Slashdot Mirror
Cyberwarrior Shortage Threatens US Security
An anonymous reader writes "US security officials say the country's cyberdefenses are not up to the challenge. In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries. The protection of US computer systems essentially requires an army of cyberwarriors, but the recruitment of that force is suffering. 'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
if there is such a shortage of talent maybe we can offshore this responsibility? Maybe to China? As a bonus it will be less expensive.
and yo know if you had not of tricked those two russians into the usa and hten arrested them....you might just not have this issue
2002 onwards
united hackers association
CHRoNoSS
( offered loads a jobs in usa but after the Russian incident will never go to the usa again )
The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks. Instead of arresting and jailing "hackers" they should employ them, and then maybe we'd have enough people for the "cyberwar" they are talking about
If telephones are outlawed, then only outlaws will have telephones.
We don't have sufficiently bright people
well DUH, the 'cyber warriors' that the government wants are hard to find. mostly because they are either trained IT security professionals or a kid who figured out how to hack his school to change his grades. the first of the 2 will be easy to get with the increase in IT students. however unlike china, there is sever punishment for committing cyber crimes. china and other countries have the right idea of hiring the hackers instead of locking them away like we used to do
Its not my fault, someone put a wall in my way.
The US treats anyone with the least bit of curiosity or know-how with suspicion.
Maybe it's because we call anyone with even the smallest amount of computer knowledge a witch^H hacker, and burn them at the stake^H^H^H^H^H^H put them in jail (or detention, for the juveniles) while banning them from using computers?
It's pretty simple, guys. If you ban model rockets, you won't get a generation of rocket scientists. If you ban chemistry kits, you won't get a generation of chemical engineers. If you ban playing around with computer systems, you won't get a generation of hackers.
"We don't have sufficiently bright people moving into this field"
Yet we have sufficiently bright people who can create a system that rapes the stock market.
It is all about perception. I see high school advisors telling kids to stay away from computer science because they will be fighting for jobs against the whole world (programmers from India, sysadmins from the Bay Area, etc.) Instead, they tell them to go law because "there is no such thing as an unemployed lawyer."
Russia and China, it is different. There, their security guys doing blackhat/white work are viewed with similar respect as Special Forces guys are viewed here, as heroes for their country. Here in the US, a CS/IT person is looked at as someone who is going to be unemployed as soon as the PHB finds some offshore firm.
Change the perception, make it cool to be a CS/IT person. THEN you will have your "cyberwarriors" that are on par with the Russian/Chinese blackhats. Otherwise, the CS students will be taking their CS degree into law or business school.
'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
I wonder whether this gentleman has thought about the idea that his "national security objectives" cannot be achieved by computer science at all. In other words, those objectives are misplaced...simply put.
Could I be right?
Maybe if the country wasn't so obsessed with computer crime that it looks for black-hat hackers in ridiculous places, we wouldn't have this problem.
Chemistry sets and other "gateway drugs" to the sciences and engineering are also not as easily available any more. And isn't "creativity" declining too?
'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
That's ok, just click on brightness and adjust. Works for my monitor.
If you can't get them bright enough for when you move backward in time, that's when we have a problem.
I'm not allowed to tag stories, but the moron who managed to misspell "cyberwarfare" as "cyberwarefare" is free and clear, huh? Nice job, Slashdot.
I can't seem to tag stories either and I have no idea why. I can add a tag and it appears to work, but I have never once refreshed the Slashdot main page and seen any tag I have applied. That is, they seem to just go straight to /dev/null. Tags I try to apply do seem to show up on my user page, however.
It is a miracle that curiosity survives formal education. - Einstein
all y'all have to do is setup a few sub sub basements with a few racks and fridges and then move anybody that can
hack the doors into the group (of course filter for the obvious "problems").
a few hints
1 most good hackers will have some sort of criminal record
2 hackers may or may not like a normal uniform and the hair thing may be an issue
3 when you have a group setup DO NOT VISIT DO NOT ASK "HOW" (plausible deneyability is a good thing)
4 psych evals may be another issue
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Yes. I know what they should do. Bring back photon and use it as a recruitment tool http://en.wikipedia.org/wiki/Photon_(TV_series)
Who in their right mind would join up with a organization which wants to call you a Cyber Warrior?
I mean, i get it from the perspective of appropriating money that should be used for better causes and justifying your 6 figure salary and all. But this whole thing is laughable.
Right Here
A big part of the problem is that those jobs are very unappealing. First the applicants have to get a security clearance, which weeds out all non-citizens and a good deal of other applicants, then they are forced to work in secure facilities that feel like caves or underground bunkers, and on top of that they aren't allowed to discuss what they do in anything but the most general terms. Taking a job doing cyber ops for the government is volunteering to put a giant gap in your resume that you can't discuss.
The federal government has a habit of imposing soul-crushing bureaucracies on its workers.
Probably only a very small fraction of citizens are talented and inclined to do cyberwarfare and are willing to put up with the bureaucracy.
I'd believe in stuff like
1. Shortages of people who patch their systems
2. Shortages of companies who are willing to pay security specialists a decent wage
3. Shortages of CTO's willing to pay for migration away from IE6 to something standards-compliant
4. Shortages of armed services who'd take overweight computer professionals over 30
5. The tooth fairy
6. Unicorns
But a shortage of cyberwarriors? That seems a bit far fetched.
Sounds like an interesting career. What are the education, work experience, etc. requirements? Do you have to participate in a hack-off competition against a 13 year old script kiddie?
I believe she just finished her last film up so if we need more hackers let's get her on it.
> a severe shortage of ... [sufficiently bright people]...
> with the skills and knowledge necessary to do battle
How many do we need? I submit that the number of brilliant hackers we need is quite small; if any shortage exists, it will be in the botnet, not the conference room.
usajobs.gov or your Air Force recruiter
I remember looking into some Information Assurance type programs a few years ago, as the buzz about this field (especially in the government sector) was beginning to pick up (or at least when I first became aware of it). Some of these programs cost about $50,000 USD a year. It was just too expensive in my eyes. Perhaps that's just become the cost of private higher education, but that doesn't make it easier to accept. I don't recall what the starting salaries for these types of specialists were, though.
The other concern I'd have is that a lot of organizations receiving security audits would probably not be too cooperative. We all know that government work isn't always the most attractive, and one of the challenges they face are attracting people to interesting work, not being trapped for years in a political maze.
Perhaps high enough salaries can attract more talent, but they'd still lose out on plenty of people because of the environment. And having worked in Federal IT for a bit, it's a black hole of money and productivity. I'm sure there will be plenty of individuals and companies scrambling for their piece of this pie, but I wonder how much of a difference they'll actually make (besides to their own bottom lines)?
If all you have are silver bullets, everything looks like a werewolf.
...is legal and cultural. The US penalizes innovation and experimentation more than anyone. The US government is responsible for the DMCA and massive efforts to punish people for hacking their own hardware and software, ludicrous prison terms, and so forth. On top of that you have a move away from generic, "hackable" computers to walled garden, Apple style technologies. That kind of culture doesn't really nurture a generation of future hackers. We don't encourage youth people to explore technology, we want them to play by the rules and keep their noses clean. With hacking hardware and software so stubbornly discouraged, it's no wonder that not very many people have the desired skill set.
People who are typically drawn to computers are often not very good canidates for the military lifestyle. And to become good at Securing systems or hacking them.. you need be breath, eat and sleep computers (especially hacking them).
Hacking skills are not taught in schools and working for the goverment pays c@rp.. why would someone who spent years developing highly saught after skills work for the latest cyberwarfare agency when they could make big bucks in the private sector.
There are plenty of highly skilled security folks out there "Defend the nation" to. I dont see any real recruitment efforts going on that are worth while.
As an educator, specifically a computer science educator in higher education, I have to say that this is a shortage that the US has created. Let's see, if we outsource all IT jobs, and then allow various industry groups to sue the snot out of people based on their IP address; let's tell all potential students that jobs in this area can be done overseas, and that there is no reason to go into this area; let's pay low, low wages, and accept low-quality work from people who rose through the ranks due to politics rather than ability; let's reward people for paper certificates that they obtained through cram sessions and cheat sheets; let's do everything within our power to make this an unattractive field of study. And now, when bright, curious, intelligent people are needed in this field, let's wonder why they're not there.
Cynicism - the last refuge of those people who want to simply say, "Well, duh!"
In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries.
Based on my own experience, I would argue that there is a severe shortage of computer security specialists and engineers with the skills and knowledge and desire to do battle against would-be adversaries. Whether it's a personal financial concern or a personal ethical concern, there are lots of great reasons for skilled and knowledgeable experts to seek employment elsewhere.
Slashdot? Oh, I just read it for the articles.
Where are the recruiting posters, TV spots, and in-game adverts? I know the Marines and Army are looking. Where the heck does one sign up for cyber-warrior boot camp? What's the web site, email address or 1-800 number? Even the article leaves out that information. What a missed opportunity.
Hint: hire a marketing team first.
the growth in cynicism and rebellion has not been without cause
I worked at Data General for a while, on their B2 secure UNIX. My job was to audit functions in the C standard library for unexpected side-effects. I have never seen another company that pays that sort of attention to security. Data General's selling point was a secure platform, and they ended up going out of business and being purchased and gutted by IBM.
It would take a lot of work to actually mandate that the culture change for the entire government and private companies that build infrastructure components. Much easier to just pin the blame on a "lack of hackers." We'll know we're moving in the right direction when a exploit is released and a company fixes it immediately instead of blaming the people who found the exploit for releasing it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The culture (wage,work environment, hiring, management) is all wrong to attract true talent. I would really have to be hard pressed for work to consider a government job.
Got Code?
Our government needs MASSIVE improvements in their computer security. But the requirements of the government (get it secure now) are the opposite of the requirements of business (keep it just sucky enough to be able to sell the next version).
And with that situation, no matter how many smart people you have working in government, there will always be more work than they can do. Which leads to hiring people who are less smart. And just about anyone in IT can tell you what happens when you put less skilled people in charge of a system.
'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,'
All we have are a bunch of morons here.
More than 850,000 people in the US hold Top Secret clearance. There are a lot of "sufficiently bright" technologists at NSA, CIA, DOD, etc and their contractors. Perhaps the issue is more one of priority than spending?
Obi-Wan: "I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were sudden
Go look for the idiot that started the Hacker's Crackdown in th 90's. The result of this attitude was to either push some kids to the edge where the russian mob recruited them in on form or another, or plain make them corpodrones, albeit very good at typing crap into a cisco console, but perfectly worthless in the underlining of the net.
Bravo, idiots, might I remind you that here in the net, we forsaw and told you about this. And now you come complainin....
NO SIG
if (ugly or terrorist or other_party or undesireable)
then (set off required little bomb in computer)
endif
you're welcome. the definitions table is up to you.
if this is supposed to be a new economy, how come they still want my old fashioned money?
So I guess its not traditional employment because its an offer the hacker cannot refuse.
For me, in both FF and IE, the tag interface is simply static, I can't even try to add a tag. If I log out and clear my cookies (on either browser) the interface starts working again, and I can even post a tag if I carefully use the interface to add a tag and *then* log in as it prompts me to do so... and it will become a tag that appears on the main page.
I have to think this is some sort of poorly implemented tag-ban, as I used to be able to (and did) tag stories up until a few months ago.
Anyone who has ever worked in government IT knows that it is the last place for a competent person. The average bureaucrat considers IT to be one of the easiest ways to launder kickbacks for party supporters. Competence ONLY gets in the way. Worse, they'll even try to get you to make that slop work. Fall on your swords now, "cyberwarriors". (snort!)
Could it be because they're recruiting from the wrong place?
All the keyboard warriors seem to have moved to the YouTube comments section. If they're still recruiting Internet hardmen from Usenet then they'll not be getting the best.
I work for a local government agency and have over 20 years experience in IT, with almost 10 in security. Due to a "small world" situation, my name came across the desk of someone at the FBI. I was informally asked what level of interest I would have working for them. I asked the guy several questions and came away with the following: Take a substantial pay cut, move my family over 400 miles away from most of our relatives, forfeit the retirement at my current employer, go through the FBI academy (no desire to go through another boot camp at my age). About the only upshot to the whole thing would be some good training. I'm sure there are jobs with other federal agencies, but I imagine that except for the academy, all of the other negatives apply. The thing that got me about this is that my skills are nowhere in the ballpark of what I imagine should be the skillset for this type of job. Maybe they're targeting people that they feel can be groomed into the position, but it seems to me that if they're going to take the issue seriously, they would be going for some top dogs and offering some real incentives to those people.
necessary to do battle against would-be adversaries. The protection of US computer systems essentially requires an army of cyberwarriors
Who is the enemy? If you think its a nebulous "them", then you're wrong, its us.
"security" where I work is primarily focused on giving as many employees parking tickets as possible, monitoring our every move (although car breakins are of course not monitored), protecting the company from downsized employees, and generally being bullies.
I can assure you that "leet cyberwarriors" are not going to be used against enemy nation of the week, but against Americans. Against people with the mistaken idea they live in a free country. Against anyone standing in the way of the big corporations that pay for our elections. Against anyone whom does not understand they exist to serve the govt, not the other way around.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Hackers, in general, tend to detest interference and authority. Hard to think of hackers in a top secret Government agency taking orders and working 9AM to 5PM, in an extremely straitjacketed environment. More importantly, I'm guessing the wages wouldn't be great
The economy as it is right now has plenty of talented individuals just waiting to get hired. Theres 10% unemployment so there is no shortage of the labor force, as for qualifications these are skills which aren't learned in school so the government must already know who does what, they have enough fbi informants and others who gather information on anybody with any shred of credibility as far as computer skills go.
So either they people they want to hire would rather remain unemployed than work for them (which means the job must suck and not pay well), or they are using this shortage as an excuse to raise the pay rates. The fact is theres plenty of people from the dot com bubble or from before that, who would be qualified to do most of this. Most of the people on slashdot have the skills to do the job, now the security clearance on the other hand thats where there will be shortages of qualified individuals.
General Turgidson: "Mister President! We must not allow... a NERD gap!"
Put in the right tag, and ! the wrong one. I'm so confused on how the tag system operates I rarely use it, and yeah sometimes I can't tag stuff either. Maybe it's a Karma thing?
.... ... }
int main (void) {
Just be ready to take the blame if anything goes wrong. Or get a waiver to protect yourself...
For justice, we must go to Don Corleone
We need a boot camp for this with out the PT / yelling in your face part.
Also open it up to the people who are good with systems but not with dealing with people / PHB BS.
I could have gone into security but whats the point? Working for the government is not an ideal job (see posts about offices like caves and inane security clearance requirements). If you lucky enough to have gotten a job in the security industry instead of the gov't things tend to go like this: Any new exploit you find will either be (a) swept under a rug by the vendor, (b) accepted as an exploit but never patched, or (c) get the researcher sued by the vendor. If by some small chance you end up finding an exploit for a vendor that actually pays for such knowledge, the average is about $500 per exploit I believe. Not really worth a month of my time no matter how you look at it. If we want a security industry, we have to foster a security industry, not try and hide the fact that we need one (as most companies do now).
A CI is as close as a hacker ever will get to working for the government. Nobody volunteers to be a CI so they are forced into it. The option is usually to continue getting raped in prison, or become a CI. The problem is the life of a CI generally sucks.
So no hacker is going to be able to really become a government employee. The hackers broke a federal law and this disqualifies them from ever serving in an official capacity. Why? It's so difficult to get security clearance that felons have no chance.
So the government still has options. They can approach the hackers who never committed a felony. They can approach the ones who were smart enough to never get caught. They can approach individuals who have a lot of experience programming, or doing the type of work they need, or they can just take talented young individuals and train them just like the marine corps and army does.
I think if they are serious they should train the cyber warriors themselves.
If the U.S. government were to offer training and good-paying jobs in "cyber warfare" or whatever they want to call it, I believe there are plenty of people who would rise to the opportunity. Full scholarships, retraining for displaced professionals, that sort of thing. What they seem to expect instead is an unlimited pool of highly skilled, motivated workers all ready to hit the ground running as soon as a job is (eventually) created for them. It doesn't work like that.
When they say "critical shortage of talent," read "critical shortage of people already highly trained yet inexplicably unemployed (or willing to take a massive pay cut to leave private industry for a government job)." In other words, they're basically whining about not wanting to pay enough.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Open it up to Rain Man like people who are good with computers but are pass over for the army over there Autism / other things like it. There are people with stuff like Autism who can do good just as long is there some way to keep the all the non tech work bs way from them.
Every time the Military Industrial Complex (MIC) gets involved, big changes will occur. In this case, if the government/military gets serious about this, it could mean serious changes for the industry. The internet, PCs an other gear have essentially grown up in peace-time. The focus has been on user-friendliness, ease of use, (paying for) upgrades and updates and the like... all very consumer oriented and "defective by design" keeps people buying more and more. It's a great model for consumerism, but not great for the military/government.
And if they are to get serious, we will see a better Windows (because let's face it, Microsoft WILL change if they want to keep selling to the government) and increased focus on secrecy and privacy in computing/data processing technologies. Undoubtedly, I would also expect to see even more development of Linux as well. (I can't imagine what involvement Apple might have but I presume little to none.)
But one thing is always true -- the military industrial complex creates lots of action and lots of change. The focus will mean improvements of great interest to IT people. Of course, I would also be concerned about any legislative action and change that might come of it as well.
We don't have sufficiently bright people
well DUH, the 'cyber warriors' that the government wants are hard to find. mostly because they are either trained IT security professionals or a kid who figured out how to hack his school to change his grades. the first of the 2 will be easy to get with the increase in IT students. however unlike china, there is sever punishment for committing cyber crimes. china and other countries have the right idea of hiring the hackers instead of locking them away like we used to do
There is almost always a script kiddie in there somewhere. They can take these kids and train them to be cyber warriors. You can take a script kiddie and train them to be an elite hacker. This is probably easier than expecting elite hackers to work for the government which spends all its time trying to arrest them.
It's simple, most of the time if a hacker is bold enough to change their grades they've already broken federal laws. The difference between the script kiddie and the elite hacker is a difference in scope and goals. The elite hacker wants to hack elite entities like big corporations, or very important individuals, while the script kiddie just defaces websites and hacks people over IRC or whatever.
The point is the government has the resources to take every script kiddie in America and train them to be a cyber warrior if it were as necessary as they make it out to be. You don't learn to be a script kiddie in school, you don't learn to be a hacker in school, but if you have the instinct to be either one of these you can be trained to become an elite cyber warrior. It's about finding the people who have the instinct.
...the government can't get qualified applicants. Go to usajobs.gov and search for "computer security specialist." You'll find that many of the job requirements require an existing TS clearance, previous military/DoD experience, a PhD and/or three years of graduate work, and/or less than 24 hours notice for travel, etc. It would appear to me, based upon the results of this unscientific survey, that the job requirements themselves effectively rule out many who would otherwise be qualified.
There are plenty of people who know how is just that the knowledge leads to suspicion by law enforcement and practice of said skills are illegal.
It's the same thing if this guy said, "There aren't enough people who know how to murder and our spy agencies are having a hard time finding assassins! "
RIP America
July 4, 1776 - September 11, 2001
You don't hire them.
You start a project on Sourceforge requesting help.
In fact getting into the military is very difficult right now precisely because there is no shortage of people trying to enlist. So to tell people to enlist or talk to a recruiter is not that simple. Also most hackers probably wear glasses or have other issues which will completely rule them out from the military service. So unless the military somehow makes exceptions, the vast majority of hackers just aren't going to get accepted into the army nevermind the airforce.
USA jobs? That's useless as well. Unless they are lucky enough to come from a military family and be born with top secret clearance, they aren't going to have top secret clearance and without that they wont be hired for the vast majority of jobs at USAjobs. On top of that, veterans have preference at USAjobs so even if the job does not require clearance if someone is a veteran they'll be chosen for the job instead. On top of all of this there is no shortage of people trying to get jjobs on USA jobs. So there is a very slim possibility of getting a job from USA jobs and probably not worth the time of applying unless you want to take a gamble.
I think they moved it to the Firehose so you have to put in a little effort if you want to tag a story (presumably to cut down on tags like cyberwarfareisbullshit)
Uncle Sugar isn't exempt from having to pay for talent, or from having to pay that talent to do work they may not enjoy under conditions of employment they surely won't enjoy.
Want badazz hackers? Cough up enough money to get their attention.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
apple lock down is greed and the fcc wants to open it up.
Just think how fast the FTC smack down M$ if they tried to lock down windows in that way.
How about making better software that is where the big holes are.
Super locked work sometimes but for all.
Even if a super locked down os what is the point if the app is easy to hack on it's own.
Not putting it on the network does not work that well when you need to talk to other systems.
Why can't we have more of the hard to hack cable and sat systems!
People who are typically drawn to computers are often not very good canidates for the military lifestyle. And to become good at Securing systems or hacking them.. you need be breath, eat and sleep computers (especially hacking them).
Hacking skills are not taught in schools and working for the goverment pays c@rp.. why would someone who spent years developing highly saught after skills work for the latest cyberwarfare agency when they could make big bucks in the private sector.
There are plenty of highly skilled security folks out there "Defend the nation" to. I dont see any real recruitment efforts going on that are worth while.
The government does have the advantage of a weak economy. This means that the vast majority of hackers you mention will be unemployed. No the private sector is not hiring hackers because the private sector is looking for people with relevant work experience, not just skill and talent.
And you are right there are no recruitment efforts at all. That is probably the main reason they cannot find anyone. If they go to IRC they'd probably find some people, theres chatrooms they could go to if they want to recruit people. It's not difficult to find script kiddies, they are literally everywhere.
Are they going to be a world class hacker? Probably not, but thats because being a world class hacker leads to a prison cell. This is why even when people have the talent to be world class hackers, they don't actually want to become world class hackers. The US government in my opinion will have no problem finding individuals who have the technical skill to be cyber warriors, as thats not going to be difficult to find. What will be difficult to find is people who can handle the top secret security clearance.
As far as the job goes, it's probably stuff an ordinary script kiddie can do, and if the script kiddie can't do it they can be trained by experienced cyber warriors in how to do it. I don't see it as a big deal finding people unless there is some political concern. And I'm not buying the idea that there aren't enough bright people on the internet, as that assumption isn't based on reality.
spend the last couple decades solving all technological security issues by branding hackers as criminals. Furnish them with outrageous civil and criminal penalties. Then you wonder why there isn't a ready supply of "sufficiently bright" individuals to lock down systems. They've been telling you all along these systems are unsafe and wide open to attack. They even provide you with step by step directions of how they can be exploited so that it can be fixed. How do you reward them? You throw them in jail! Well played sir.
Two of my imaginary friends reproduced once
If they actually had a cyber warrior bootcamp where they take a script kiddie and train them to be a cyber warrior, they'd probably have hundreds of thousands of people sign up. The reason they can't find anyone might be because they aren't actively recruiting.
You know how Teh Eevil Terrarists were going to crash every aircraft in the world into New York, but the gov spent $90 gazillion on Homeland Security and prevented it?
And how Evil Sadam Husane was going to obliterate the west with his Nucular warheads, but the gov spent $90 gazillion on some wars and prevented it?
Maybe, just maybe, if Teh CybarWar Dept was to pay its warriors at a higher rate than bankers and lawyers get, smart people would be clamouring to demonstrate their skillz ( in cybercombat against the existing warriors for control of mock-up systems ) and get a job. And it might cost less than $90 gazillion.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
The problem is that real security work doesn't pay the bills. Oh sure, you can make tons of money as a pen tester. But how many people make more than a pittance looking for new security vulnerabilities in the legitimate market? Not enough to justify specializing in it. I could have gone into security -- I enjoyed writing the occasional buffer overflow attack in high school -- but the only people willing to pay you to do this for a living are also the people that are willing to kill you and your family if you screw up.
I won't repeat myself on this:
http://slashdot.org/firehose.pl?op=view&id=14443498
I'll just point out that the sensationalist version of this got posted to /.
And that if you think you can do a better job than they can, here's your chance.
There are lots of us.
Unfortunately for them, any (icky term) "Cyber warrior" who isn't a masochist or mentally defective is not on the government's side. A few kids trying to legitimize their egos occasionally try to get some validation there but most of them are script kiddies.
The spit shined, brush cut types the military loves tend not to be able to think laterally which is cripling for this kind of work.
This story is the biggest bunch of BS.
I listened to this story on NPR. Instead of actually relying on hard data, the reporter simply found someone who estimated there are only 1,000 qualified "cyber" professionals in the US. The source presented no hard data, just a gut feel that there aren't enough people. This figure is about as well-sourced as the claim (often repeated) that the underground malware economy is bigger than the market for illegal drugs.
Meanwhile, instead of calling outside the beltway, NPR also called up Alan Paller, the head of the SANS Institute, who parroted the same line. How Paller can say that there are less than 1,000 qualified security professionals with a straight face is beyond me. SANS claims to have trained over 150,000 people. Does that mean that 99% of their "graduates" are therefore unqualified?
The worst part about this is that NPR did not even bother to disclose Paller's blatant conflict of interest. Contrary to popular belief, SANS is NOT a non-profit. It's in business to make a buck. I can't think of a better way to plump up the attendance rolls than to manufacture scare stories about "shortages" of professionals.
I've got no real issues with Paller other than the fact that he's just another garden-variety huckster. I've got a bigger problem with NPR, who was just plain sloppy.
I think they moved it to the Firehose so you have to put in a little effort if you want to tag a story (presumably to cut down on tags like cyberwarfareisbullshit)
Then why leave a non-functional tagging mechanism in place for non-Firehose stories? It's either incompetent or deceptive. One way or another, something here doesn't add up.
Besides which, if cyberwarfare is bullshit then there is nothing wrong with saying so.
It is a miracle that curiosity survives formal education. - Einstein
Put in the right tag, and ! the wrong one. I'm so confused on how the tag system operates I rarely use it, and yeah sometimes I can't tag stuff either. Maybe it's a Karma thing?
Mine is capped at "Excellent" and has been for a long time now. It's not karma-related.
It is a miracle that curiosity survives formal education. - Einstein
I don't believe we need more "cyberwarriors" for a "cyberwar" with "cyberterrorists", but on the whole we certainly could use more in the way of competent, every day users who won't install every bit of shit on their computer because they're aware of the risks and who can independently reinstall their OS if they get compromised.
The harm isn't in people not knowing how to "cyberfight", it's not understanding the value of "cyberdefense". It is all the compromised home computers and small business servers that create weapons that can hurt our ability to communicate and look at porn.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
1999 I think it was.. That was the last time I went to Defcon, and there were tons of Feds giving speeches about how much they needed good hackers.
and people are willing to trust them with their life savings, why can't the government get it done. What's the difference between protecting a financial transaction and a national security secret?
Furthermore, why not just hire Bruce Schneier!!!
You know, as a U.S. citizen with a data systems security background, university degrees, CISSP, etc., I would happily apply for work with the U.S. government.
However, every position I've discovered requires an existing security clearance, something you cannot just go out and get, at any price.
They need to attach a cool sounding 3 letter acronym. FBI, CIA, CID (not USA), etc... sounds cool. The latest acronyms the white house have been coming up with just suck.
I have been in IT for 30 years. I started in the USAF, and went on to work for defense contractors. Have held several clearances, including top secret. Have degrees in math and comp sci. I am presently long term unemployed.
It seems to me that these "desperate shortage" articles come out routinely. No matter how many major IT layoffs, or how many CS grads can not find a job, or how depressed wages are for IT pros.
Why are these articles never specific? Exactly what skills do they need that they find so hard to fill? Exactly what credentials are they looking for: BSCS, PhD, CISSP, CCIE, or what?
Why do these articles seem to reek of corporate/government propaganda?
They ought to advertise the way the military does..make it all glam and junk. "I'm Dale and I'm a Cyber Warrior..hiyaaa!" smash some foreign guys computer to bits. Fox would be all over that.
Good IT guys don't want to go through the nonsense associated with these positions. They can get jobs with private industry that don't have the headaches. I live in the Washington area and there are plenty of IT jobs here. You just have to have a TS/SCI or plan to get one. I'm much happier not having the FBI asking my neighbors questions and crap like that.
I'm the trouble starter, frakkin' instigator
I'm DRM restricted, license terms dictated
I'm a cyberwarrior, terrific cyberwarrior
You're the cyberwarrior, twisted cyberwarrior
I'm a cyberwarrior, terrific cyberwarrior
I'm the noob you hated, ego over-inflated
Yeah. I'm the brain you wasted, drag dropped and copy pasted
I'm a cyberwarrior, terrific cyberwarrior
You're the cyberwarrior, twisted cyberwarrior
I'm what you disgusted, kind vindicator
Yeah. I'm work inundated, twisted code creator
I'm a cyberwarrior, terrific cyberwarrior
You're the cyberwarrior, twisted cyberwarrior
I'm a cyberwarrior, terrific cyberwarrior... warrior... warrior... Warrior...
Surely you meant: "break into usajobs.gov and put an interview in the recruiters diary" ?
As an infosec professional, why in the hell would I ever want to work for the feds? The amount of regulations, bureaucratic requirements and searches of my asshole makes me run the other way. Not to mention the pay is not that great to begin with, as I would have to take a paycut to move into the government sector.
The last thing: stop calling it a fucking cyber war!!!
Maybe the govt stiffs are watching too much '24' and are looking for those non-existent skills.
They typical run these propaganda campaigns about every six months.
http://www.fiercegovernmentit.com/story/u-s-faces-shortage-cybersecurity-workers/2009-12-23
Screaming and crying about desperate shortages is just a routine part of business. It keeps the poor saps studying for a career they will probably never get. It keeps the markets nice and glutted.
IMO: what really gives this away as propaganda, is the lack of specificity. They will never tell you exactly what credentials are supposedly in such short supply.
There is no shortage, geeks love security issues, they're just not paying them enough. In fact, we might have more people going into security if they'd ignored kids that got their hands dirty in the 80s and 90s, but there are still oodls of people loving the field. You know, all those black hats would happily take an NSA jobs if the salary was high enough, but we're talking like 250k, not the 100k paid by the NSA.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
An italian friend of mine was hired by a French defense contractor as basically a highly paid concierge for dictators who came to buy weapons, not exactly a deep job, but it required a French security clearance. He's not French, but he's an EU citizen, fair enough.
In fact, he only got the job because his idiot boss wanted to hire a Chinese girl. I shit you not, the idiot boss lady wanted to give a French security clearance to a Chinese national. Not even a dual citizen who spoke French as well as Chinese, but an honest to god Chinese national.
Of course, the French government said no dice, and my Italian friend got the job. Guess what? bitch fired him after a while, she then tried another Chinese national. Not sure how that panned out.
To me, you're "modest proposal" fails for being way too close to the truth.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
It's there, just a little broken. Inspect Element, change the input's style from display:none to display:block, and then you can enter a tag and submit it, and it does seem to go through. If it's a ban, then the server would be ignoring/rejecting the request and not even putting the input element on the page in the first place; it's obviously intended to work and let people tag. My guess is that it's just some bug in the javascript that gets run when you click the little triangle icon.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Ok, let me preface this by saying that I am a military man, and somewhat skilled in IT and computer systems. So I have something of a unique perspective on this debate. The problem is that information warfare goes beyond simply trying to secure your site/server against remote attacks. You can have the greatest armor in the world and someone will eventually breach it. True cyberwarfare involves both defense and offense, just like traditional warfare. The offensive portion is essentially black hat cracking. The problem is is that in this country, we've marginalized even the white and grey hats to such an extent that their natural distrust of authority and independent streaks are intensified to an even more ridiculous extent. Especially with the current trend of DRM and locked systems with corporations trying to sue you or throw you in jail when you actually do manage to take them apart to see how they tick. That either drives a young hacker to back off and do what he's told, in which case he loses the necessary mindset for cracking, or to give them the middle finger and try to skirt the laws and stay hidden. But this also drives them into a "you can't tell me what to do" mindset. The problem is that to someone like that, the military is the absolute last place they want to be. And, unlike your typical street thug who wants out of the life and the military becomes their last chance, the typical cyberthug has lots of legitimately marketable job skills. Therefore, they can chose to go the civilian route while doing their hobby on the side.
Also, the military, even today, is a very "Jock-centric" culture, for lack of a better word. Doesn't matter how good you can do your job, if you can't do X number of pushups in Y number of minutes, you'll never get promoted or even be able to re-enlist. Very often PT failures are even subjected to disciplinary action. While this might be fine for an infantry unit, it also serves to drive away the people who are more concerned about how a new OS is put together than how much they can bench. And even within the military, people in non-combat units are often looked down upon as not being "real soldiers." Basically, until the military mindset is adapted to foster a more geek-friendly culture, the people we truly need on the digital front lines will never be there.
I've been told by some coworkers about a cyber-warfare reservist program in SE San Antonio, but I figure I'd be under the boot of the US government in terms of monitoring what I do online for the rest of my life, so no thank you.
Some people are willing to give up all privacy for God and country. Not me.
"Cyberwarrior"?
Really?
I'm currently in a computer science undergrad program. While my university offers many different tracks to focus on(AI, OS, networking, etc) there is no security/reverse engineering track. There really aren't that many security courses either. The first thing is universities have to start offering more courses on security. This should get more people interested as well as more skilled people in the field. I did have a friend who applied to become one of the governments cyberwariors. He passed everything with flying colors but didn't get the job. Why? He admitted that he downloaded music. The kind of people they want for being a cyberwarrior are the kind of people that will download music, movies, games, break DRM, and possibly even break into a system or two. Thats how they gained the knowledge the government wants. But doing any of those disqualifies you from the job. The government needs to realize this and allow people who have done these things in.
apple might be easy to use and have a cool image but without all the teenagers deleting comand com by mistake; mucking around with open source; and writing some code. no one will get any experience, but they will be really good at that game where you pop the virtual bubble wrap.
Rocket Surgeon.
Perhaps they are just interested in the applicants ...but not for the purpose of actually hiring them.
-- Terry
Boot camp is what the problem is you think you can just grab a bunch of people of the street put them in basic training for six months, then set them lose inside china's firewall. You need thousands of hours of practice hopefully with a young developing mind, preferably something they did most of on there own time. but in this age of kids raised on iphones no one is fixing there computer; or screwing around trying to get a game to work in dos; and most of a computer programming courses is about making it look pretty.
Rocket Surgeon.
Unemployed security specialist here...
The requirements are just too high. How the fuck is your average joe supposed to get a top secret clearance in a timely manor? The people who are seriously good at this stuff aren't IT professionals with years of experience, they're unemployed nerds.
There are plenty of bright, intelligent and hardworking people already in this field, and others trying to move into it. The problems are two-fold: the people who want in but aren't already are stifled by egos of the current batch of professionals and lack openly available tools, materials and jobs to be able to transition readily, and, the people who are already in don't want to work directly for the Federal government for any number of reasons, both good and bad, real and imagined. Personally, while the cybersecurity of my nation is indeed very important to me, I have yet to feel compelled to go work for that gigantic bureaucratic nightmare and potentially sign away who knows what rights as a government employee in such a sensitive sector. My suggestion: continue to screen and vet candidates as normal (or even better, step up the screening process) and farm the work out to private companies.
"Inveniemus Viam Aut Faciemus" 'We will find a way... Or we will make one!' --Hannibal of Carthage
Besides which, if cyberwarfare is bullshit then there is nothing wrong with saying so.
Whether or not I agree with you (I do) I feel that tags are not the place to state that. Tags are for organization. This, right here, like you just did - is the correct place to state your opinion.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
I put together this Knol on the general issues you raise about the declining value of human labor:
http://knol.google.com/k/paul-d-fernhout/beyond-a-jobless-recovery/
"This article explores the issue of a "Jobless Recovery" mainly from a heterodox economic perspective. It emphasizes the implications of ideas by Marshall Brain and others that improvements in robotics, automation, design, and voluntary social networks are fundamentally changing the structure of the economic landscape. It outlines towards the end four major alternatives to mainstream economic practice (a basic income, a gift economy, stronger local subsistence economies, and resource-based planning). These alternatives could be used in combination to address what, even as far back as 1964, has been described as a breaking "income-through-jobs link". This link between jobs and income is breaking because of the declining value of most paid human labor relative to capital investments in automation and better design. Or, as is now the case, the value of paid human labor like at some newspapers or universities is also declining relative to the output of voluntary social networks such as for digital content production (like represented by this document). It is suggested that we will need to fundamentally reevaluate our economic theories and practices to adjust to these new realities emerging from exponential trends in technology and society."
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Everyone is focusing on government crackdown on hackers...but no one is focusing on standard reasons -- like how does government pay compare to what the person might earn in the private sector?
Ok, now ask -- how much has the government done to cultivate love for country in the past quarter century?
How about patriotism? No...paying people to snitch on their neighbors is not considered something that builds loyalty to country.
Ok...now put the pay item into perspective....
What are the pay and job prospects for software types, in general in the US -- compared to say, 15 years ago?
Add all that up...ignore the curiosity=jail trip...
standard job market indicators would tend to say this type of job isn't going to be a big attractor these days...
Now add the curiosity=jail nonsense and get tough on US-citizens/war on US citizens rhetoric that is so popular with the conservatives that have been in power for most of the past 30 years (the Reagan generation, 1980 and beyond).
The dominant paradigm is to keep voters and consumers stupid. Education is *bad* -- since percentage wise, the more educated people are, the more likely they are to have liberal or progressive views. Not a bright prospect for American future -- at least not for the majority -- for those who run the big Corps, the landscape looks brighter and brighter...
I doubt I'll live long enough to see the worst of it, or a turnaround...
I'm sorry, but that's just utter bullshit. You don't secure IT systems by joining an "cyberarmy" you secure them by building them correctly. Thus everyone knowing about computer security and joining such a "cyberarmy" instead of just going out to build correct systems or teach people about security actually makes the systems less secure.
It's like drafting all the good builders. Eventually we're left with all the bad ones and the standards of building will deteriorate.
And don't ask or you'll get an electronic fly up your nose. Seriously, how will you incentivize a dead end job for a bunch of trebuchet-hurling libertarians who appreciate ANYBODY'S code as much as or better than their own? The two worlds are immiscible. And I suspect the perceived problem exists only on the side that salutes small bits of brass. Frankly, it's been obvious for at least forty years that Bletchley Park was a British psychological warfare op, and that Turing was sacrificed to reinforce the appearance of competence in an area of contrary-to-fact depressing limits which Turing knew better than anyone.
Perhaps the obvious was not lost on a few nerds, hackers, crackers, black hats and Belgian and Israeli mathematicians who also realized they could spin better "uncrackable codes" in their sleep, and tended to regard ALL governments as the proverbial Ted and Alice. It would be fun just to know (not necessarily to read, but just to know) the white paper on this subject has been written and flushed by interdepartmental rivalries twice already.
Grikdog's Law: Never delegate a job you can't do yourself.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
Step 1 arrest hackers
Step 2 make them work from jail for peanuts
Step 3 Profit !