Slashdot Mirror
Want a Security Pro? Get Politically Incorrect and Learn Geek Culture
coondoggie writes "While complaints can be heard far and wide that it's hard to find the right IT security experts to defend the nation's cyberspace, the real problem in hiring security professionals is the roadblocks put up by lawyers and human resources personnel and a complete lack of understanding of geek culture, says security consultant Winn Schwartau. Take Janet Napolitano, U.S. secretary of the Department of Homeland Security, who has said the country can't find the right people for network defense. The real problem is a misunderstanding of computer geeks, their personalities, habits and their backgrounds, said Schwartau today during his talk at the Hacker Halted information security conference."
My mother's basement is well defended !!!!!!!
People who accept an 80k for 40k for the govt.
What a waste of time.
And the Catholic Church could prop up its declining clergy membership by recruiting straight from the local sex offender registry.
Seriously, what the fuck? "Legal niceties" is another term for these rules are in place because we don't want to get fucked over again by someone we trusted. They're there for a reason, and actively circumventing them to search for applicants is inviting yourself to get burned. Maybe some of them could be relaxed, sure, like the one-time drug offense bit for security clearances. But just saying "they're narrowing our pool of applicants!"...Shit, Sherlock, that's why they exist!
Everything is better with chainsaws.
You've got to admin it's pretty hard for the government to hire folks who look like they could be the problem or the solution.
Can we get tax write offs for giving you ideas?
think they deserve special treatment and don't have to be clean, social, pleasant, accountable workers.
newsflash: they do.
Corps and Gov are right to want to make more geeks, so they don't have to make do with the half-defective ones.
The Cloud - because you don't care if your apps and data are up in the air.
Your assumption is that the government hires people capable to actually solve the problem. It does, but only in war times. In war times you lose ground when you follow the wrong path. When yo sent the horses against the machine guns. Governments are not interested to actually solve the problem but rather to be in charge of the problem. We know that many security issues could be solved. Simply spent a few millions on security reviews of commonly executed code. and order the companies to provide bug fixes or apply punitive damages, make them partly liable for not fixing security issues.
This isn't even specific to the IT field. This is a problem with every organization that hires people. Unless the organization is too small to have lawyers or human resources.
I haven't met a too many good hackers who haven't, at least at one time, engaged in some drug use -- whether it be smoking weed (usually), tripping on mushrooms/acid, or cocaine etc..it seems to permeate the culture quite a bit.
A couple three-letter agencies once tried to recruit me, but I didn't want to stop going to festivals/parties, smoking pot, etc. It felt like I would have to become a square and this job would be my life, and I'd have to disown much of the culture I was associated with previously. Plus, I thought if I went forward, I'd never get past the polygraph where they ask you tons of questions about drug use, and it would just be a waste of time.
For context, I am an IT professional with a specialization in security and about 20-40% of my workload is security related.
Maybe if drug testing wasn't required, these agencies would get more applicants. But no one wants to piss in a cup on a monthly basis to work at a rate of pay less than they could get at companies that don't drug test.
While not terribly talented and hardly the sort of person likely to hold down a decent paying job (let alone know how to write out a resume or pass an interview) these are the sort of people who find the gaps. Recruiting them to work for you may be iffy. Once they have a paycheck, can afford a sports car, some decent clothes and can afford to go out they slowly cease to be the people you wanted.
Best to just hire them on a per item contract and toss them a burrito now and then.
A feeling of having made the same mistake before: Deja Foobar
This is nothing new to the IT industry in general and has been going on for years. It's only moved to "Security" now because the wave of nerds that 10 years ago were hired for "basic IT" are now sufficiently advanced where connecting a network together is trivial and their knowledge has moved on.
Of the type of non-conformist individual with considerable hacking skills who should be a hiring target.
I think there is a wide skill range when it comes to hiring someone with security expertise than just programming alone. And everyone knows HR can't figure out how to hire a skillful programmer over a random Joe who talks himself up. So what hope does HR in finding a security expert, when there's a lot of bullshitters who claim to be good at security but don't know anything?
I know about encryption, and I've found security flaws in applications such as Adobe's P2P networking, but I wouldn't consider myself a security expert or apply to one of those jobs. Yet, I know a lot more than a great deal of people selling themselves as security experts.
God spoke to me
They need to hire a Relationship Manager.
"Ich bin ein nerd"
Required reading for internet skeptics
Sounds like a way to get some Black Hats working directly for the DOD and Homeland Security. Hiring Black Hats is good only when you know they are a Black Hat, and that usually requires they get arrested first. If they are a sketchy unscroupoulous looking person then stay away. They already have to be on the lookout for the Normal Looking Black Hat Anon that's slipped into the organization they shouldn't be putting people that are clearly a risk in.
It's not that they're the wrong IT Security Experts to defend the nation's cyberspace, it's that they're the wrong people to work for the Bureau or the Agency or DHS or SS. So the problem isn't a lack of people who know their stuff, it's a lack of people who fit the typical "agent" pigeonhole.
I know I'll never work for the Government because I have family in Mexico and I'd rather not have Federal noses up my ass whenever one of my many (many) cousins has a wedding or baptism that I'd like to attend.
Unless the organization is too small to have lawyers or human resources.
And this is why I gave up working for big organisations - I want to spend my time doing a useful job rather than constantly battling against other departments (such as HR) who seem intent on making sure there's as little productivity as possible.
http://blog.nexusuk.org
There are two big barriers for government IT hiring:
Pay scale
The GS payscale doesn't map well to high-end IT skills. So often you end up with the marginally qualified, or those rare individuals who are not only not in it for the money, but somehow find a way to turn down offers every quarter from another round of head-hunters.
Extra scrutiny
The government security and screening process is a lot tougher than many commercial enterprises. It leads to ironic debtor-prison type situations where an otherwise qualified guy about to have his house foreclosed can't get the job because he is a security risk because he needs the money. The government just doesn't want to take the risk he will be try to pay off his bills by selling access to the highest bidder.
One has to wonder why it's so difficult for them to find people vs. other engineering disciplines. I'd suspect that the sort of people that excel at poking and prodding security vulnerabilities take a similar attitude to social rules; i.e. challenging assumptions and testing limits.
First of all, tfa misses it's point completely, but hits on a bigger one. How to tell a crap sec pro from a good one, and at least I believe the answer isn't on paper. HR does background checks on anybody in any dept. , so saying this is discriminant is to generalize the entire work force, same with drug testing. Culturally... well you gotta have somebody that fits in with the team, otherwise you got bigger problems than network security. Most hacker / security types I know of you can't really tell apart from mainstream culture, the same intelligence that lets a sec pro do their work can also be applied to society's norms and standards. The guy who stays up nights and then forgets to shave and shower in the morning isn't an ideal candidate because just like they can't apply themselves to the real world, they probably won't be able to apply business logic to say creating group policy in active directory.
Now here's where it gets really overcast grey, I put DNS on my resume and you put DNS on yours, I understand DNS cache poisoning, you don't, to HR, to even technical non-sec managers, this looks the same, but guess what, you want the guy who understands how DNS applies to security, not networking. How to tell them apart? Very very hard & resource intensive, a test, interview questions, a real-world scenario. HR wouldn't know where to begin. And it's scary to hire a sec pro who doesn't know what they're doing. Security+ is basically networking + some common sense (ex. don't allow anonymous relay on your exchange server), but a dedicated attack hacker will come equipped with knowledge far greater than this, so unless the sec pro actually knows what they're doing, they're useless. Thoughts? Solutions? Ideas?
Private sector pays IT sec folks 6 figures+, last time I googled the salaries of the alphabet boys I wasn't very impressed.
Example: http://www.glassdoor.com/Salary/FBI-Salaries-E24637.htm
Example: http://www.criminaljusticeschoolinfo.com/fbi-agent-salary.html
KERNEL PANIC -SIGFAULT AT ADDRESS #51A54D07
I've had to turn on firewalls and set security policies at several places I worked at. The admins there just didn't seem to care. One guy even turned off all the firewalls and set dictionary passwords on root. After I took over and when I asked him why he disabled them, he said it wasn't necessary. On one system that apparently kept getting hacked, he had to disable direct ssh logins to root. He never completely removed the vestiges of the attack and I saw numerous brute force attempts in the logs. I turned on the firewall and installed fail2ban. I was also able to track down the attack vector to a user who logged in remotely from his laptop during a visit to Europe. Once I had the guy reinstall his laptop and change all his passwords, the attacks diminished.
Especially in small companies, a lot of people became sysadmins because the happened to be the guy that knew some basic tech. They weren't trained as sysadmins, nor were they really technically savvy. They just knew more than their coworkers. There isn't really a sysadmin degree out there. I started out as a programmer porting code between Unix, Windows and PreOSX Macs, but I understood security, even during the dotcom boom.
Network security is a position of trust. There is basically no way around this: implicit in running a network is that you have the tools to see what's on it. Encryption only goes so far in such situations, particularly at agencies tasked, in part, with getting at encrypted data.
This adds up to some employers requiring a greater degree of trust in their employees than is currently the norm. Some geeks, it seems, are unwilling to come to terms with the fact that their life choices may have made them poor security risks in that context. The cases where the risk isn't because of a life choice are sadder, but the risk is just as real, and to ask agencies with bona fide requirements for absolute trust to simply ignore those risks is insane.
This year's Defcon had a HUGE push by Homeland security and the CIA attempting to recruit. It was funny going to watch Bruce Schneier talk and someone told him that and he bascially said "I hope you didn't believe anything they said". They guy from Homeland security seemed like a good guy and was tring to actually hire good people, but my only question to everything he said was "You do realize you work for Janet N.?"
The Federal government has become a joke. If you go out on a limb for them and it becomes slightly inconvient for them they hang you out to dry. You find them doing something wrong and think about whistleblowing, you will be fired and probably sued (see ATF guy who told about Fast and Furious). You interrogate terrorits and you will be threatened with jail (See CIA agents at Gitmo). They have a history of stomping on people who might make them look bad.
No thanks. The Federal government is corrupt beyond fixing. Anyone who goes in to do the right thing will end up being a casuality.
The author obviously doesn't know very much about government security practice, even though their handbook is available online for anybody who can Google.
The assumption that there are no qualified, committed, and skilled professionals in the industry who are not geeks (quasi social outcasts) is totally false. There are a lot of us out there that don't look, smell or act like such employees who are willing and able to do this job. If you show up looking like this stereotype and fail the drug test what do you think HR is going to do? Don't let the door hit you on the way out.
I think the real story *should* be that if you really want a job and you don't like to show up during office hours, dressed for work, with combed hair, demonstrating basic social graces and you refuse to give up illegal drug use, your membership in Anonymous and all the other nasty things "Geek Culture" brings to the table, Just go look someplace else for a job. Somehow, I don't think there are very many private companies who will put up with you as a security professional.
An important point: Except in some relatively minor respects such as slang vocabulary, hackers don't get to be the way they are by imitating each other. Rather, it seems to be the case that the combination of personality traits that makes a hacker so conditions one's outlook on life that one tends to end up being like other hackers whether one wants to or not (much as bizarrely detailed similarities in behavior and preferences are found in genetic twins raised separately).
General Appearance
Intelligent. Scruffy. Intense. Abstracted. Surprisingly for a sedentary profession, more hackers run to skinny than fat; both extremes are more common than elsewhere. Tans are rare.
Dress
Hackers dress for comfort, function, and minimal maintenance hassles rather than for appearance (some, perhaps unfortunately, take this to extremes and neglect personal hygiene). They have a very low tolerance of suits and other ‘business’ attire; in fact, it is not uncommon for hackers to quit a job rather than conform to a dress code. When they are somehow backed into conforming to a dress code, they will find ways to subvert it, for example by wearing absurd novelty ties.
Female hackers almost never wear visible makeup, and many use none at all.
Physical Activity and Sports
Many (perhaps even most) hackers don't follow or do sports at all and are determinedly anti-physical. Among those who do, interest in spectator sports is low to non-existent; sports are something one does, not something one watches on TV.
Further, hackers avoid most team sports like the plague. Video games being a notable exception, both in terms of team play and consideration as a sport... Hacker sports are almost always primarily self-competitive ones involving concentration, stamina, and micromotor skills: martial arts, bicycling, auto racing, kite flying, hiking, rock climbing, aviation, target-shooting, sailing, caving, juggling, skiing, skating, skydiving, scuba diving. Hackers' delight in techno-toys also tends to draw them towards hobbies with nifty complicated equipment that they can tinker with.
The popularity of martial arts in the hacker culture deserves special mention. Many observers have noted it, and the connection has grown noticeably stronger over time. In the 1970s, many hackers admired martial arts disciplines from a distance, sensing a compatible ideal in their exaltation of skill through rigorous self-discipline and concentration.
Today, martial arts seems to have become firmly established as the hacker exercise form of choice, and the martial-arts culture combining skill-centered elitism with a willingness to let anybody join seems a stronger parallel to hacker behavior than ever. Common usages in hacker slang un-ironically analogize programming to kung fu (thus, one hears talk of “code-fu” or in reference to specific skills like “HTML-fu”).
Education
Nearly all hackers past their teens are either college-degreed or self-educated to an equivalent level. The self-taught hacker is often considered (at least by other hackers) to be better-motivated, and may be more respected, than his school-shaped counterpart. Academic areas from which people often gravitate into hackerdom include (besides the obvious computer science and electrical engineering) physics, mathematics, linguistics, and philosophy.
Food
Ethnic. Spicy. Oriental, esp. Chinese and most esp. Szechuan, Hunan, and Mandarin (hackers consider Cantonese vaguely déclassé). Hackers prefer the exotic; for example, the Japanese-food fans among them will eat with gusto such delicacies as fugu (poisonous pufferfish) and whale. Thai food has experienced flurries of popularity. Where available, high-quality Jewish delicatessen food is much esteemed. A visible minority of Southwestern and Pacific Coast hackers prefers Mexican.
For those all-night hacks, pizza and microwaved burritos are big. Interestingly, though the mainst
was confirmation of my opinion that "political correctness" now means "any kind of attitude or phenomenon that I don't like, but I can't be bothered to articulate a proper argument against". A bit like "inappropriate", really.
neve make safe spaces for anyone other than the already powerful
Security operations on a production network is so different from, say, vulnerability research that it's wrong to use the same term to refer to both.
Then you have to specify what kind of trust you're after. There's an sf story where a character muses about a thug "I would trust him with the crown jewels, but not with my daughter".
...had a Top Secret / SCI (secure, compartmentalized information) clearance.
They crawled up his ass with the Hubble telescope, looked for people he knows, then went and crawled up the ass of *those* people to find out who *they* know that might know Manning. They hooked him up to a polygraph. They checked, re-checked, cross-checked and followed every single link, social media page, every parking ticket, every word on his school records.
It takes months to do a SSBI.
And yet, when Manning encountered something that he knew for a confirmed fact that what he was seeing/hearing/reading was against the law, he tried to do the right thing, but got shot down by his chain of command. Feeling as though he had no other choice, he allegedly turned the info over to Wikileaks.
What the heck do you suppose a "geek", someone who by their very nature has issues with authority, probably has personal issues around justice, and has tendencies towards just about every "ism" that your average government puts people on watchlists for, is going to do when they see/hear/read something that they think is wrong????
Nabbing geeks off the street to "hack the planet" is fine and dandy for movies about the end of the world, but it doesn't work so well in real life.
[End Of Line]
The author mentions things like one-time/minor drug use offenses and an unwillingness to kiss ass (btw, the latter isn't something HR can really screen for, and there are plenty of other talented professionals in other sectors who've been unfairly burned for this -- it isn't unique to "geek culture"), but falters when it comes to discussing just what he means by "personality." If what he's speaking to is more tolerance for people who see the world in a different way, he's absolutely got a point, and it's one that applies to far more industries than just security. Lots of good, smart folks suffer career setbacks for *actual* outside-the-box thinking (which needs to be distinguished from in-the-rarely-explored-corner-of-the-box thinking, which is what most employers actually want when they ask for people to think "outside the box"). Lots of industries and jobs require a four-year degree when the value of such a degree is attenuated, at best. Lots of people in all kinds of fields get overlooked just because they don't have that magical four-year degree even when their real-world experience and ability and willingness to learn more than make up for it. IMNSHO, that's a loss to society no matter which sector it affects.
But I worry that his mention of "lawyers" may be code for things like anti-harassment workplace rules. I can get behind saying we should tolerate oddness and even occasional brusqueness in service of higher-quality job performance. But I worry, based on the word choice employed, that it's being implicitly suggested that entire swaths of the population are worth counting out for a marginal increase in security. "Geek culture" broadly has been criticized, and in my view often rightly so, for an apparent tendency towards unpalatable points of view vis-a-vis the GLBTQ community, women, racial minorities, religious minorities, etc. In my experience, this is less a case of anonymity revealing what we don't want to see (that explains trolling and maybe a little bit more, but not everything) and more a case of arrested adolescence. As someone who was a bit of an ostracized nerd as a kid, I sincerely do empathize with the tendency to want to crawl into a hole and say "fuck you, world" as a response to unkindness. But there comes a time when no amount of talent makes up for a willful refusal to function in a diverse society. It's one thing to ask coworkers to shrug their shoulders that some of the security guys don't do small talk; it's entirely another to ask them to look the other way when their company's security system is run by a literal neo-Nazi.
It may very well be that the author didn't mean that all boundaries should be done away with. But the article is far from clear on that point.
...of security clearances and credit checks and background checks and peeing in cups, although that's a big part of it (official DoD policy is that any marijuana use is a "serious mental disorder.")
The other aspect is that they don't really want their security fixed. They don't want to be told that "TBD" on a security plan isn't acceptable.
I'm an electrical engineer and everyone knows I don't like niggers, jews, commies, etc. and for damn good reason. Unlike you I'm not afraid to tell it like it is.
Hackers don't want to work for the man.
For the House of Representatives we should probably draft them, like the Army used to. Walk out to the mail box, open the letter from the gov't, ... damn I have to report to Congress for two years. That way we get a broader sampling of perspectives and experiences. The type of people we want probably would not apply for the job (volunteer). :-)
The first Boy Scout who develops "elite hacker skills" and is willing to spell it that way gets the job.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
This isn't just government. People who run businesses and make hiring decisions have all kinds of weird ideas and hangups about what makes a good employee. You are considered not good employee material if you've been out of work for more than 6 months, or your age, appearance, or dress doesn't conform to their startlingly narrow standards, or your attitude isn't just so, or your credit rating is too low or perhaps too high which means you might be able to walk out on them without losing your car and house, and more. The experience and currently employed catch-22 seems especially unfair. Can't get experience without a job, and can't get a job without experience. They also want to know if you have children and how old they are, so they can discriminate against women with young children, and for men with young children as long as the men are married not divorced. They want the very hardest driven workers they can find, the sort of persons who can be persuaded or bullied into working extreme hours, figuring that counts for more than ability. A candidate who seems a little desperate may have better chances. There's still racism, sexism, and anti-intellectualism. It always amazes me the way educational accomplishments are often dismissed out of hand or even held up as a negative. There's a great amount of subjectivity injected into these decisions.
As if applying bad criteria to hiring decisions isn't enough, there's also favoritism and gaming of employment. Too often they don't even try to hire whoever is best according to the pseudo rational criteria they love so. Or there isn't even an opening, they're just going through the motions to cover something or harvest resumes.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
The whole clearance process is not in place to find out if you smoked weed in college. It's in place to find out whether you have questionable loyalty or have susceptibility to coercion. Then, if you are deemed an acceptable risk, you sign agreement that any disclosure that you make can/will lead to prosecution up to and including capital punishment. I won't get into how things are classified, but the level of classification has to do with whether people will die or critical technology will be comprimised or not by it's disclosure. For example, Bradley Manning disclosed Secret level information. The network that he harvested information from was only approved for information at the Secret level. Embarrassing...yes, costly...yes, but no one will die from it. If he disclosed Top Secret, he'd likely be on death row at Leavenworth.
The process is there for a reason. It is enough of a barrier that people who are obvious risks, either by financial or nationality issues, are weeded out. Then, if you are granted access, you have a duty to protect that information. That means limiting your exposure by not traveling to foreign countries (unless approved), not doing anything that you can be blackmailed for, not letting people know that you have a clearance (regardless of the level of access), and definitely not talking about ANYTHING on Slashdot.
So we can keep talking about how the socially-retarded IT professionals that are somehow mis-understood, but are somehow an untapped national asset. Or we can recognize how incredibly important it is to limit our country's risk to unintended disclosure of valuable information that people could die over, by making sure that we've done everything we can to ensure that those who have access to it have been vetted.
Or...we could let the the guys with the bad social skills, bad criminal history, financial issues, and caked on Cheeto dust embedded in their keyboards and genitals, whine their way into a position of national trust.
The paranoid nutcases that determine whether, or not, someone is a "security risk" have no clue how to determine that (how many spies have been publicly exposed within the CIA, etc. ?). They fall back on "I'm a good security risk, if I do say so myself, so people like me must also be potentially good security risks.", and, therefore, everyone "not like me" is a bad security risk.
The primary "like me" criterion is the willingness to have your entire life exposed to your bosses and other, less visible, auditors. While the TSA perverts have been getting a lot of people used to being in public scrutiny, right down to detailed images of their genitals, the number of people who can think "sneaky" (in order to foil those who really are sneaks) AND are willing to "bare it all" is, apparently, not that high.
Was using the government as a benchmark for anything. Government IT contracts are obscenely bloated with regulatory compliance requirements and perilously thin on security. There's difference between the two.
Government contracts stress first and foremost adherence to standards like COBIT and NIST because....well just because. Then the regulatory monkeys fly in and tell you about the 40 different regs you have to be audited to. And all of a sudden you've torn out your whole storage farm and replaced it with devices that encrypt at the disk level because that's what they demand even though their view of the reg is complete horseshit. So you got them to plunk down another $20 million in 'secure hardware' which is great for the vendor but pointless. Because they don't have a requirement in their bible of standards to implement URL filtering, NIDS or zoned off VPN crossbars. So 'security' is bullshit. But you passed the audits. Which is all they care about.
The problem Napolitano and the spooks have is not a lack of technologists to solve problems, it's that these organizations can't take compliant, groupish, middling people and train them effectively to solve new problems. They don't need the problem solved.
The modern office, especially in huge orgs like govt, has essentially metastasized into a malignant political blender that is incapable of producing anything new. They do not make or create, they review and approve things that reinforce their bloated departments.
Geeks are screened out because we do not support organizations, we are individualistic problem solvers. The corporate mentality is that no problem is bigger than a political problem, and so they can live with getting 0wned three ways from Sunday so long as nobody disrupts their fantasy of local cohesion.
I say screw'em. Western companies getting 0wned doesn't affect whether geeks can make a living.
So long and thanks for all the fish.
See subject-line above...
* :)
APK
P.S.=> It matters!
... apk
Nobody wants you or your shitty, buggy, ancient software. Now shutup and cash your welfare check.
And so are you, and oh -- by the way -- your keyboard-'R' is unreliable.
...that are mentally 'flexible' enough that they don't think twice about killing another human, then I don't think it's a problem to hire socially malajusted geeks capable of taking out another country's uranium enrichment machinery. Oh oops, sorry. They've already been there, they've already done that.
So what's this article really about? Is someone looking to get hired?
I'm a senior security guy, currently working in the private sector for a "social boom" company you've probably heard of (and probably hate), getting ready to interview for a cooler job at a Fortune 500 you've definitely heard of.
Previous job was on a contract with a TLA, with roughly TS equivalent clearance.
Private sector has FAR sharper (and more sane) people, pays substantially more, grants equity, and only cares about what happens in my personal life if it prevents me from doing work or somehow causes a PR incident. I don't have to report traffic tickets, don't have to worry about losing a clearance due to financial problems (this was a big concern for several financially overextended people at my last job during the '08 crash), don't have to worry about telling people where I work or what I do, and drug testing isn't a thing.
Oh, and the office I work in now has windows and no combo locks on the doors. Sometimes it really is the little things.
The only way I'd even consider going back to a "cleared" job is if there was simply nothing else available. I've turned down so many fed recruiters at conferences.
"Is this a cleared position? Yes? Not interested."
Or maybe it's because no one wants to work under shitty government pay and have to go through millions of layers of red tape when there are thousands of huge companies willing to pay a lot more money without all the bullshit. Not to forget all the layers of management you have to go through each layer blocked by an idiot that's only job has been being in a government managerial position most their life with unquestioned authority. Who wouldn't want to work in such a position where you're often required to change things all for what others around you perceive as an questionable benefit at the expense of how they've always done things.
IT needs trades / tech schools like learning not college that come with big skills gaps.
The real problem is that security-related government jobs require security clearances and lie detector tests that exclude a large portion of geeks, in my opinion. They want to make sure you haven't done a bunch of drugs in the past 7 years, but for most smart geeks, that's the time they usually did their drugs. They need to relax the rules on some drugs if they want more talent.
... is dog-whistle for "I really wish I could get away with being open about my racism/sexism/homophobia/whatever." You should really avoid hiring those people, if that's what you really mean. If you just mean "Yo, we shouldn't knock qualified applicants off the list for a pot bust ten years ago," then maybe you're on to something.
"a misunderstanding of computer geeks, their personalities, habits and their backgrounds"
That sounds like the message in the zoo. They are nocturnal animals...
And working for an institution that fuels itself on groupthink and blind patriotism is a last resort for smart people with personal ethics.
hi all, in my opinion this topic is unvaid. but i thinks it's usefull for me, i like [url=http://taibigone24h.net/]game bigone[/url] and i want to everyone can know it. visit my website and find game you like.http://taigamemobile24h.net/
The government is in a Catch-22 here.
The people that they absolutely will need in these positions (the people who can get into a 'secure' network and run around it like Romper Room and conversely protect it just as well):
A) Have no interest in ever working for Alphabet Soup (social stigma, different priorities, etc).
B) Can make way more money not working for Alphabet Soup, for instance, writing programs for High Frequency Trading.
C) Would never pass the background checks required to work for Alphabet Soup.
So, how do they fill these positions?
They don't. They'll be filled by mediocre "yes men" and the entire shebang remains Swiss Cheese to foreign entities.
USG is running over all civil liberties with their generic argument of "national security". If the same standards as in Nuremburg would be applied to current and former USG members, several of them would have to be hanged.
Yeah, we really, really have to help out these criminals. And we absoultely need to fess up to our petty crimes so that these can be analyzed. Avoid them like the plague. I say, USG will come to your home country and ask you to go into exile if you piss at their feet as I do sometimes. These are powerful scumbags and they despise of the truth. They are so much in the business of lying and deception that they cannot properly secure their own computer systems. Rightfully so. Let the Chinese do a Rectal Analysis of them. They deserve it.
LOL.
https://xkcd.com/303/
"Demands for college degrees and IT certifications and the ability to get IT security clearances should not be a priority in hiring,.. Forget education..." - Schwartau
While we are at it why don't we remove the same criteria from becoming a doctor, lawyer, or engineer. Not a good idea? I didn't think so either.
If you're going to get a Fed security clearance of any kind, you're going to *start* the process by filling out this form (127 pages, although large parts are skipped for most people):
http://www.opm.gov/forms/pdf_fill/sf86.pdf
Just so you know the kinds of questions they start with. It gets more invasive from there. They generally only care about the last 7 years of your life, however.
Oh, and skip to page 96 if you want to get to the "what drugs have you done?" part.
With the first link, the chain is forged.
He didn't write about software. You should learn to read and to stay on topic, troll.
For over a decade now we have been telling people to patch their computers. Is the problem really the professionals or the rules the organization places on us?
If you can't see that the current elite is screwing up big time, if you can't see how the financial "elite" screws up your country, if you can't see that the Jews want America to make war for them, then you are a retard.
The rich, powerful, the church - they are wicked bastards who preach peace but want war. They talk of rule of law when they help themselves to the value YOU created. And they will call you a Nazi if you say the truth. Or a terrorist. Or a KGB agent (that's when you have pissed them royally).
Real security guys see through the bullshit and they will be labelled all of that by the Sheeple. Those who believed all the WMD lies and those who believe "Iran is evil". I will be happy when they blow up jews, because they steal land and kill the landowners just because they can. Now call me a Nazi, ass-kisser.
Exactly, hackers don't have much respect for authority and rules (otherwise they wouldn't be hacking) yet you have a selection process that makes it compulsory. It's like saying i need a car that can drive practically any where, fit 8 men inside, and still be fast, but it's not allowed to be 4wd, bigger than a mini, or use much fuel.
Hackers do have respect for authority and rules. Logic from which computer systems are based on, rules define the language the source code is written in and so on. Also there are rules and order in every community including the hacker community. Not every hacker is an outlaw, a criminal, or a thug. Some hackers follow rules, aren't thugs, and can respect authority. The problem is the average hacker doesn't respect ALL authority. It depends on who is in charge.
And the Catholic Church could prop up its declining clergy membership by recruiting straight from the local sex offender registry.
Seriously, what the fuck? "Legal niceties" is another term for these rules are in place because we don't want to get fucked over again by someone we trusted.
Who fucked them over? Bradley Manning? The Bradley Manning situation happened because they weren't paying attention to him, it's almost like they allowed it to happen.They weren't following their own security protocol, and skipped their own rules and measures in that situation. They let it happen.
That doesn't change the fact that Bradley Manning did what he did, it's simply a matter of making it impossible for anyone to do what he did again and then you don't have to worry about that.
They're there for a reason, and actively circumventing them to search for applicants is inviting yourself to get burned. Maybe some of them could be relaxed, sure, like the one-time drug offense bit for security clearances. But just saying "they're narrowing our pool of applicants!"...Shit, Sherlock, that's why they exist!
They are narrowing the pool of applicants to the point where they are complaining. They don't know what they want or need, they don't seem to know what they are doing, they don't seem to hire people who know what they are doing, and it keeps going into this circle of needing to hire experts but refusing to hire experts who don't fit.
It's not about politics. People will bring up politics, but politics aren't what it's about. If it's about personality traits then they should go for the people who have the traits they want, if they know what those traits are. I don't know much about security clearance but on the drugs, if someone is addicted to drugs (or anything for that matter) it's a lot easier for them to be coerced or bribed.
I have the skills you need; I am the best at what I do, or at least one of the best.
Keep your 'rules' reasonable and offer as much respect as you require; I can easily find a job elsewhere.
I'm not going to put up with bullshit.
I think you got it a bit wrong. To be a good hacker you learn to bend the rules without breaking them. You learn to work the legal system and laws to your advantage. You learn that while computers and operating systems do have rules, those rules can be bent.
That is not the same as breaking the rules. A rule breaker is an outlaw and wont last very long before they break one rule too many. A rule bender is someone who knows how to get things done by knowing how things work so well that they figure out the cheat codes.
CIA has violated basic human rights over and over and you are bitching that one of these bastards has been asked questions. You are basically complaining that your flavour of the KGB does not have 100% Carte Blanche, but just a 99% one.
Wake up from the fecking videos and imagine one of your family being "accidently" being put through that shit. It is a basic piece of wisdom that brutality will come full circle.
I read stuff like this and I find it so frustrating! I work for a small security firm and the only people who apply for the positions are people trying to get out of government work – but they still fit the mold of the man. Give me an ADD geek who suffers from insomnia and is willing to put up with incredibly gross and politically incorrect atmosphere because I don't want to get in trouble for making dead baby jokes with the former gov squad! There’s a huge disconnect here.
They tried to mod ya down to hide your post again APK http://tech.slashdot.org/comments.pl?sid=3217065&cid=41816341