Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybersecurity Czar Job Is Useless, Says Spafford

Posted by Soulskill on from the federal-whipping-czar dept.

Trailrunner7 writes "It's been about seven months since Obama announced his plan to hire a cybersecurity coordinator, and the job is still vacant. Several prominent security experts have turned the position down, and in an interview on Threatpost, Purdue professor Gene Spafford says that the position is pointless. 'It won't have any statutory authority. It won't have any budgetary authority. That does not give it much authority of any kind. So when I hear that there are supposedly people who have been interviewed for this cyber coordinator job and didn't take it, I'm not surprised. It's not a winning position. I'm not at all surprised by the fact that it's empty. That position is a blame-taking position,' Spafford said."

35 of 104 comments (clear)

  1. I vote by nametaken · · Score: 4, Funny

    ...for me? It has Czar in the title, it has to pay more than what I make.

    1. Re:I vote by Shakrai · · Score: 4, Interesting

      I wonder if the draconian disclosure requirements imposed on people seeking to work for the administration have contributed to the difficulty in filling it? I looked at some of what they wanted to know on their job application during the transition. Among other things they want to know every single handle that you've ever used online, every single website that you've posted on, whether or not you own firearms, whether or not you've ever been involved in an automobile accident, what political advocacy organizations you belong to, etc, etc, etc.

      Now I understand the desire to protect the President from embarrassment (wouldn't want to wind up with a treasury secretary that can't properly compute his own taxes....) but it seems to me that they've gone a bit overboard. I would never apply for a job that wanted to know that much about me. It's simply none of their business. I'm sure many others feel the same way. Why put up with that bullshit, particularly when you can make more money in the private sector and not have to worry (as much) about politics or being someone's scapegoat?

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:I vote by nametaken · · Score: 3, Funny

      I find this compensation acceptable, particularly since I'm already in a near-volunteer position that only exists to place blame.

    3. Re:I vote by elronxenu · · Score: 2, Insightful

      When you have a high profile job in the public sector, you can expect that people are going to find out a lot about you. The media will want to know, and if you have any skeletons in your closet, they could well be revealed, one day.

      Bravo on you for wanting to keep your personal details private, but don't seek out any high profile positions as a result.

    4. Re:I vote by Shakrai · · Score: 4, Interesting

      Yes, the media is just dying to know about the Slashdot posting history of the future Cybersecurity Czar. That also doesn't explain some of the other questions they ask -- like the gun ownership one.

      Anyway, you missed my point, which was simply that these types of disclosure requirements can't help but have a chilling effect on recruitment. You've already got one strike against you in that you probably can't compete with the private sector in regards to salary. Add another strike for the crazy hours and possibility of having to fall on your sword to protect your political bosses. I'm sure having to tell your potential future employers about your jilted ex-lovers and /. username qualifies as a strike three.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    5. Re:I vote by swb · · Score: 3, Insightful

      And they're also recruiting from the same talent pool as Google, Microsoft, and the Fortune 100.

      Those companies will also sniff around your background, but won't have a hissy fit if you've smoked a joint, own a gun or got a DUI in a rented Escalade with your mistress.

      After reading some of the disclosure materials required for government employment I'm pretty sure I will never even bother applying. Way too intrusive and not telling them exactly what they want is some kind of nasty Federal felony.

    6. Re:I vote by Nefarious+Wheel · · Score: 2, Interesting

      When you have a high profile job in the public sector, you can expect that people are going to find out a lot about you. The media will want to know, and if you have any skeletons in your closet, they could well be revealed, one day.

      However, if you did want that high profile position, holding a very public auction of the (above-mentioned) McAfee 1 Ferrari and donating the proceeds to Kids with Cancer would pretty much guarantee you one. It would be the right thing to do, a nice thing to do, with the added bonus of cementing your image of incorruptability in the public eye. A smokescreen, yes, but one that'll get you high. At least until the McAfee "security enforcers" find you near a dark alley.

      On second thought, it does sound rather risky.

      --
      Do not mock my vision of impractical footwear
    7. Re:I vote by countertrolling · · Score: 2, Insightful

      If you want any authority over me, then damn right it's my business. We have every right to know if you are abiding by the same rules you expect us to. Don't take it personally. I expect all people in a position of authority to give up their private lives, at least to the extent that we have to. Besides, government service is supposed to be exactly that, not a lifetime career position.

      --
      For justice, we must go to Don Corleone
    8. Re:I vote by BobMcD · · Score: 4, Funny

      Among other things they want to know every single handle that you've ever used online, every single website that you've posted on...

      This is what disqualified me when I applied. I told them I sometimes used "Anonymous Coward" on slashdot.org...

    9. Re:I vote by Shakrai · · Score: 2, Interesting

      Re: gun ownership. Most states require that firearms be registered

      No they don't. You must be living in New Jersey or Illinois if you think that's the norm. In the vast majority of this country you can buy a firearm simply by completing the required background check at point of sale. No registration, no permit to own, no classes to attend, no waiting period, nothing. You just buy it and walk out with it.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    10. Re:I vote by definate · · Score: 2, Funny

      You work on a helpdesk?

      --
      This is my footer. There are many like it, but this one is mine.
  2. Recession by istartedi · · Score: 2

    I'll take it. I've even worked in security, although as a programmer not as an executive or highly respected author and lecturer (e.g., Bruce Schneier) which is what I imagine they want and will never get.

    Where do I send my resumé?

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
    1. Re:Recession by dikdik · · Score: 3, Insightful
      The second they use the term "Czar", to describe a person in administrative capacity over a regulatory body, they betray the authoritarian and anti-democratic ideology with which they conspire against representative government and individual rights and liberties.

      Czar is the Slavic rendering of Caesar. Why anybody sees this as an expediency worthy of trade-off for democratic involvement and oversight is a question I leave you, the dear reader to resolve.

    2. Re:Recession by The+Archon+V2.0 · · Score: 3, Funny

      I'll take it. I've even worked in security, although as a programmer not as an executive or highly respected author and lecturer (e.g., Bruce Schneier)

      That's okay. As far as I know, few highly respected authors and lecturers have been asked. And asked or not, several such people have preemptively refused the, er, honor.

      which is what I imagine they want and will never get.

      If they wanted, I imagine they would've asked more people who could do it.

      Where do I send my resumé?

      First print off a copy of everything you've ever said online and send it so they can check it for anything embarrassing. I gather that's what one of their pre-screening requirements was. Which is to say, they want people who have never used the internet for their security czar.

    3. Re:Recession by istartedi · · Score: 4, Insightful

      First print off a copy of everything you've ever said online and send it so they can check it for anything embarrassing. I gather that's what one of their pre-screening requirements was. Which is to say, they want people who have never used the internet for their security czar.

      How much time will pass before everybody is naked, drunk and stoned on their MyBooooook page, so that we can get over all this nonsense about being persecuted for stuff everybody knows happens?

      --
      For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  3. Who watches the Internet by coastwalker · · Score: 2

    I'm not sure a tzar helps. The people on the front line are independant businesses selling cyber security and the military. The two do not meet openly so the position is merely cerimonial.

    --
    Facts are history now plebs have politics for religion on social media.
  4. This position by byrdfl3w · · Score: 4, Funny

    ..won't have any statutory authority. It won't have any budgetary authority. But it WILL have FarmVille.

  5. Bruce Schneier agrees by surmak · · Score: 4, Informative

    See his blog post

  6. Well how about that! by NoYob · · Score: 2, Funny
    That position is a blame-taking position,' Spafford said."

    Someone who's actually paid to be the goat.

    I can do that! Were can I get a job like that.

    --
    It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
  7. Puppet by Rivalz · · Score: 4, Funny

    A real security czar would be the man or woman behind the curtain. With a limp, a raspy voice, and insist that they are always watching us watching them watch other people who watch Ebay watching people selling watches trying to find the best watch to buy. Even when the security czar knows that everyone just uses cell phones now instead of watches. Thats why he must watch the watch watchers.

  8. It's a perfect representation! by recharged95 · · Score: 2, Insightful

    "It won't have any statutory authority. It won't have any budgetary authority. That does not give it much authority of any kind"

    Kinda represents the majority of IT departments in big corporations.

  9. Hey, being a fall guy isn't always so bad by elrous0 · · Score: 2, Interesting

    Tom Ridge was nothing but the designated fall guy at the Dept. of Homeland Security, but he managed to parlay it into a book deal and a ton of great press. Not bad for a guy who had formerly been an almost completely unknown governor of a minor state. You think anyone would have given a rat's ass about his memoirs if he had turned that job down?

    If you can be a fall guy who manages to get out BEFORE the fall, there is real money and fame in it.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:Hey, being a fall guy isn't always so bad by Shakrai · · Score: 5, Funny

      Pennsylvania is a "minor" state? You realize it's the 6th most populous state, with the 6th most populous city and happened to be one of the key birthplaces of the American revolution, right?

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Hey, being a fall guy isn't always so bad by belthize · · Score: 3, Funny

      The last 8 years proved that the set of states in the Union are,
      Not minor: Texas, East Texas, Dallas-FortWorth and California
      Minor: the other states.

    3. Re:Hey, being a fall guy isn't always so bad by Arthur+Grumbine · · Score: 4, Funny

      You realize it's the 6th most populous state, with the 6th most populous city...

      And it happens to be the 6th largest emitter of carbon dioxide. Could Pennsylvania be, hmmm... SATAN!?!

      --
      Now that I think about it, I'm pretty sure everything I just said is completely wrong.
  10. 'blame taking position' -- nailed it by jdogalt · · Score: 4, Interesting

    Anyone else (unemployed and looking like me) feel like a disturbing portion of the job market is constituted of 'blame taking positions'?

    It's probably paranoia, but I feel like the businessworld is composed of corrupt people who will lie and bullshit, and then the poor saps that get stuck with the 'blame taking positions'.

    In my youth, I had naive libertarian beliefs about talented and competent people winning out in the free market against those types. Now that I've witnessed the naked annihilation of even the illusion of capitalism, via the bank bailouts... I just have no real hope that there is any way to make a living without either being one of those bullshitters, or poor blame taking saps. I guess the honorable thing is to just accept a sequence of blame taking jobs, and survive and get fed until we see a better age.

  11. I'll take it by thrillseeker · · Score: 2, Funny

    My coworkers are always volunteering me ... I'm (modestly) that good!

    Here's a photo of me on the job: http://www.frogview.com/uploadimages/45f9f6b1c0ed04.86765571frogview-gallery.jpg

  12. Pick me! Pick me! by aflag · · Score: 2, Funny

    It could be my chance to move out of my mom's basement!

  13. Spoken like a true CEO by synthesizerpatel · · Score: 4, Interesting

    The assertion that this is a 'blame taking' job is unfounded, that it doesn't have statutory or budget authority is peripheral to what the role should be, and frankly somewhat insulting that the umbrage taken with it by 'the experts' is that it's a role that has no teeth.

    It's a job where the President consults you for your opinion and takes action based on your advice. Boo hoo you don't have any authority or a budget. Any consultant that is hired on to a tech firm is in the same boat.

    Also, yeah, I can understand why many security people have turned this job down. Because they're more interested in money than civil service -- how the hell is that a surprise?

    1. Re:Spoken like a true CEO by rudy_wayne · · Score: 4, Informative

      It's a job where the President consults you for your opinion and takes action based on your advice

      Wrong. In 2008 Candidate Obama said he would create a postion reporting directly to him. This year, President Obama created a position of "Cybersecurity Coordinator" which is a low level position reporting to OMB (Office of Management and Budget) and NEC (National Economic Council). In other words, the person in this new position will spend their time writing reports which will then go to the bureaucrats in OMB and NEC who will stamp the reports as "too expensive in these tough economic times".

      Little or no information will ever reach the president. And even if it does, so what. It will be up to congress to allocate resources. Good luck with that.

    2. Re:Spoken like a true CEO by Stradivarius · · Score: 2, Interesting

      It's a job where the President consults you for your opinion and takes action based on your advice.

      I suspect only the first part of that statement is really true, which is why this isn't a good job for those who want to actually solve the problems, not just pontificate on how one could solve the problems. I say this because:

      1. Fundamentally cyber is not a Presidential priority at this time. Jobs, health care, global warming, education - those are the things the President will be judged on, and thus what he is going to prioritize. Your advice will likely be heard, but it is unlikely the power of the presidency will be used to fight for the difficult decisions you will ask for. The political capital is simply needed elsewhere.

      2. Because you don't get massive government bureaucracies to change course easily. You certainly don't get it to happen if you can't control anyone's budget allocations and lack any statutory authority over those involved. If your recommendations are inconvenient (say they involve contested turf between two agencies) the bureaucracies involved can just stall until you're gone. Yet an appropriate response to cyber requires close coordination among those very agencies.

  14. I'm tellin' ya... by Quiet_Desperation · · Score: 2, Interesting

    ...Leo Laporte is *the* man for the job.

  15. Welcome to the government by clesters · · Score: 2, Informative

    You must be new around here... Almost everything we do is worthless.

  16. Czar logic by The+Archon+V2.0 · · Score: 5, Funny
    So, if a drug czar tries to stop drugs, does a cybersecurity czar stop cybersecurity?

    But the drug czars have failed to stop drugs, so therefore a cybersecurity czar would improve cybersecurity!

    I finally understand government logic!

  17. 2+2=5, for moderately large values of "fine" by jeko · · Score: 2, Informative

    OK, now we have more steps:

    1. Invent something great.
    2. Have millions to defend your patent.
    3. Have millions to beat the vulture capitalists away from your baby.
    4. Have a mother on the board of IBM and a father as a partner in one of the nation's most powerful law firms.
    5. Acquire the social connections to market your product.
    6. Profit.

    Bonus reading: The cheerful history of Edison and Tesla, and why virtue does not always win, even when Mickey Rooney plays you in the movie.

    --
    He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."