary IT and Intelligence specialists. Starting pay is only $33K a year but you could get up to over $90K...eventually. In the meantime, you must speak a foreign language, put up with military culture, sign a mobility agreement (meaning you have no idea where in the world you'll work until they tell you to go, which they can do at any time with a week's notice) and you are (lemme quote this one, cuz I just love it) "...subject to extended ... worldwide deployments during crisis situations ... as determined by management." Nice deal for $33K a year, huh?
So - I stand by my previous statement. You're off base. Your email from USAJobs may have been originally spec'd by you to a minimum salary level, in which case you wouldn't see the entry level jobs, just the "fake" entry levels that require a PhD; or you limited yourself to Washington DC, where all jo
There are such experts out there but not necessarily US citizens. Given the shortage, will the administration consider the opportunity of bringing in "aliens" as outweighing the understandable concern for such sensitive posts?
Maybe it's more of a hire'em to catch'em policy. Like, "give 'em enough rope...".
I work in a DOI/MMS building as a contracted software dev. There's 500+ federal employees here.
Wanna know how many GS-15s are in the building? Two. And one is the regional director.
Most federal government sciency jobs here start at GS-9 (B.S. degree usually), and an experienced person will usually start at GS-12 and get yearly 'step' improvements in pay. Moving to GS-13 usually requires management responsibilities (team leads, subject matter experts, etc), and there just aren't enough of those jobs to move everyone up a grade. GS-14 are usually section chiefs or department heads, etc, where they sit through meetings all day.
As a programmer, or security expert, or basically anything that's not upper-management, you have a zero percent chance of being a GS-15.
The entry-level scientists here start at $36k, roughly 40% of industry pay for most of their fields. IT fairs a little better, but there's a similar gap. The government cannot pay for *real* experts to be on federal staff. Outside of the military, budgets simply don't allow for it.
Your post is very well documented and has very good supporting arguments, so I'm reconsidering my original statements. I ran the search and your results are consistent with mine.
There's one important thing to be considered though, and that is the total number of hours worked per week. It is rare that a GS would work more than the standard 40 hour work week while the private sector employee usually works in excess of 50 hours normally and work weeks of 60 or more hours probably is not uncommon.
As for the "worldwide deployments", I spent a year in Iraq and saw hundreds of military personnel, hundreds of contractors, and maybe a handful of DoD Civilians.
Your post is well thought out and researched, so you're probably closer to the truth than I am.
In the land of the blind, the one-eyed man is usually crucified.