Slashdot Mirror
Cyberwarrior Shortage Threatens US Security
An anonymous reader writes "US security officials say the country's cyberdefenses are not up to the challenge. In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries. The protection of US computer systems essentially requires an army of cyberwarriors, but the recruitment of that force is suffering. 'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
if there is such a shortage of talent maybe we can offshore this responsibility? Maybe to China? As a bonus it will be less expensive.
and yo know if you had not of tricked those two russians into the usa and hten arrested them....you might just not have this issue
2002 onwards
united hackers association
CHRoNoSS
( offered loads a jobs in usa but after the Russian incident will never go to the usa again )
The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks. Instead of arresting and jailing "hackers" they should employ them, and then maybe we'd have enough people for the "cyberwar" they are talking about
If telephones are outlawed, then only outlaws will have telephones.
I'm not allowed to tag stories, but the moron who managed to misspell "cyberwarfare" as "cyberwarefare" is free and clear, huh? Nice job, Slashdot.
How is the US recruiting to meet this demand? If they are doing it at universities, they are doing it wrong.
We don't have sufficiently bright people
well DUH, the 'cyber warriors' that the government wants are hard to find. mostly because they are either trained IT security professionals or a kid who figured out how to hack his school to change his grades. the first of the 2 will be easy to get with the increase in IT students. however unlike china, there is sever punishment for committing cyber crimes. china and other countries have the right idea of hiring the hackers instead of locking them away like we used to do
Its not my fault, someone put a wall in my way.
I'm a young system admin with two years experience and would be extremely interested in expanding my network security knowledge. Maybe they need to advertise better? I know lots of fellow would-be hackers looking for interesting work.
The US treats anyone with the least bit of curiosity or know-how with suspicion.
Maybe it's because we call anyone with even the smallest amount of computer knowledge a witch^H hacker, and burn them at the stake^H^H^H^H^H^H put them in jail (or detention, for the juveniles) while banning them from using computers?
It's pretty simple, guys. If you ban model rockets, you won't get a generation of rocket scientists. If you ban chemistry kits, you won't get a generation of chemical engineers. If you ban playing around with computer systems, you won't get a generation of hackers.
"We don't have sufficiently bright people moving into this field"
Yet we have sufficiently bright people who can create a system that rapes the stock market.
It is all about perception. I see high school advisors telling kids to stay away from computer science because they will be fighting for jobs against the whole world (programmers from India, sysadmins from the Bay Area, etc.) Instead, they tell them to go law because "there is no such thing as an unemployed lawyer."
Russia and China, it is different. There, their security guys doing blackhat/white work are viewed with similar respect as Special Forces guys are viewed here, as heroes for their country. Here in the US, a CS/IT person is looked at as someone who is going to be unemployed as soon as the PHB finds some offshore firm.
Change the perception, make it cool to be a CS/IT person. THEN you will have your "cyberwarriors" that are on par with the Russian/Chinese blackhats. Otherwise, the CS students will be taking their CS degree into law or business school.
'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
I wonder whether this gentleman has thought about the idea that his "national security objectives" cannot be achieved by computer science at all. In other words, those objectives are misplaced...simply put.
Could I be right?
Maybe if the country wasn't so obsessed with computer crime that it looks for black-hat hackers in ridiculous places, we wouldn't have this problem.
Chemistry sets and other "gateway drugs" to the sciences and engineering are also not as easily available any more. And isn't "creativity" declining too?
'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
That's ok, just click on brightness and adjust. Works for my monitor.
If you can't get them bright enough for when you move backward in time, that's when we have a problem.
The protection of US computer systems essentially requires an army of cyberwarriors, but the recruitment of that force is suffering. 'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler
Translation: we don't have enough really smart people willing to work for peanuts.
Who wants to work in that environment? It isn't like the movies.
I'm sure they will eventually fill their quotas with University of Phoenix grads.
all y'all have to do is setup a few sub sub basements with a few racks and fridges and then move anybody that can
hack the doors into the group (of course filter for the obvious "problems").
a few hints
1 most good hackers will have some sort of criminal record
2 hackers may or may not like a normal uniform and the hair thing may be an issue
3 when you have a group setup DO NOT VISIT DO NOT ASK "HOW" (plausible deneyability is a good thing)
4 psych evals may be another issue
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Yes. I know what they should do. Bring back photon and use it as a recruitment tool http://en.wikipedia.org/wiki/Photon_(TV_series)
Who in their right mind would join up with a organization which wants to call you a Cyber Warrior?
I mean, i get it from the perspective of appropriating money that should be used for better causes and justifying your 6 figure salary and all. But this whole thing is laughable.
Right Here
A big part of the problem is that those jobs are very unappealing. First the applicants have to get a security clearance, which weeds out all non-citizens and a good deal of other applicants, then they are forced to work in secure facilities that feel like caves or underground bunkers, and on top of that they aren't allowed to discuss what they do in anything but the most general terms. Taking a job doing cyber ops for the government is volunteering to put a giant gap in your resume that you can't discuss.
The federal government has a habit of imposing soul-crushing bureaucracies on its workers.
Probably only a very small fraction of citizens are talented and inclined to do cyberwarfare and are willing to put up with the bureaucracy.
I'd believe in stuff like
1. Shortages of people who patch their systems
2. Shortages of companies who are willing to pay security specialists a decent wage
3. Shortages of CTO's willing to pay for migration away from IE6 to something standards-compliant
4. Shortages of armed services who'd take overweight computer professionals over 30
5. The tooth fairy
6. Unicorns
But a shortage of cyberwarriors? That seems a bit far fetched.
Sounds like an interesting career. What are the education, work experience, etc. requirements? Do you have to participate in a hack-off competition against a 13 year old script kiddie?
...they dwell in Azeroth.
I believe she just finished her last film up so if we need more hackers let's get her on it.
> a severe shortage of ... [sufficiently bright people]...
> with the skills and knowledge necessary to do battle
How many do we need? I submit that the number of brilliant hackers we need is quite small; if any shortage exists, it will be in the botnet, not the conference room.
I remember looking into some Information Assurance type programs a few years ago, as the buzz about this field (especially in the government sector) was beginning to pick up (or at least when I first became aware of it). Some of these programs cost about $50,000 USD a year. It was just too expensive in my eyes. Perhaps that's just become the cost of private higher education, but that doesn't make it easier to accept. I don't recall what the starting salaries for these types of specialists were, though.
The other concern I'd have is that a lot of organizations receiving security audits would probably not be too cooperative. We all know that government work isn't always the most attractive, and one of the challenges they face are attracting people to interesting work, not being trapped for years in a political maze.
Perhaps high enough salaries can attract more talent, but they'd still lose out on plenty of people because of the environment. And having worked in Federal IT for a bit, it's a black hole of money and productivity. I'm sure there will be plenty of individuals and companies scrambling for their piece of this pie, but I wonder how much of a difference they'll actually make (besides to their own bottom lines)?
If all you have are silver bullets, everything looks like a werewolf.
...is legal and cultural. The US penalizes innovation and experimentation more than anyone. The US government is responsible for the DMCA and massive efforts to punish people for hacking their own hardware and software, ludicrous prison terms, and so forth. On top of that you have a move away from generic, "hackable" computers to walled garden, Apple style technologies. That kind of culture doesn't really nurture a generation of future hackers. We don't encourage youth people to explore technology, we want them to play by the rules and keep their noses clean. With hacking hardware and software so stubbornly discouraged, it's no wonder that not very many people have the desired skill set.
There are several serious problems at work here.
The first is that highly-talented hacker-types tend to be very libertarian (note the small-L) in their outlook. They believe in doing everything possible to minimize governmental authority and governmental interference in private lives; recent administrations and Congresses/Senates have been dead opposites. The caliber of people that the NSA wants are tuned into what's really going on, and propaganda (meaning; lies) that the government is not spying on US citizens for the political gain of the Capitol Hill gang are not going to be believed. When a prospective employer lies to you, it speaks volumes about the contempt they hold for you and whether they can be trusted. While the NSA may indeed be concerned with protecting Americans without being intrusive, the NSA's masters in the White House and Capitol have no such concerns.
Secondly, THIS administration has shown a willingness to retroactively throw its intelligence officers under the bus in return for political gain. When someone in the intelligence community asks "Is it okay to do [redacted]?" and are told "It's legal and approved"... four years later, they find themselves on trial. When we change administrations, the NEXT administration is going to remember this and roast THIS administration's intelligence officers over open coals. The precedent has been set. Who would ever want to take risks for a nation that holds them in contempt, and be demonized to squeeze a couple more votes out of an ignorant public?
Then there's the pay issue. If someone is good, THAT good, they know they can strike it rich in private industry. While the NSA recruiters at Black Hat say "oh, we'll pay you very well, we want to make sure you're living well enough to be bribe-resistant", they have an east-coast idea of what "good pay" is. Founders of Silicon Valley companies, even in this day and age, are paid mighty well when the exit strategy comes to fruition. That's what the NSA has to compete with, and the bean-counters don't believe it.
Work for evil, burned at the stake for the privilege, for less pay than other options. WHERE DO I SIGN?
Everybody gets what the majority deserves.
People who are typically drawn to computers are often not very good canidates for the military lifestyle. And to become good at Securing systems or hacking them.. you need be breath, eat and sleep computers (especially hacking them).
Hacking skills are not taught in schools and working for the goverment pays c@rp.. why would someone who spent years developing highly saught after skills work for the latest cyberwarfare agency when they could make big bucks in the private sector.
There are plenty of highly skilled security folks out there "Defend the nation" to. I dont see any real recruitment efforts going on that are worth while.
As an educator, specifically a computer science educator in higher education, I have to say that this is a shortage that the US has created. Let's see, if we outsource all IT jobs, and then allow various industry groups to sue the snot out of people based on their IP address; let's tell all potential students that jobs in this area can be done overseas, and that there is no reason to go into this area; let's pay low, low wages, and accept low-quality work from people who rose through the ranks due to politics rather than ability; let's reward people for paper certificates that they obtained through cram sessions and cheat sheets; let's do everything within our power to make this an unattractive field of study. And now, when bright, curious, intelligent people are needed in this field, let's wonder why they're not there.
Cynicism - the last refuge of those people who want to simply say, "Well, duh!"
In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries.
Based on my own experience, I would argue that there is a severe shortage of computer security specialists and engineers with the skills and knowledge and desire to do battle against would-be adversaries. Whether it's a personal financial concern or a personal ethical concern, there are lots of great reasons for skilled and knowledgeable experts to seek employment elsewhere.
Slashdot? Oh, I just read it for the articles.
Where are the recruiting posters, TV spots, and in-game adverts? I know the Marines and Army are looking. Where the heck does one sign up for cyber-warrior boot camp? What's the web site, email address or 1-800 number? Even the article leaves out that information. What a missed opportunity.
Hint: hire a marketing team first.
the growth in cynicism and rebellion has not been without cause
I worked at Data General for a while, on their B2 secure UNIX. My job was to audit functions in the C standard library for unexpected side-effects. I have never seen another company that pays that sort of attention to security. Data General's selling point was a secure platform, and they ended up going out of business and being purchased and gutted by IBM.
It would take a lot of work to actually mandate that the culture change for the entire government and private companies that build infrastructure components. Much easier to just pin the blame on a "lack of hackers." We'll know we're moving in the right direction when a exploit is released and a company fixes it immediately instead of blaming the people who found the exploit for releasing it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The culture (wage,work environment, hiring, management) is all wrong to attract true talent. I would really have to be hard pressed for work to consider a government job.
Got Code?
Our government needs MASSIVE improvements in their computer security. But the requirements of the government (get it secure now) are the opposite of the requirements of business (keep it just sucky enough to be able to sell the next version).
And with that situation, no matter how many smart people you have working in government, there will always be more work than they can do. Which leads to hiring people who are less smart. And just about anyone in IT can tell you what happens when you put less skilled people in charge of a system.
'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,'
All we have are a bunch of morons here.
More than 850,000 people in the US hold Top Secret clearance. There are a lot of "sufficiently bright" technologists at NSA, CIA, DOD, etc and their contractors. Perhaps the issue is more one of priority than spending?
Obi-Wan: "I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were sudden
Go look for the idiot that started the Hacker's Crackdown in th 90's. The result of this attitude was to either push some kids to the edge where the russian mob recruited them in on form or another, or plain make them corpodrones, albeit very good at typing crap into a cisco console, but perfectly worthless in the underlining of the net.
Bravo, idiots, might I remind you that here in the net, we forsaw and told you about this. And now you come complainin....
NO SIG
if (ugly or terrorist or other_party or undesireable)
then (set off required little bomb in computer)
endif
you're welcome. the definitions table is up to you.
if this is supposed to be a new economy, how come they still want my old fashioned money?
You can't get into this field legally because of the DMCA...
So I guess its not traditional employment because its an offer the hacker cannot refuse.
Anyone who has ever worked in government IT knows that it is the last place for a competent person. The average bureaucrat considers IT to be one of the easiest ways to launder kickbacks for party supporters. Competence ONLY gets in the way. Worse, they'll even try to get you to make that slop work. Fall on your swords now, "cyberwarriors". (snort!)
Could it be because they're recruiting from the wrong place?
All the keyboard warriors seem to have moved to the YouTube comments section. If they're still recruiting Internet hardmen from Usenet then they'll not be getting the best.
I work for a local government agency and have over 20 years experience in IT, with almost 10 in security. Due to a "small world" situation, my name came across the desk of someone at the FBI. I was informally asked what level of interest I would have working for them. I asked the guy several questions and came away with the following: Take a substantial pay cut, move my family over 400 miles away from most of our relatives, forfeit the retirement at my current employer, go through the FBI academy (no desire to go through another boot camp at my age). About the only upshot to the whole thing would be some good training. I'm sure there are jobs with other federal agencies, but I imagine that except for the academy, all of the other negatives apply. The thing that got me about this is that my skills are nowhere in the ballpark of what I imagine should be the skillset for this type of job. Maybe they're targeting people that they feel can be groomed into the position, but it seems to me that if they're going to take the issue seriously, they would be going for some top dogs and offering some real incentives to those people.
necessary to do battle against would-be adversaries. The protection of US computer systems essentially requires an army of cyberwarriors
Who is the enemy? If you think its a nebulous "them", then you're wrong, its us.
"security" where I work is primarily focused on giving as many employees parking tickets as possible, monitoring our every move (although car breakins are of course not monitored), protecting the company from downsized employees, and generally being bullies.
I can assure you that "leet cyberwarriors" are not going to be used against enemy nation of the week, but against Americans. Against people with the mistaken idea they live in a free country. Against anyone standing in the way of the big corporations that pay for our elections. Against anyone whom does not understand they exist to serve the govt, not the other way around.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Hackers, in general, tend to detest interference and authority. Hard to think of hackers in a top secret Government agency taking orders and working 9AM to 5PM, in an extremely straitjacketed environment. More importantly, I'm guessing the wages wouldn't be great
The economy as it is right now has plenty of talented individuals just waiting to get hired. Theres 10% unemployment so there is no shortage of the labor force, as for qualifications these are skills which aren't learned in school so the government must already know who does what, they have enough fbi informants and others who gather information on anybody with any shred of credibility as far as computer skills go.
So either they people they want to hire would rather remain unemployed than work for them (which means the job must suck and not pay well), or they are using this shortage as an excuse to raise the pay rates. The fact is theres plenty of people from the dot com bubble or from before that, who would be qualified to do most of this. Most of the people on slashdot have the skills to do the job, now the security clearance on the other hand thats where there will be shortages of qualified individuals.
General Turgidson: "Mister President! We must not allow... a NERD gap!"
let the market sort it out!
We need a boot camp for this with out the PT / yelling in your face part.
Also open it up to the people who are good with systems but not with dealing with people / PHB BS.
Everyone knows that before 9/11, the pentagon had a ton of computer security contracts out to private companies. After 9/11, they cancelled or failed to renew those contracts. Frankly, they needed the money for bullets. Now, nine years later, surprise surprise, they are hugely behind in computer security.
There's lots of talent out there. Part of the problem is that they are ignoring all of the talented young CS graduates who are only a few credits away from being 'security experts.' Hire CS graduates. Train them. Problem solved.
I could have gone into security but whats the point? Working for the government is not an ideal job (see posts about offices like caves and inane security clearance requirements). If you lucky enough to have gotten a job in the security industry instead of the gov't things tend to go like this: Any new exploit you find will either be (a) swept under a rug by the vendor, (b) accepted as an exploit but never patched, or (c) get the researcher sued by the vendor. If by some small chance you end up finding an exploit for a vendor that actually pays for such knowledge, the average is about $500 per exploit I believe. Not really worth a month of my time no matter how you look at it. If we want a security industry, we have to foster a security industry, not try and hide the fact that we need one (as most companies do now).
A CI is as close as a hacker ever will get to working for the government. Nobody volunteers to be a CI so they are forced into it. The option is usually to continue getting raped in prison, or become a CI. The problem is the life of a CI generally sucks.
So no hacker is going to be able to really become a government employee. The hackers broke a federal law and this disqualifies them from ever serving in an official capacity. Why? It's so difficult to get security clearance that felons have no chance.
So the government still has options. They can approach the hackers who never committed a felony. They can approach the ones who were smart enough to never get caught. They can approach individuals who have a lot of experience programming, or doing the type of work they need, or they can just take talented young individuals and train them just like the marine corps and army does.
I think if they are serious they should train the cyber warriors themselves.
If the U.S. government were to offer training and good-paying jobs in "cyber warfare" or whatever they want to call it, I believe there are plenty of people who would rise to the opportunity. Full scholarships, retraining for displaced professionals, that sort of thing. What they seem to expect instead is an unlimited pool of highly skilled, motivated workers all ready to hit the ground running as soon as a job is (eventually) created for them. It doesn't work like that.
When they say "critical shortage of talent," read "critical shortage of people already highly trained yet inexplicably unemployed (or willing to take a massive pay cut to leave private industry for a government job)." In other words, they're basically whining about not wanting to pay enough.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Open it up to Rain Man like people who are good with computers but are pass over for the army over there Autism / other things like it. There are people with stuff like Autism who can do good just as long is there some way to keep the all the non tech work bs way from them.
they should get themseleves down to Defcon next week and bag themselevs a few cheap white hats (or should that be green hats if you work for a .gov?)
Every time the Military Industrial Complex (MIC) gets involved, big changes will occur. In this case, if the government/military gets serious about this, it could mean serious changes for the industry. The internet, PCs an other gear have essentially grown up in peace-time. The focus has been on user-friendliness, ease of use, (paying for) upgrades and updates and the like... all very consumer oriented and "defective by design" keeps people buying more and more. It's a great model for consumerism, but not great for the military/government.
And if they are to get serious, we will see a better Windows (because let's face it, Microsoft WILL change if they want to keep selling to the government) and increased focus on secrecy and privacy in computing/data processing technologies. Undoubtedly, I would also expect to see even more development of Linux as well. (I can't imagine what involvement Apple might have but I presume little to none.)
But one thing is always true -- the military industrial complex creates lots of action and lots of change. The focus will mean improvements of great interest to IT people. Of course, I would also be concerned about any legislative action and change that might come of it as well.
We don't have sufficiently bright people
well DUH, the 'cyber warriors' that the government wants are hard to find. mostly because they are either trained IT security professionals or a kid who figured out how to hack his school to change his grades. the first of the 2 will be easy to get with the increase in IT students. however unlike china, there is sever punishment for committing cyber crimes. china and other countries have the right idea of hiring the hackers instead of locking them away like we used to do
There is almost always a script kiddie in there somewhere. They can take these kids and train them to be cyber warriors. You can take a script kiddie and train them to be an elite hacker. This is probably easier than expecting elite hackers to work for the government which spends all its time trying to arrest them.
It's simple, most of the time if a hacker is bold enough to change their grades they've already broken federal laws. The difference between the script kiddie and the elite hacker is a difference in scope and goals. The elite hacker wants to hack elite entities like big corporations, or very important individuals, while the script kiddie just defaces websites and hacks people over IRC or whatever.
The point is the government has the resources to take every script kiddie in America and train them to be a cyber warrior if it were as necessary as they make it out to be. You don't learn to be a script kiddie in school, you don't learn to be a hacker in school, but if you have the instinct to be either one of these you can be trained to become an elite cyber warrior. It's about finding the people who have the instinct.
...the government can't get qualified applicants. Go to usajobs.gov and search for "computer security specialist." You'll find that many of the job requirements require an existing TS clearance, previous military/DoD experience, a PhD and/or three years of graduate work, and/or less than 24 hours notice for travel, etc. It would appear to me, based upon the results of this unscientific survey, that the job requirements themselves effectively rule out many who would otherwise be qualified.
There are plenty of people who know how is just that the knowledge leads to suspicion by law enforcement and practice of said skills are illegal.
It's the same thing if this guy said, "There aren't enough people who know how to murder and our spy agencies are having a hard time finding assassins! "
RIP America
July 4, 1776 - September 11, 2001
You don't hire them.
You start a project on Sourceforge requesting help.
In fact getting into the military is very difficult right now precisely because there is no shortage of people trying to enlist. So to tell people to enlist or talk to a recruiter is not that simple. Also most hackers probably wear glasses or have other issues which will completely rule them out from the military service. So unless the military somehow makes exceptions, the vast majority of hackers just aren't going to get accepted into the army nevermind the airforce.
USA jobs? That's useless as well. Unless they are lucky enough to come from a military family and be born with top secret clearance, they aren't going to have top secret clearance and without that they wont be hired for the vast majority of jobs at USAjobs. On top of that, veterans have preference at USAjobs so even if the job does not require clearance if someone is a veteran they'll be chosen for the job instead. On top of all of this there is no shortage of people trying to get jjobs on USA jobs. So there is a very slim possibility of getting a job from USA jobs and probably not worth the time of applying unless you want to take a gamble.
Uncle Sugar isn't exempt from having to pay for talent, or from having to pay that talent to do work they may not enjoy under conditions of employment they surely won't enjoy.
Want badazz hackers? Cough up enough money to get their attention.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
apple lock down is greed and the fcc wants to open it up.
Just think how fast the FTC smack down M$ if they tried to lock down windows in that way.
How about making better software that is where the big holes are.
Super locked work sometimes but for all.
Even if a super locked down os what is the point if the app is easy to hack on it's own.
Not putting it on the network does not work that well when you need to talk to other systems.
Why can't we have more of the hard to hack cable and sat systems!
People who are typically drawn to computers are often not very good canidates for the military lifestyle. And to become good at Securing systems or hacking them.. you need be breath, eat and sleep computers (especially hacking them).
Hacking skills are not taught in schools and working for the goverment pays c@rp.. why would someone who spent years developing highly saught after skills work for the latest cyberwarfare agency when they could make big bucks in the private sector.
There are plenty of highly skilled security folks out there "Defend the nation" to. I dont see any real recruitment efforts going on that are worth while.
The government does have the advantage of a weak economy. This means that the vast majority of hackers you mention will be unemployed. No the private sector is not hiring hackers because the private sector is looking for people with relevant work experience, not just skill and talent.
And you are right there are no recruitment efforts at all. That is probably the main reason they cannot find anyone. If they go to IRC they'd probably find some people, theres chatrooms they could go to if they want to recruit people. It's not difficult to find script kiddies, they are literally everywhere.
Are they going to be a world class hacker? Probably not, but thats because being a world class hacker leads to a prison cell. This is why even when people have the talent to be world class hackers, they don't actually want to become world class hackers. The US government in my opinion will have no problem finding individuals who have the technical skill to be cyber warriors, as thats not going to be difficult to find. What will be difficult to find is people who can handle the top secret security clearance.
As far as the job goes, it's probably stuff an ordinary script kiddie can do, and if the script kiddie can't do it they can be trained by experienced cyber warriors in how to do it. I don't see it as a big deal finding people unless there is some political concern. And I'm not buying the idea that there aren't enough bright people on the internet, as that assumption isn't based on reality.
Minneapolis, MN Plus the coffee shop that hosts the meetings here has $1 PBRs :)
spend the last couple decades solving all technological security issues by branding hackers as criminals. Furnish them with outrageous civil and criminal penalties. Then you wonder why there isn't a ready supply of "sufficiently bright" individuals to lock down systems. They've been telling you all along these systems are unsafe and wide open to attack. They even provide you with step by step directions of how they can be exploited so that it can be fixed. How do you reward them? You throw them in jail! Well played sir.
Two of my imaginary friends reproduced once
If they actually had a cyber warrior bootcamp where they take a script kiddie and train them to be a cyber warrior, they'd probably have hundreds of thousands of people sign up. The reason they can't find anyone might be because they aren't actively recruiting.
There is no shortage of security experts. It's just that most of them are not from the 'Norman Rockwell' background the intelligence services are hoping for, and are far more intelligent than the PHBs in charge in these places. What this alleged shortage is really about is conning idiots into going to a Kaplan/Devry-type diploma mill for-profit private 'universities' to get a piece of paper saying that A) You are stupid enough to be conned into paying for a useless 'education' (and clearly are not smart enough to be a threat), and B) you have the training needed to operate point-and-click commercial 'security' software.
They don't want actual experts, they want drones.
What do you think are the future job possibilities for this? Talk with the interviewer: I was a cyber security warrior/hacker who tried to break into other computers at a moments notice. Hmmm, where are the engineering and software development skills necessary to do this when one has been trained to further mankinds knowledge and the bottom line of ones future company in making a product?????
Looks like dead-end job to me and boring...regardless of what they pay!
If worse comes to worse, it is easier to disconnect the network cable to the outside world and reload the computer system to get rid of the attacks and the so-called cyberwar is over in about an hour...
You know how Teh Eevil Terrarists were going to crash every aircraft in the world into New York, but the gov spent $90 gazillion on Homeland Security and prevented it?
And how Evil Sadam Husane was going to obliterate the west with his Nucular warheads, but the gov spent $90 gazillion on some wars and prevented it?
Maybe, just maybe, if Teh CybarWar Dept was to pay its warriors at a higher rate than bankers and lawyers get, smart people would be clamouring to demonstrate their skillz ( in cybercombat against the existing warriors for control of mock-up systems ) and get a job. And it might cost less than $90 gazillion.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
The problem is that real security work doesn't pay the bills. Oh sure, you can make tons of money as a pen tester. But how many people make more than a pittance looking for new security vulnerabilities in the legitimate market? Not enough to justify specializing in it. I could have gone into security -- I enjoyed writing the occasional buffer overflow attack in high school -- but the only people willing to pay you to do this for a living are also the people that are willing to kill you and your family if you screw up.
I won't repeat myself on this:
http://slashdot.org/firehose.pl?op=view&id=14443498
I'll just point out that the sensationalist version of this got posted to /.
And that if you think you can do a better job than they can, here's your chance.
There are lots of us.
Unfortunately for them, any (icky term) "Cyber warrior" who isn't a masochist or mentally defective is not on the government's side. A few kids trying to legitimize their egos occasionally try to get some validation there but most of them are script kiddies.
The spit shined, brush cut types the military loves tend not to be able to think laterally which is cripling for this kind of work.
to become a cyberwarrior, but my team lead keeps having me interview people and auditing STIG compliance! That's government security for you. Is this registry value set to 0? Yes? Rock on, we're secure!
How many real hackers - and I am not talking about some dude who took a 5 week certified ethical hacker cert - are going to be stupid enough to take a full scope polygraph?
And if they were that dumb, how many would pass?
This story is the biggest bunch of BS.
I listened to this story on NPR. Instead of actually relying on hard data, the reporter simply found someone who estimated there are only 1,000 qualified "cyber" professionals in the US. The source presented no hard data, just a gut feel that there aren't enough people. This figure is about as well-sourced as the claim (often repeated) that the underground malware economy is bigger than the market for illegal drugs.
Meanwhile, instead of calling outside the beltway, NPR also called up Alan Paller, the head of the SANS Institute, who parroted the same line. How Paller can say that there are less than 1,000 qualified security professionals with a straight face is beyond me. SANS claims to have trained over 150,000 people. Does that mean that 99% of their "graduates" are therefore unqualified?
The worst part about this is that NPR did not even bother to disclose Paller's blatant conflict of interest. Contrary to popular belief, SANS is NOT a non-profit. It's in business to make a buck. I can't think of a better way to plump up the attendance rolls than to manufacture scare stories about "shortages" of professionals.
I've got no real issues with Paller other than the fact that he's just another garden-variety huckster. I've got a bigger problem with NPR, who was just plain sloppy.
When was the last time you saw military recruiters at HOPE or Defcon talking about the how important we are to protecting freedom and democracy? And how many of these "cyber warriors" do you think are in prison for non-violent crimes of curiosity?
I don't believe we need more "cyberwarriors" for a "cyberwar" with "cyberterrorists", but on the whole we certainly could use more in the way of competent, every day users who won't install every bit of shit on their computer because they're aware of the risks and who can independently reinstall their OS if they get compromised.
The harm isn't in people not knowing how to "cyberfight", it's not understanding the value of "cyberdefense". It is all the compromised home computers and small business servers that create weapons that can hurt our ability to communicate and look at porn.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
and people are willing to trust them with their life savings, why can't the government get it done. What's the difference between protecting a financial transaction and a national security secret?
Furthermore, why not just hire Bruce Schneier!!!
There is no shortage of security experts. It's just that most of them are not from the 'Norman Rockwell' background the intelligence services are hoping for, and are far more intelligent than the PHBs in charge in these places. What this alleged shortage is really about is conning idiots into going to a Kaplan/Devry-type diploma mill for-profit private 'universities' to get a piece of paper saying that A) You are stupid enough to be conned into paying for a useless 'education' (and clearly are not smart enough to be a threat), and B) you have the training needed to operate point-and-click commercial 'security' software.
They don't want actual experts, they want drones.
Who can afford to gain official certification? Taking SANS classes (or similar) is akin to going to college for 4 years at your local state campus. Too expensive for many.
If you practice the craft on your own and polish your skills you're classed as a parent's basement dwelling nerd by the business world (and even fewer people take you seriously) and are subject to interest/scrutiny from the government.
In either case, you can emerge with great skills and go nowhere fast as businesses are still in the dark or passing the blame on the security game. Accordingly the pay and benefits are also all over the place.
Until businesses and organizations take security seriously, this is a waiting game to see how things evolve in the world and hope that the thrashing doesn't get too harsh...
You know, as a U.S. citizen with a data systems security background, university degrees, CISSP, etc., I would happily apply for work with the U.S. government.
However, every position I've discovered requires an existing security clearance, something you cannot just go out and get, at any price.
They need to attach a cool sounding 3 letter acronym. FBI, CIA, CID (not USA), etc... sounds cool. The latest acronyms the white house have been coming up with just suck.
I have been in IT for 30 years. I started in the USAF, and went on to work for defense contractors. Have held several clearances, including top secret. Have degrees in math and comp sci. I am presently long term unemployed.
It seems to me that these "desperate shortage" articles come out routinely. No matter how many major IT layoffs, or how many CS grads can not find a job, or how depressed wages are for IT pros.
Why are these articles never specific? Exactly what skills do they need that they find so hard to fill? Exactly what credentials are they looking for: BSCS, PhD, CISSP, CCIE, or what?
Why do these articles seem to reek of corporate/government propaganda?
If people in our society would stop mistreating introverts and encourage their introspection instead of attacking them emotionally, socially, physically, etc., then their would be sufficient numbers of smart AND decent people to fight cyberwars. But...that's what our society gets for NOT thinking!!
The deeper problem is rooted in our society turning from the knowledge and understanding of God through His Word. If Americans would turn back to God, then they wouldn't have to oppress each other to enforce decency and introverts wouldn't be treated as badly as they are. Start with the 10 commandments taught to children in school - that would raise the bar of decency so that we wouldn't have to rely on oppressing ourselves through culture, excessive policing, and ostracizing people who don't fit the norm in order to "keep the peace."
The way our society is now, we over-compensate for our lawlessness by creating a false definition for what's normal and socially acceptable. Then, we assume anyone who does not meet that norm must therefore be one of the lawless ones and attack those. True, in some cases, it does suppress lawless behavior that would otherwise undermine our "ethics," but it's not wholesome in that it hurts innocent people in the process. The ONLY solution is turning back to God, who gave us this great country in the first place!
They ought to advertise the way the military does..make it all glam and junk. "I'm Dale and I'm a Cyber Warrior..hiyaaa!" smash some foreign guys computer to bits. Fox would be all over that.
Good IT guys don't want to go through the nonsense associated with these positions. They can get jobs with private industry that don't have the headaches. I live in the Washington area and there are plenty of IT jobs here. You just have to have a TS/SCI or plan to get one. I'm much happier not having the FBI asking my neighbors questions and crap like that.
I will be graduating with a CS degree in the spring and would love to get into the field, however there is a glaring problem.
1. Most if not all of those I have talked to within my class have no interest in a military career, we don't want to go into the military or be classified as a "soldier".
2. There is no job listings for entry level CS careers in computer security, look around if you want, you will not find one.
3. I have heard tons of posts and information about this issue but have yet to see an a job to start doing this, they all require vast amounts of experience and knowledge not provided by current education.
As someone who is very interested in the subject, I have no ability to go into the field. They want security experts but are not willing to train them. Basically its like saying, we need more fighter pilots, apply if you already are one.
I would love some insight on getting into the field beyond the generic, read a book, take a class, all things which at the end of the day mean nothing as far as experience.
I'm the trouble starter, frakkin' instigator
I'm DRM restricted, license terms dictated
I'm a cyberwarrior, terrific cyberwarrior
You're the cyberwarrior, twisted cyberwarrior
I'm a cyberwarrior, terrific cyberwarrior
I'm the noob you hated, ego over-inflated
Yeah. I'm the brain you wasted, drag dropped and copy pasted
I'm a cyberwarrior, terrific cyberwarrior
You're the cyberwarrior, twisted cyberwarrior
I'm what you disgusted, kind vindicator
Yeah. I'm work inundated, twisted code creator
I'm a cyberwarrior, terrific cyberwarrior
You're the cyberwarrior, twisted cyberwarrior
I'm a cyberwarrior, terrific cyberwarrior... warrior... warrior... Warrior...
As an infosec professional, why in the hell would I ever want to work for the feds? The amount of regulations, bureaucratic requirements and searches of my asshole makes me run the other way. Not to mention the pay is not that great to begin with, as I would have to take a paycut to move into the government sector.
The last thing: stop calling it a fucking cyber war!!!
Maybe the govt stiffs are watching too much '24' and are looking for those non-existent skills.
They typical run these propaganda campaigns about every six months.
http://www.fiercegovernmentit.com/story/u-s-faces-shortage-cybersecurity-workers/2009-12-23
Screaming and crying about desperate shortages is just a routine part of business. It keeps the poor saps studying for a career they will probably never get. It keeps the markets nice and glutted.
IMO: what really gives this away as propaganda, is the lack of specificity. They will never tell you exactly what credentials are supposedly in such short supply.
The propaganda machine wants to drum up supply so wages can be kept low. Solution: the currently existing cs/it people should develop mutiple identities. Hundreds for each real person. That's the only way to turn the law of supply and demand around. That way the too highly paid drones at the top will not be able to manipulate wage prices downward through competion. Each real person will control an army of identities and the managers will get the same brick wall when they pit one against the other. As a side benefit, the paper pushers will have to work a lot harder and maybe then their ranks will grow forcing their wages downward and into line with ours.
The problem is not with the lack of skill or talent available, it is the mandate that the person have a four year degree.
I have 13 years in IT and the last few years have been dedicated entirely to security, but the Department of State won't even consider me as a potential candidate because I do not have university papers.
While I certainly don't object to those who put their time into academics getting preferential treatment, don't complain about a lack of talent when what you have is a lack of ACADEMIC talent.
I can understand the private sector not caring, but I would expect the Department of State to have use for a former Special Operations Marine (Force Recon - 1991 - 1994) with an IT background to be useful to them.
But without University papers, they don't want me securing their systems for them.
So, I'll continue to do the same thing for the largest companies in the world, where such mindless barriers aren't so apparent.
- Don't blame me, I voted for McCain.
- US national unemployment is teasing 10%, know what 11% unemployment is to socialist Spain? An improvement. La même chose pour La France.
- Ever read the definition of the word "Socialism" - "the stage following capitalism in the transition of a society to communism"
Way to go America - you waltzed a Communist into the White House.
Don't bitch about the results.
Its' your own damn fault.
Idiots.
There is no shortage, geeks love security issues, they're just not paying them enough. In fact, we might have more people going into security if they'd ignored kids that got their hands dirty in the 80s and 90s, but there are still oodls of people loving the field. You know, all those black hats would happily take an NSA jobs if the salary was high enough, but we're talking like 250k, not the 100k paid by the NSA.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
if you can't play the game, change the game...or don't play at all.
there should be enough talent in the US to protect government networks. tax-payers should not be paying the government to protect private networks, i don't care how vital they are to the national infrastructure. shit happens. people clean up their shit. that's the system. it works.
An italian friend of mine was hired by a French defense contractor as basically a highly paid concierge for dictators who came to buy weapons, not exactly a deep job, but it required a French security clearance. He's not French, but he's an EU citizen, fair enough.
In fact, he only got the job because his idiot boss wanted to hire a Chinese girl. I shit you not, the idiot boss lady wanted to give a French security clearance to a Chinese national. Not even a dual citizen who spoke French as well as Chinese, but an honest to god Chinese national.
Of course, the French government said no dice, and my Italian friend got the job. Guess what? bitch fired him after a while, she then tried another Chinese national. Not sure how that panned out.
To me, you're "modest proposal" fails for being way too close to the truth.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
They could also, you know have jobs outside of DC... Usually if your not in DC your be stuck as a glorified help desk person at some level.
Ok, let me preface this by saying that I am a military man, and somewhat skilled in IT and computer systems. So I have something of a unique perspective on this debate. The problem is that information warfare goes beyond simply trying to secure your site/server against remote attacks. You can have the greatest armor in the world and someone will eventually breach it. True cyberwarfare involves both defense and offense, just like traditional warfare. The offensive portion is essentially black hat cracking. The problem is is that in this country, we've marginalized even the white and grey hats to such an extent that their natural distrust of authority and independent streaks are intensified to an even more ridiculous extent. Especially with the current trend of DRM and locked systems with corporations trying to sue you or throw you in jail when you actually do manage to take them apart to see how they tick. That either drives a young hacker to back off and do what he's told, in which case he loses the necessary mindset for cracking, or to give them the middle finger and try to skirt the laws and stay hidden. But this also drives them into a "you can't tell me what to do" mindset. The problem is that to someone like that, the military is the absolute last place they want to be. And, unlike your typical street thug who wants out of the life and the military becomes their last chance, the typical cyberthug has lots of legitimately marketable job skills. Therefore, they can chose to go the civilian route while doing their hobby on the side.
Also, the military, even today, is a very "Jock-centric" culture, for lack of a better word. Doesn't matter how good you can do your job, if you can't do X number of pushups in Y number of minutes, you'll never get promoted or even be able to re-enlist. Very often PT failures are even subjected to disciplinary action. While this might be fine for an infantry unit, it also serves to drive away the people who are more concerned about how a new OS is put together than how much they can bench. And even within the military, people in non-combat units are often looked down upon as not being "real soldiers." Basically, until the military mindset is adapted to foster a more geek-friendly culture, the people we truly need on the digital front lines will never be there.
I've been told by some coworkers about a cyber-warfare reservist program in SE San Antonio, but I figure I'd be under the boot of the US government in terms of monitoring what I do online for the rest of my life, so no thank you.
Some people are willing to give up all privacy for God and country. Not me.
They're in the private sector and already in daily "combat" -- tweaking spamassassin, jailbreaking iPhones, pleading with users to stop installing malware, and doing anything else that is needed when ownership of a computer is disputed.
The very idea that the government is the only entity that knows anything about or is capable of waging cyberwar, is laughable. If they're still gearing up for the future, then they're decades behind.
"Cyberwarrior"?
Really?
I'm currently in a computer science undergrad program. While my university offers many different tracks to focus on(AI, OS, networking, etc) there is no security/reverse engineering track. There really aren't that many security courses either. The first thing is universities have to start offering more courses on security. This should get more people interested as well as more skilled people in the field. I did have a friend who applied to become one of the governments cyberwariors. He passed everything with flying colors but didn't get the job. Why? He admitted that he downloaded music. The kind of people they want for being a cyberwarrior are the kind of people that will download music, movies, games, break DRM, and possibly even break into a system or two. Thats how they gained the knowledge the government wants. But doing any of those disqualifies you from the job. The government needs to realize this and allow people who have done these things in.
apple might be easy to use and have a cool image but without all the teenagers deleting comand com by mistake; mucking around with open source; and writing some code. no one will get any experience, but they will be really good at that game where you pop the virtual bubble wrap.
Rocket Surgeon.
Perhaps they are just interested in the applicants ...but not for the purpose of actually hiring them.
-- Terry
Boot camp is what the problem is you think you can just grab a bunch of people of the street put them in basic training for six months, then set them lose inside china's firewall. You need thousands of hours of practice hopefully with a young developing mind, preferably something they did most of on there own time. but in this age of kids raised on iphones no one is fixing there computer; or screwing around trying to get a game to work in dos; and most of a computer programming courses is about making it look pretty.
Rocket Surgeon.
Unemployed security specialist here...
The requirements are just too high. How the fuck is your average joe supposed to get a top secret clearance in a timely manor? The people who are seriously good at this stuff aren't IT professionals with years of experience, they're unemployed nerds.
There are plenty of bright, intelligent and hardworking people already in this field, and others trying to move into it. The problems are two-fold: the people who want in but aren't already are stifled by egos of the current batch of professionals and lack openly available tools, materials and jobs to be able to transition readily, and, the people who are already in don't want to work directly for the Federal government for any number of reasons, both good and bad, real and imagined. Personally, while the cybersecurity of my nation is indeed very important to me, I have yet to feel compelled to go work for that gigantic bureaucratic nightmare and potentially sign away who knows what rights as a government employee in such a sensitive sector. My suggestion: continue to screen and vet candidates as normal (or even better, step up the screening process) and farm the work out to private companies.
"Inveniemus Viam Aut Faciemus" 'We will find a way... Or we will make one!' --Hannibal of Carthage
You see me now a veteran of a thousand psychic wars.
I put together this Knol on the general issues you raise about the declining value of human labor:
http://knol.google.com/k/paul-d-fernhout/beyond-a-jobless-recovery/
"This article explores the issue of a "Jobless Recovery" mainly from a heterodox economic perspective. It emphasizes the implications of ideas by Marshall Brain and others that improvements in robotics, automation, design, and voluntary social networks are fundamentally changing the structure of the economic landscape. It outlines towards the end four major alternatives to mainstream economic practice (a basic income, a gift economy, stronger local subsistence economies, and resource-based planning). These alternatives could be used in combination to address what, even as far back as 1964, has been described as a breaking "income-through-jobs link". This link between jobs and income is breaking because of the declining value of most paid human labor relative to capital investments in automation and better design. Or, as is now the case, the value of paid human labor like at some newspapers or universities is also declining relative to the output of voluntary social networks such as for digital content production (like represented by this document). It is suggested that we will need to fundamentally reevaluate our economic theories and practices to adjust to these new realities emerging from exponential trends in technology and society."
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Everyone is focusing on government crackdown on hackers...but no one is focusing on standard reasons -- like how does government pay compare to what the person might earn in the private sector?
Ok, now ask -- how much has the government done to cultivate love for country in the past quarter century?
How about patriotism? No...paying people to snitch on their neighbors is not considered something that builds loyalty to country.
Ok...now put the pay item into perspective....
What are the pay and job prospects for software types, in general in the US -- compared to say, 15 years ago?
Add all that up...ignore the curiosity=jail trip...
standard job market indicators would tend to say this type of job isn't going to be a big attractor these days...
Now add the curiosity=jail nonsense and get tough on US-citizens/war on US citizens rhetoric that is so popular with the conservatives that have been in power for most of the past 30 years (the Reagan generation, 1980 and beyond).
The dominant paradigm is to keep voters and consumers stupid. Education is *bad* -- since percentage wise, the more educated people are, the more likely they are to have liberal or progressive views. Not a bright prospect for American future -- at least not for the majority -- for those who run the big Corps, the landscape looks brighter and brighter...
I doubt I'll live long enough to see the worst of it, or a turnaround...
I'm sorry, but that's just utter bullshit. You don't secure IT systems by joining an "cyberarmy" you secure them by building them correctly. Thus everyone knowing about computer security and joining such a "cyberarmy" instead of just going out to build correct systems or teach people about security actually makes the systems less secure.
It's like drafting all the good builders. Eventually we're left with all the bad ones and the standards of building will deteriorate.
The Evil Empire, The United States of America, will be dead in 24 months.
Jo Blow Biden with his head up his ass-hole will be knocking over the water coolers, ... again.
"I Never Saw a Pinus I Wouldn't Suck" Barak "The Former Barry" Hussain Obama will be desperitely trying to suck Somebodies Pinus.
Even a half-assed job is better than no job. Some of these security jobs involve cleaning crapware from users machines. Its not official work people wind up doing. Its mundane, janitorial crap (and when I say janitorial, I don't mean cyber-janitorial although thats part of it, I actually mean carrying a bucket and vacuum and cleaning out computers for people. And the pay is shit. You can be university trained and educated in IT, with a BSc in Computer Science, and still expected to vacuum. And all the while, take less pay than some guy who drank his way through his business diploma (note I didn't say degree) from the 2 year college, and now he's your boss and getting paid more. So now 'no cyber warriors'. Follow the money trail. Show me the money. If the job you give me is going to be shit anyway, at least pay well for it. But security in IT, like most things IT in general, are viewed as 'utilitarian' and 'we can get anyone from the local high school to do this'. Zero job satisfaction, or respect, and crap pay, and out comes the headlines "WE HAZ NOTT ENUF DA CYBERWARSIRS". Well what the hell! Imagine that! Perhaps its a matter of pin heads in pin suits getting haxored a few dozen times before they approach cluefulness. Perhaps hoping that calling someone in Bangalore from Minneapolis will cause all of the cyber-goodness to return. I hate to place all the blame on corporations and their disregard for IT in the last 25 years, but it has to go somewhere. Suggestions for better systems from IT staffers go unheeded. Systems are put in place by people who are unqualified non-IT, then responsability for those systems are passed to IT. IT is left with managements mess, always. People are justifiably less likely to give a shit. Without paying well for every 2:00 AM callout, (perhaps not paying at all), people are likely to shut the pager and phone off. WE WANT SERVICE! is the cry. Show me the money and respect or go fuck yourself! is the reply.
And don't ask or you'll get an electronic fly up your nose. Seriously, how will you incentivize a dead end job for a bunch of trebuchet-hurling libertarians who appreciate ANYBODY'S code as much as or better than their own? The two worlds are immiscible. And I suspect the perceived problem exists only on the side that salutes small bits of brass. Frankly, it's been obvious for at least forty years that Bletchley Park was a British psychological warfare op, and that Turing was sacrificed to reinforce the appearance of competence in an area of contrary-to-fact depressing limits which Turing knew better than anyone.
Perhaps the obvious was not lost on a few nerds, hackers, crackers, black hats and Belgian and Israeli mathematicians who also realized they could spin better "uncrackable codes" in their sleep, and tended to regard ALL governments as the proverbial Ted and Alice. It would be fun just to know (not necessarily to read, but just to know) the white paper on this subject has been written and flushed by interdepartmental rivalries twice already.
Grikdog's Law: Never delegate a job you can't do yourself.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
Qualified People don't like to work for the Government. Many of us used to work for the government and matured enough to know that we don't want to do that anymore AND the pay scale sucks when compared to private security consulting.
Also, we know we can't keep our mouths shut for the rest of our lives and need the ego stroke of announcing hacks to Adobe, Apple and Microsoft products.
Translation = Anyone with half a brain doesn't buy into our snake oil scam to keep the plebs scared. They realize ther "cybersecurity" is a total sham, and that the power grid is not hooked up to the internet.
The sky is falling?
Step 1 arrest hackers
Step 2 make them work from jail for peanuts
Step 3 Profit !
I'm only a cyber ninja, can I play too?
Maybe they should just draft the blackhat conference in Vegas ( think it's next month or sooner ).
Out of curiosity, what can someone with good skills who sets up a white hat consultancy make?It has to be more than the NSA is offering, or they would be a lot of applicants, right?