Slashdot Mirror
DHS Wants To Hire 1,000 Cybersecurity Experts
Cyrus writes "DHS Secretary Janet Napolitano plans to hire 1,000 security experts over the next three years. 'Department officials could not say precisely how many cyberexperts now work at DHS and its various component agencies such as the Secret Service and Immigration and Customs Enforcement. Napolitano said she doubts it will be necessary to fill all 1,000 of the authorized positions, but she is focused on making DHS a "world-class cyberorganization."'" Cringely points out, "There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!," except he uses all caps and bold.
...may as well throw my hat in the ring.
The CB App. What's your 20?
Cringely points out, "There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!,"
No matter. These guys will be the "cybersecurity" equivalent of the TSA goons at the airport, probably with a management culture even worse than those poor slobs have to live with.
When information is power, privacy is freedom.
When they can make over 6 figures easily, with private company perks and bonuses working outside the government.
If the DHS wants qualified people, they need to pay a competitive salary. Of course, u
The price is always right if someone else is paying.
Is there a major I can take in college?
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
If you have a good shot at faking your way through being a cybersecurity "expert", seems to me this would be a pretty sweet gig. Few things are more entertaining than being paid big bucks to be part of a giant clusterfuck as it unfolds.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
...as long as they can't hire Bruce.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
..."There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!,"
And he would certainly know, wouldn't he? World-reknowned expert that he is. On everything.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
GS-15 pays 6 figures. combined with federal Job For Live(TM) job security, retirement perks that will allow you to continue as a "consultant" making the same salary for 20 more years, and virtually unlimited teleworking... i think that is pretty good deal. I'll sign up
aEN
Will you idiots please stop prefixing stuff with "cyber"? I know you're trying to make yourselves sound all cool and tech-savvy, but all you're really doing is sounding like someone from a bad 80s sci-fi movie.
"Cyberorganization"? What the hell does that even mean? You use computers and computer networks? Computers and computer networks are your primary focus? Big goddamn deal! You don't see Microsoft or IBM or Cisco calling themselves "cybercorporations", do you?
Look at me, I spend a lot of my time on the Internet! I'm a cyberperson!
DHS's cyber security operation is headed by Phil Reitinger, who's from Microsoft. So DHS won't be allowed to do anything that would seriously impact Microsoft's business models. Which means nothing significant will happen. Here's his list of priorities. You'll see the problem.
The first guy in that job, Amit Yoran, came out and said the big problem was weak security in Microsoft operating systems. He was ignored, then quit in disgust. The next guy was Cisco's lobbyist, who was not only useless, the job was downgraded during his tenure.
I'm not expecting much from that crowd.
and here's a good first choice: pick a more secure operating system for their servers and workstations. Last I heard, Microsoft had a fat contract to supply Windows to DHS. If they really want to make themselves look good (from a security perspective) dropping Microsoft would be a good first step.
The higher the technology, the sharper that two-edged sword.
I have a fairly long track record in the security industry, and I'm really puzzled by Cringely's assertion. It's hard to tell if he is trying to make a point out of a semantic squabble, or if he genuinely believes that the information security community has fewer than 1,000 competent experts.
If the former, yeah, the term "cybersecurity expert" is unfortunate - but it's clear it's just PR speak for "information security professional". Cringely then attempts to define that first, largely meaningless term, and then polls his anonymous friends (who themselves probably do not fall within that definition) to come up with wild guessess.
If the latter, yes, we definitely have more than 1,000 security experts. There is something around 500 emitent, internationally recognized folks publishing books, research, and otherwise contributing to the "cutting edge" of the industry. Then there's another 500-1,000 top-tier, notable security VPs, CEOs, etc, working for Fortune 500 companies (they may not all be technically savvy, but they *are* the industry). Then, there is probably something close to 200,000 security professionals working for companies around the world - we have something like 50,000 registered CISSPs alone (which is a certification largely inaccessible to hobbyists, and pursued by a minority of infosec workers), something around 50,000 subscribers to BUGTRAQ and other security mailing lists, etc.
Does this mean that DHS would be able to hire 1,000 competent experts? Unlikely, as the government historically did a pretty poor job of competing with commercial corporations (in terms of compensation and work culture), and many agencies may lack the hiring rigor and expertise to make the right calls. Given the size of the networked infrastructure in the US, this number is high, but does not sound outlandish by itself, though (many large corporations have 20-100 security people on their payroll).
What is a security expert? Is it people who believe that they are experts in one single area, and that area is called security?
I work with IT security for a living, and there are many areas within that field. We have people who are good at network and data analysis, some who can reverse engineer malware, others who do a good forensics job, one group focuses on incident response and others works with standards and procedures. And this is just a few areas. Encryption is a part of this. Tempest too.
So again, what is a security expert? One who is an expert in one or all of this areas? What is DHS looking for?
Now we can get all those BA's and MBAs with a single computer course on how to use Windows out of the commercial job market and into the government where they belong.
Undetectable Steganography? Yep, there's an app fo
Spammers brings much more harm to the world economy than Afghan tribesmen. Billions of people are working as slaves for free for spammers sorting out and deleting their junk day and night. Billions of hours of working time are being stolen as matter of course.
Maybe the DHS decided at last to tackle this problem? These experts and predators could make the word to sigh with relief. Godspeed!
security expert=security professional
And as everyone knows, professional=employed
So, they are saying that they're going to employ 1000 people with security nametags.
Business as usual, in other words.
This paragraph from the article is probably the most interesting point:
"Another item of great importance is a security clearance to do the work. This is where you will get only one brand of thinking; DoD or DoE clearance. This will prohibit the security "black hat" types from ever being involved in the project without coming from the DoD or Energy."
This will limit the pool of resources to such an extent to make the project worthless.
EVERYTHING is better with a cyber- prefix.
Mit der Dummheit kämpfen Götter selbst vergebens
But that doesn't mean they will. And quite frankly, my experience with DHS has been that to make something happen, they hire an incompetent contractor to do the screening and hiring for them which, in turn, hires a the first 1000 people with resumes who have enough of the right keywords matching on their resumes.
I once worked for the TSA and I was astounded by the criteria, or lack thereof, in their hiring practices. One teenager was hired on in a supervisory role simply because he applied for it and was early enough in the list of applicants to have not yet filled out their supervisor staffing. Why was this teenager qualified? He wasn't. We knows this because it was his first job...ever! This kid hadn't even mowed a lawn for pocket change.
The DHS screens at airports but barely anywhere else. The airport screeners are beholden to the air carriers and quite literally have to follow their instructions at times. Meanwhile the border crossings of the U.S. were wide open for years and years before people took any notice.
Putting important organizations like FEMA under the DHS showed the world what a great move that was when the hurricane season came in with great force. The only thing we really got out of that was "FEMA Camps" where the angle of the razor wire seems to be be intended to keep people "in" rather than "out" and has U.S. Army equipment parked on it. (Google "FEMA Camps" for more information on the topic... scary... freakin' scary)
The DHS is the agency under the executive that most represents the words "power grab" and "power consolidation."
Summary: DHS gets to look more important.
If that is all that they do then be thankful. Be fearful that they start to push pointless rules on everyone.
That's bullshit, you're going to have to cite that. The US government does have issues with corruption, but it's not any worse that most places. And definitely not "EXTREMELY" corrupt. If you want to know what extreme corruption looks like take a looksy at all those African nations that have ultra riches in minerals but mysteriously can't find the money to pay for food for their own people and somehow manage to do worse than nations without any resources to speak of.
In this case I'd say it's about damn time, that's probably a good starting point considering that so much of the military network is so completely hopeless right now, depending upon who their looking for it would take a goodly number of entry level employees just to get the simple stuff done. Let alone the more complex tasks.
No, they aren't. The Information Assurance and other Information Technology positions in the Federal Government are usually grade GS-13. A GS-13 Step 1 in the Metro DC Area makes $70,615, Step 10 makes $91,801. This is competitive with most commercial salaries. Factor in the generous benefits (retirement, commute cost compensation, flextime, etc.) and the Civil Service positions are lucrative.
In the land of the blind, the one-eyed man is usually crucified.
That's kind of a bogus observation. If you aren't world-class, then you are at the mercy of those who are. "World-class" doesn't mean "better than anyone else in the world." It just means "good enough to hold your own with the best in the world." Really, everybody needs world-class people. The pity is that not everyone can afford them.
You left off locality pay... a GS 13-1 in Metro DC makes $87K, step 10 makes $113K. So, even better!
http://www.fedjobs.com/pay/washington.html
Would knowing that there aren't a thousand experts out there make me an expert?
In my expert opinion, no.
War as we knew it was obsolete
Nothing could beat complete denial
- Emily Haines
The key point here is that in order to be hired as a cyber-security expert in the private sector, you probably need to be an actual cyber-security expert. In order to be hired as a cyber-security expert by DHS, along with 999 other "experts" all being sought within the same timeframe, you probably just need to study up on your buzzwords and you're good to go.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
... but there are surely tens of thousands of people that currently have, or can get, cyber security certification. This is good enough for government work.
now we need to go OSS in diesel cars
From the referenced link on list of priorities:
Building Partnerships: "We're defining our partnership models, making sure they're as efficient as possible, that they let the private sector work effectively with us and as one, and we're starting the process of developing a national cyberincident response process..."
Translation: If it's a problem with a security exposure in Microsoft Windows, hand it over to Microsoft to deal with. Let them do the coverup.
now we need to go OSS in diesel cars
Because *obviously* Al-Qaeda is on the verge of launching an all-out cyberattack on the US, from the crank-driven laptop they have in their cave. Why, the CIA confirmed only yesterday that they forked out on an amazing full megabit of sattelite bandwidth for exactly that purpose. That's 1.000.000 bits per second !
What a depressingly stupid machine.
I think you can lay the blame at Chicago's loss of the Olympics squarely at the feet of DHS and Customs enforcement. The USA is NOT a friendly place to visit. I wish President Obama would have put an end to this Bush era foolishness, but it seems he wanted to cuddle up with the right wing Republicans instead. Strike, one. Strike, two.
* Carthago Delenda Est *
1000 people who think they are security experts would do far more harm than 5 people who actually are.
now we need to go OSS in diesel cars
"Recent evidence suggests not only has Wall Street survived, but it is essentially unchanged."
Yes, he is. The burden of proof is on the accuser.
In the land of the blind, the one-eyed man is usually crucified.
Read the book, Fast Food Nation The U.S. government allows abuses that are far, far worse and more extensive than mentioned in this New York Times article: E. Coli Path Shows Flaws in Ground Beef Inspection.
You're way off base. IA and IT positions with the government usually start at GS 5 or 7. Most reach full grade at 12. Getting to a 13 generally requires going into management. Of course, all this assumes you're somewhere other than DC. In DC, nearly every job is inflated by one or two grades.
In the rest of the country, an IT tech or entry-level security wonk will be a 7, making a touch over $33K to start. Support techs are dual-tracked in many agencies with most topping out at GS 9.
And the days of good retirement are long past. It's been 25 years since new employees were placed under the Civil Service Retirement System, the high-quality retirement scheme for long-term employees that most people think of when they think of federal retirement. The new Federal Employees Retirement System is significantly more chancy and requires the employee to pay lots more attention to their investments over the years. It's no longer a case of "put in your time, get your dime."
Retirement from federal service is better than most places in some ways and worse in others. A career fed is likely to retire with better life and health insurance than most folks and no danger that it'll be taken away when the company goes belly up. But a career fed is also likely to retire with a much smaller pension and lower net worth than his private industry counterparts.
I like those tradeoffs and have stayed with federal service even though I routinely (that is, at least once a quarter) turned down job offers during the dotcom boom that would have quadrupled my salary. I valued the good work rules and long term stability of my employer. Others place very little value on stability. For those folks, government service is definitely not the way to go.
Someone that responds to the ad.
Modding me -1 troll doesn't make me wrong.
I would say Japan has higher levels of corruption than the US. It is far more endemic and accepted than in the US, to the point that it's just the way people do business here.
Japan's public construction budget is larger than the US defense budget, and most of that is just absolute corruption. Americans complain about bridges to nowhere, but Japan takes it to an even further extreme. And all so that construction companies can get money, then make jobs in the countryside, so that politicians can get votes.
And don't get me started on "amakudari", the semi-official system of corruption where retired civil servants get jobs at the companies they gave contracts to.
No, I'm not off base. I get a weekly e-mail from USA Jobs that lists these positions, and the lowest I've seen is a GS-11.
In the land of the blind, the one-eyed man is usually crucified.
http://www.fedjobs.com/pay/pay.html
GS 12 starts at $59383.
GS 14 starts at $83445.
If you were in San Francisco at GS 14, then you'd make $112108 at step 1. A little explanation about the steps and advancement: http://ohcm.gsfc.nasa.gov/pay/gs.htm
Al Qaeda?
They're nothing on this stage.
Look to your trading partners for the real threat.