Slashdot Mirror
Dept. of Homeland Security To Build Better Cyber Workforce
coondoggie writes "Secretary of Homeland Security Janet Napolitano today said the agency will form a cybersecurity workforce task group that will consider strategies such as expanding DHS involvement in cyber competitions and university programs, enhancing public-private security partnerships and working with other government agencies to develop a more agile cyber workforce across the federal government. The new task force will be co-chaired by hacking expert Jeff Moss who now works for the Homeland Security Advisory Council and Alan Paller is director of research at the SANS Institute."
Stop calling it "cyber".
-- Waiting in line at the airport terminal
Excuse me, sir.
Your laptop is of considerable interest to us.
-- DHS security walks in and takes the laptop
You wonder how America got to this point.
Well, finally I have an answer when all those pesky non-IT folks ask me what I do:
"I'm developing a more agile cyber workforce."
Delivered with an absolute deadpan face and voice. I will answer any follow up questions with:
"We are currently implementing plans to size the effort."
DHS, eh? Well, does this program make you feel more secure . . . ?
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
'agile' 'cybersecurity'
They need to flesh out these ideas with words like:
"realtime"
"game-changing"
"web 2.0"
"P3"
"next-gen"
"hyper-local"
Sleep your way to a whiter smile...date a dentist!
You know, when politics get involved, it's rarely for the greater good.
There are a lot of good men and women that should be involved that never will, because they'll do the right thing, regardless of political pressure.
MIC being the military-industrial complex, or as I like to call it, the military-industrial-congressional-contractor-prison-surveillance complex. Young people, go get computer science degrees with a specialization in security, so you can either work for the Pentagon or work for contractors working for the Pentagon.
Greenwald:
Don't know what's happening with your computer? Try asking your son...
Heil Department of Homeland Security!
I wunnar if they have certain employees carry devices such as microsd cards in a more creative way. See this post on Tor's Tails distribution forum page:
"can I install tails on usb then carry it in my rectum?"
"i wonder if its portable enough to install tails on usb then slide it into my anus for carrying in my rectum through long road trips and travel flights?"
https://tails.boum.org/forum/can_I_install_tails_on_usb_then_carry_it_in_my_rectum__63__/
The responses are very interesting. Is such a method a more secure way of carrying these tiny storage devices?
...anything it set out to do?
When Bruce Schneier and Eugene Kaspersky sign on, it will be apparent that there
are true experts in the field.
Until then, the US Department of Homeland Security is nothing more than a joke.
They disrupt airline travel, train travel, and now have roving "viper" patrols to
harass motorists. They've done nothing useful in 10 years. That's right, an
entire decade of harassing travelers... with nothing to show for it.
"Well you haven't seen terrorists take over airplanes, so clearly we're effective!"
I haven't seen Santa Claus or Jesus either, so I'm guessing DHS took them out
at the same time as all the terrorists. Either that or the terrorists really used
airplanes as an attack vector 11 years ago and have now MOVED ON.
Do they know anything about "Cyber" security? If so, have they stopped using
Microsoft Windows -- the number one attack vector of computer security problems --
and moved to a secure operating system? No. Are they still using Internet
Explorer -- the most malware open browser -- to view the Internet? Yes. Are they
still sending meeting requests to each other using Outlook -- the most malware-
friendly scheduling tool -- yes.
Until DHS can demonstrate a purpose, reason for existence, an understanding of
technology in general [milimeter wave spectroscopy, let alone Windows], they are
not only the WRONG leader to follow. They are a loud obnoxious neighbor throwing
up in everyone else's back yard.
E
Dismantle the "homeland security" department. Wipe them out as they are useless waste of money.
Step 2 - give the funds to the FBI and CIA, the people that actually have been doing this stuff for far longer and are far better at it.
Step 3 - allow the FBI to shoot any senator that tries to make yet another department for "Security" so he can help his donors businesses.
No the CIA cant shot senators, they are not supposed to work inside the USA.
This is the problem. We used to have a clean division. FBI Inside, CIA outside. that way we don't get Traitorous acts of spying on US citizens by the CIA happening in secret, like we get with the Homeland Security.
But then checks and balances get's in the way of profits and power, and we cant have that.
Do not look at laser with remaining good eye.
Open your wallet even wider!
Rules for new hires ....
I used to work on government contracts where clearance was required and have applied for contract jobs recently. The old guard boss is still there and he is more clueless than ever.
During the interview, it was clear: ....
* Nobody interviewing me was qualified to do that from a technical perspective. They were smart, just not smart about anything related to computers, networking,
* My skill set addressed 3 of their open positions. I'm serious.
* My rate was pretty low, yet the 3 guys kept talking about how expensive I was.
* The clearance from my prior job was 5.1 yrs old - WITH THE SAME COMPANY, just at a different place. The interviewer/manager couldn't be bothered to look up the name of the security officer at the other location.
* After I was deemed to be a perfect fit - aircraft, networking, languages, sys admin - the boss decided to list all the mandatory aspects of the job.
** be on time. Start time for my job was 7am at the latest. I'm serious. 7am **everyday**, regardless of what was happening that day. I understand that 4am was commonly needed - that was the nature of this specific job. Testing new aircraft is an early morning thing.
** Never talk back. He actually said that.
** Lunch was 30 minutes. Ok, this was getting funny.
** No leaving work early - PERIOD. Not even for Dr appointments. If I needed to pick up a sick kid early from school, I could be fired.
This boss seemed to have been from the 50s. I think he worked on an aircraft assembly line, not with "professionals" and he definitely didn't have a clue about IT people.
A week later, I followed up with the interviewer (mainly to be polite) to see where I stood. He hadn't done anything. I'd already decided to take a different position, for a 30% higher rate, which I know now is still cheap. 3 weeks later, he called me back and seemed shocked that I was working somewhere else.
Government hiring managers are clueless. They don't understand the competitive nature of the world and that people have other opportunities - some much more interesting for much more pay without all the hassles from old-style bosses.
I don't want to say that all government bosses are like this, I've worked on other contracts where I was treated with respect, paid fairly, had a great boss - we worked long and hard doing great things for the government - it was good.
I remember going to a recruitment meeting at my college for some 3-letter agencies. After all the hype in the first 10 minutes, they said that if you'd ever used any drugs, including pot, you would not be hired. 50% of the room got up and walked out. I think the other 50% were 80% liars. Personally, I don't want people who have never inhaled making decisions about my life and definitely don't want someone so straight to represent the USA abroad.
Anyway, to be happier at a new job, you'll want to
* get the pay scale early in the process
* get any "work rules" understood
* find out if your actual boss is a prick
Yea, that's not frightening. Not at all.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
...by throwing a bunch of money at SANS. With Mr. Paller's presence on this "task force," I'm guessing this plan will include a contract with SANS for training. DHS will pump a bunch of unqualified and incapable people through the courses so they can show how many certifications they can get. Most will fail the tests, but DHS will cite the training as a success in building Ms. Napolitano's "world-class cybersecurity team - a strong, dependable pipeline for the future."
As much as I dislike the word "cyber" and the overuse of it as a prefix, it's not really "wrong" anymore.
I agree, particularly in the context of US Homeland security we should refer to the new workforce as cybermen: emotionless, de-humanized creatures who have no compassion. Not only will this likely be accurate but it might also stop them using the term 'cyber' for everything.
Ackbar aside, the universities should realize the intent of this program to allow DHS access to university records and data for "security checks"; the data turning-out to be added to DHS all-encompassing databases.
The best thing to do for national security is to immediately de-fund and dissolve the Department of Homeland Security. WTF is a "Homeland" anyway? Is that like a "Fatherland" or "Motherland?" As an American, as one whose ancestors signed the Declaration of Independence and also who got here long, long before, I am deeply offended by and opposed to calling this country anything but "The Land of the Free, and the Home of the Brave."
DHS, and their child agency, TSA, need to clear out their desks immediately and to not let the door hit them on the ass on the way out. They must be not only barred from ever working in government again, but to be stripped of their citizenship and exiled to North Korea, Cuba, or some other sufficiently totalitarian state more predisposed to their dysfunction.
If not us, who? If not now, when?
Cybersecurity has got to be a great job! Why just the other day I submitted a story about how a fellow from the State Department said the cybersecurity "would most assure 30 years of steady, well-paying employment".
What do you say cyber dudes (and dudettes) out there? Are recruiters calling you? Are you getting retention or sign-on bonuses? Is the grass really that green over there?
In April my university's Information Security club held a cyber defense competition geared for high school students. This was funded in full by the government (NSA or the DOD, I don't remember specifically which). Their motive behind it was to get the students interested in info sec so that they'll hopefully have these kids in the workforce later on. It was a lot of fun and our club made up the white and red team. We had a great time and so did the students so I guess it was a success.
"Do they know anything about "Cyber" security? If so, have they stopped using Microsoft Windows -- the number one attack vector of computer security problems -- and moved to a secure operating system? No." - by gavron (1300111) on Thursday June 07, @07:30AM (#40242581)
The ONLY reason Windows gets attacked most is it's used most: Get THAT through your head! How/Why?
Simple: Malware makers are JUST LIKE PICKPOCKETS - they go to where the MOST unsuspected & least "security-saavy" users are, & currently, that Windows (as it dominates the PC desktop + Server spaces by a HUGE margin, around 94% to what? 5% MacOS X & 1% Linux approximately??).
ANDROID, by way of comparison on smartphone computing platforms, also illustrates that VERY SAME THING:
I.E.-> When you're the most used "kingpin" on any computing platform in terms of marketshare & user "mindshare"? You're going to be "targetted for termination"... period.
The MAIN REASON MacOS X &/or Linux are not as attacked is the opposite: NOBODY USES THEM BY COMPARISON, so the "numbers" just aren't there to justify attacking them, vs. Windows... not enough "ROI" possible!
Period, & yes, that IS the "way it works", in reality...
---
" -- the number one attack vector of computer security problems --" - by gavron (1300111) on Thursday June 07, @07:30AM (#40242581)
Sorry, but the #'s are as follows:
---
1.) Maliciously scripted websites (which could affect ANY system that they're geared to attack, not just Windows, which because it's most used they're "customized" for attacking it vs. other options I noted in terms of OS used).
2.) JAVA vulnerabilities (for the same reasons as #1 - it could attack other OS just as easily IF the attack was customized for those other OS's))
3.) Flash & other Adobe products flaws (such as .pdf file scripting attacks - again, for the same reasons as #1 it could attack other OS just as easily IF the attack was customized for those other OS's)
---
* That's REALITY as to where the most threats used to attack PC users come from!
(Additionally - YES, they could be customized to ANY OS but they are not - they are geared to Operating Systems that are MOST USED, not least used, for the reasons noted above earlier here by myself (not enough return-on-investment for efforts expended on malware creation exists on Operating Systems other than Windows on PC's &/or Servers combined...).
Heck - Lastly?
Hey - no doubt ABOUT it: ANDROID proves that last part's assertion easily for me on other computing platforms, albeit in smartphones where it is "top most used" & thus, topmost attacked... Linux based as it is, or not...
APK
P.S.=> Now, can you secure a Windows NT-based OS bearing PC vs. malware? Absolutely!
http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Search&gbv=1&sei=Q_DRT7H1GtTU6QGVkYWmAw
Yes, it actually works & mostly by VERY simple principles of cutting off ANY/ALL "doors" into a PC + patching & security tweaking - but perhaps MOST IMPORTANTLY OF ALL - clueing users into WHERE the threats come from, how to stop them, & educating them...
... apk
They never outline a clear path from University to a job in Cyber Security. All the Cyber Security jobs they talk about expect years of experience, a security clearance, and social connections. Most people will be lucky to have just one of those qualifications.
As far as skills go they can take any college student off the street. As far as experience goes they can find some people who have skills and experience. When they want skills, experience and a security clearance then their list is drastically smaller. When they want all of this and want to pay chump change, then they run into problems.
If their goal is to build a cyber workforce, in my opinion the answer is paid internships. If they offer 10,000 paid internships a year they'll have a skilled workforce in no time. If they want to save money they could even get away with offering it unpaid and in this economy people would still take it.
Of the concept I illustrated here of most used = most attacked on ANY computing platform -> http://it.slashdot.org/comments.pl?sid=2899979&cid=40255631
(Which, from the malware maker/botnet herder's "point-of-view" MAKES TONS OF SENSE... To I.E.-> Expend more efforts where the greatest amount of returns will come from, & that is where the MOST "easy-meat noob" users are to be victimized (the most used OS platforms)).
* You can say what you wish, but it proves my point for me, easily, & with a CONCRETE undeniable example...
APK
P.S.=>
"these problem don't occur in gnu/linux (as opposed to android/linux) for a number of reasons" - by lister king of smeg (2481612) on Friday June 08, @11:51AM (#40258177)
Well, I can say (and show testimonials of it too, not just say it) the SAME about Windows NT-based OS, once "security-hardened" above the DEFAULT configuration (which I've been doing guides online for users since oh, 1997 onwards):
To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:
http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text
& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.
That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...
Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:
---
1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))
---
Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:
---
SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2
"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral
AND
"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" -