As the title generally says, I have had an extremely good experience with the Army and IT. Before you write this off as a "party" line, I honestly couldn't care who reads it, everyone that knows me knows this is how I feel. I started out (and still am) an 11C.. for the non-mil folk out there, I'm an Infantry grunt that knows how to fire a mortar system. But I got a degree in Electrical Engineering before working for the gov. Someone had to pay for it, right? I got into a really cool program in the Guard that lets me do infantry stuff on the weekends and two weeks during the summer (which, btw, is BS.... I get to go to The Sandbox for a year) but get paid as a DoD civilian, GS Scale with incentive pay, 9-5 monday-friday. It's a good chunk of change, only about 10-15K under going rate for a well trained security guru, but the bennies are great. Good insurance, retirement, alternate work schedules, get to pick new projects, involved in funding streams, etc.
My education was a much more professional one... my degree got the whole 74B garbage waived, and I go to some really cool black-hat type hacker schools, SANS training, Cisco schools, etc. I needed to brush up on Perl, so I dug into my budget, asked the boss, he was cool with it and I went. That easy. We have CCIE's, MSCEs, CCNEs, EMC Certified Engys, and even a guy with an Oracle Master's. I make sure I send as many people to training every year as I can, especially to places like D.C., Vegas, San Luis Obispo and make sure they have all the amenities. Makes everyone happy.
As far as the IT environment goes, it's hostile. Period. I'm responsible for the security on over 2400 nodes, and our IT shop is small with assets spread out over an entire state. It's a constant battle, and there are figurative bullets flying at us from every direction. If it's not the latest MS security hole, it's foreign interests trying to hack. But I like this. My job is never boring, and very fluid... in 4 years I haven't done the same thing in two days straight. I've got a decent manager, and everytime we get a new position funded, it gets filled in a matter of days, almost always with a really qualified person in it for the bennies.
IT decisions, on the other hand, are often boneheaded, pushed from the top down by people who don't know what they're doing and lock us into contracts that are inflexible and software or hardware is obsolete by the time we get it. But, that's changing. New purchasing procedures let us choose best value for the buck, not lowest price. So now we buy Dell servers instead of having JoeBob Inc.'s servers shoved down our throats. Requiring EAL Compliance on everything we buy means that we're not going to get stuck with some fly-by-night company's product in a contract, when the company folds before the contract is fulfilled (Gain Systems, anyone?). If the product got EAL conformance, at least the company has enough cashflow to get it evaluated. We have a framework, caled the JTA-A (Joint Tactical Architecture - Army) which we must operate in, but that's a wide boundary and lets me pick some very cool projects at a whim, and start some pilot projects with new technology which get funded if they pan out. Because of our ability to bring in other military personnel as needed, as well as a very defined chain of command, we can and have reacted very quickly to threats in the security arena. For instance, we patched up almost 1500 windows systems for Blaster only three days after the warning came out. September 11 was the biggest trial by fire, we had over $1 mil of working telecom and data equipment with operators at WTC less than three hours after the first strike.
The only real issue I have is the budgeting process. We get X dollars every year allotted to us, which is nowhere near enough to run the shop efficiently, but suddenly in September we get an influx of cashflow in the million dollar range. So you put together quotes for everything that broke during the year, everything that will break, and all new stuff and
SAIC Codejockeys
on
Inside SAIC
·
· Score: 0, Troll
I can sum up every SAIC product, system and design I have ever seen:
1. Buy Cheap Compaq Hardware.
Planned obsolescence after exactly 3 years ensures an ongoing maintenance contract. And passing 110% of the open market price on to your customers helps profitability.
2. Design with Microsoft OSes.
Skim 10% in another two years when MS forces your customer to relicense. Make sure there will be frequent patching of the OS involved.
3. Cob it together.
When one MS box can't do the job, do it with three. Plus 2 more for glue logic (export an Access DB to a flat file that Oracle can read, for instance). Make sure that patching any of the intermediate systems kills the entire data flow.
4. CrapCode.
Write everything in VB. Don't document code. Make sure every piece of code that is not immediately obvious goes into DLLs created by a different team and are not documented. Rely on hardcoded versioning so that an OS patch requires a complete recompilation of the software.
5. CYA.
As soon as a more lucrative contract comes along, spin off a bunch of techs that worked on other projects into a new company or branch and force them to support your crap.
Has anyone else had a better experience with SAIC? They're still developing for Windows NT under our contract, and still have one release to go under NT, due in a year! Mention UNIX and they go into vapor lock.
I just got one of these shiny new babies. Decently fast, really slim and light, and I'm averaging close to 4.5 hours per battery - more if I enable power save features. Works great with RedHat 8.0, and I didn't have to pay the M$ tax. My advice: Configure it on the website, then instead of ordering through the website, call the 1-800 number at the bottom of the page. They recently went through a pissing contest with M$ about not selling machines without an OS preinstalled, so I got mine with DR-DOS installed. All you have to do is ask nicely. I don't think their Linux support is what it once was; but even so, I'm really picky about disk slicing and minimizing installed packages, so the few Dells I got in the past from Dell I reloaded anyway.
There is one answer... the US government has published a civilian version of a process that the DoD has been using for a while. It's called the NIACAP (NSTISSC 1000), here. Simply put: It defines a complete, scaleable, tailorable and relevant process to design, test, certify and maintain a system for use. IF: 1. Good, well informed individuals identify vulnerabilities during system design and testing, 2. The upper management commits to following the maintenance plan, and 3. The priciples of good system design are followed (i.e. KISS, enforcement of least privilege), then many security issues are non-issues. IMHO, one of the most important things in certifying a system for a critical app is to get the underlying SW from a reputable vendor, one who identifies "Day 0" exploits immediately, preferrably one on the Common Criteria List, and offers a modularized package to limit the amount of unused but potentially vulnerable code in the system. No system is going to be immediately perfect now and for its entire lifespan, but follow a good maintenance plan and you may even be able to make a M$ system secure!
Every IT job I have seen (under army, National Guard Bureau, and in critical positions in most states) had a job advertised the monday after a spot was vacated or opened up. Three weeks after that, the announcement closed. Within 8 business days, the person who got the job knew about it, and a week later, started. My process took exactly 4 weeks, from the time the job opened to my first working day.
For all of you out there giving the gov a hard time, you might want to let up. I looked at the schedules posted by opm... I'm coming from a GS-11 position (entry level with a degree) in upstate NY.... In january, I get a $6800 raise. (That includes the 3.7% raise across the board for all federal employees.) Also, as a condition of my 'civilian' job, I am a member of the National Guard, as all these federal employees are ( our official job class is 'Federal Technician'). Include an extra $5000 from that paycheck. That equals out to $53,800 a year, which is about $2000 more than your average CS/CSE degree makes in their first year or two in the area.
On top of that, the benefits rule.... 50% matching for retirement funds, good health insurance, every other monday off.... any training I ask for...
I also work as a federal technician for the US Army. Currently, NT4, HP/UX, AIX, and Solaris are approved for general use... but, the DoD and DoD-CERT (Computer Emergency Response Team) are pushing to certify both SecureBSD and a secure Linux distro. As of now, I have several Linux Boxen running that have been authorized and certified by the DoD to exist on DoD networks. In addition, all of my authorized security tools are written for SunOS and Linux.
As far as the COE is concerned, there are no plans to get off of micro$oft until at least 2005. Current fielding plans for the COE include Win2k starting in march 2001. Don't expect much else; if we couldn't run Micro$oft Office, the government would come to a screeching halt. Remember: Stupid Users.
Carnivore is just another reason to justify my paranoia. Everyone should have email encryption at their fingertips. I really don't care if carnivore intercepts some twofish/serpent/rijndael encrypted traffic, because it would take the FBI three years to decrypt it. How relevant or incriminating could it be then? I pose a different question: How can we force ISP's to participate in augmenting the current net to include Public Key Infrastructure? Why doesn't every email/file transfer program have a PGP-like plugin? Shut down the US Internet, my left butt cheek!
Doesn't really matter what Ridley Scott says, the movie is based on Phillip K. Dick's "Do Androids Dream of Electric Sheep?" and Dick says that Deckard was left as a personal philosophical exercise.
As a loyal Road Runner user, I wish AT&T would have a bigger stake in RR and not have AOL/TW own the whole freakin' thing. It worries me when I start getting emails from AOL that they'll be 'improving' my internet access soon.
Rensselaer Polytechnic has been offering a course in Philosophy of AI with course materials including Blade Runner, Terminator, and the week the Matrix came out, it was added to the course.
Slashdot Mirror
As the title generally says, I have had an extremely good experience with the Army and IT. Before you write this off as a "party" line, I honestly couldn't care who reads it, everyone that knows me knows this is how I feel. I started out (and still am) an 11C.. for the non-mil folk out there, I'm an Infantry grunt that knows how to fire a mortar system. But I got a degree in Electrical Engineering before working for the gov. Someone had to pay for it, right? I got into a really cool program in the Guard that lets me do infantry stuff on the weekends and two weeks during the summer (which, btw, is BS.... I get to go to The Sandbox for a year) but get paid as a DoD civilian, GS Scale with incentive pay, 9-5 monday-friday. It's a good chunk of change, only about 10-15K under going rate for a well trained security guru, but the bennies are great. Good insurance, retirement, alternate work schedules, get to pick new projects, involved in funding streams, etc.
My education was a much more professional one... my degree got the whole 74B garbage waived, and I go to some really cool black-hat type hacker schools, SANS training, Cisco schools, etc. I needed to brush up on Perl, so I dug into my budget, asked the boss, he was cool with it and I went. That easy. We have CCIE's, MSCEs, CCNEs, EMC Certified Engys, and even a guy with an Oracle Master's. I make sure I send as many people to training every year as I can, especially to places like D.C., Vegas, San Luis Obispo and make sure they have all the amenities. Makes everyone happy.
As far as the IT environment goes, it's hostile. Period. I'm responsible for the security on over 2400 nodes, and our IT shop is small with assets spread out over an entire state. It's a constant battle, and there are figurative bullets flying at us from every direction. If it's not the latest MS security hole, it's foreign interests trying to hack. But I like this. My job is never boring, and very fluid... in 4 years I haven't done the same thing in two days straight. I've got a decent manager, and everytime we get a new position funded, it gets filled in a matter of days, almost always with a really qualified person in it for the bennies.
IT decisions, on the other hand, are often boneheaded, pushed from the top down by people who don't know what they're doing and lock us into contracts that are inflexible and software or hardware is obsolete by the time we get it.
But, that's changing. New purchasing procedures let us choose best value for the buck, not lowest price. So now we buy Dell servers instead of having JoeBob Inc.'s servers shoved down our throats. Requiring EAL Compliance on everything we buy means that we're not going to get stuck with some fly-by-night company's product in a contract, when the company folds before the contract is fulfilled (Gain Systems, anyone?). If the product got EAL conformance, at least the company has enough cashflow to get it evaluated. We have a framework, caled the JTA-A (Joint Tactical Architecture - Army) which we must operate in, but that's a wide boundary and lets me pick some very cool projects at a whim, and start some pilot projects with new technology which get funded if they pan out. Because of our ability to bring in other military personnel as needed, as well as a very defined chain of command, we can and have reacted very quickly to threats in the security arena. For instance, we patched up almost 1500 windows systems for Blaster only three days after the warning came out. September 11 was the biggest trial by fire, we had over $1 mil of working telecom and data equipment with operators at WTC less than three hours after the first strike.
The only real issue I have is the budgeting process. We get X dollars every year allotted to us, which is nowhere near enough to run the shop efficiently, but suddenly in September we get an influx of cashflow in the million dollar range. So you put together quotes for everything that broke during the year, everything that will break, and all new stuff and
1. Buy Cheap Compaq Hardware.
- Planned obsolescence after exactly 3 years ensures an ongoing maintenance contract. And passing 110% of the open market price on to your customers helps profitability.
2. Design with Microsoft OSes.- Skim 10% in another two years when MS forces your customer to relicense. Make sure there will be frequent patching of the OS involved.
3. Cob it together.- When one MS box can't do the job, do it with three. Plus 2 more for glue logic (export an Access DB to a flat file that Oracle can read, for instance). Make sure that patching any of the intermediate systems kills the entire data flow.
4. CrapCode.- Write everything in VB. Don't document code. Make sure every piece of code that is not immediately obvious goes into DLLs created by a different team and are not documented. Rely on hardcoded versioning so that an OS patch requires a complete recompilation of the software.
5. CYA.Has anyone else had a better experience with SAIC? They're still developing for Windows NT under our contract, and still have one release to go under NT, due in a year! Mention UNIX and they go into vapor lock.
Well at least they're not Calibre Systems.
I just got one of these shiny new babies. Decently fast, really slim and light, and I'm averaging close to 4.5 hours per battery - more if I enable power save features. Works great with RedHat 8.0, and I didn't have to pay the M$ tax.
My advice: Configure it on the website, then instead of ordering through the website, call the 1-800 number at the bottom of the page. They recently went through a pissing contest with M$ about not selling machines without an OS preinstalled, so I got mine with DR-DOS installed. All you have to do is ask nicely.
I don't think their Linux support is what it once was; but even so, I'm really picky about disk slicing and minimizing installed packages, so the few Dells I got in the past from Dell I reloaded anyway.
There is one answer... the US government has published a civilian version of a process that the DoD has been using for a while. It's called the NIACAP (NSTISSC 1000), here.
Simply put: It defines a complete, scaleable, tailorable and relevant process to design, test, certify and maintain a system for use.
IF: 1. Good, well informed individuals identify vulnerabilities during system design and testing,
2. The upper management commits to following the maintenance plan, and
3. The priciples of good system design are followed (i.e. KISS, enforcement of least privilege), then many security issues are non-issues.
IMHO, one of the most important things in certifying a system for a critical app is to get the underlying SW from a reputable vendor, one who identifies "Day 0" exploits immediately, preferrably one on the Common Criteria List, and offers a modularized package to limit the amount of unused but potentially vulnerable code in the system. No system is going to be immediately perfect now and for its entire lifespan, but follow a good maintenance plan and you may even be able to make a M$ system secure!
Every IT job I have seen (under army, National Guard Bureau, and in critical positions in most states) had a job advertised the monday after a spot was vacated or opened up. Three weeks after that, the announcement closed. Within 8 business days, the person who got the job knew about it, and a week later, started. My process took exactly 4 weeks, from the time the job opened to my first working day.
For all of you out there giving the gov a hard time, you might want to let up. I looked at the schedules posted by opm... I'm coming from a GS-11 position (entry level with a degree) in upstate NY.... In january, I get a $6800 raise. (That includes the 3.7% raise across the board for all federal employees.) Also, as a condition of my 'civilian' job, I am a member of the National Guard, as all these federal employees are ( our official job class is 'Federal Technician'). Include an extra $5000 from that paycheck. That equals out to $53,800 a year, which is about $2000 more than your average CS/CSE degree makes in their first year or two in the area. On top of that, the benefits rule.... 50% matching for retirement funds, good health insurance, every other monday off.... any training I ask for...
I also work as a federal technician for the US Army. Currently, NT4, HP/UX, AIX, and Solaris are approved for general use... but, the DoD and DoD-CERT (Computer Emergency Response Team) are pushing to certify both SecureBSD and a secure Linux distro. As of now, I have several Linux Boxen running that have been authorized and certified by the DoD to exist on DoD networks. In addition, all of my authorized security tools are written for SunOS and Linux. As far as the COE is concerned, there are no plans to get off of micro$oft until at least 2005. Current fielding plans for the COE include Win2k starting in march 2001. Don't expect much else; if we couldn't run Micro$oft Office, the government would come to a screeching halt. Remember: Stupid Users.
Carnivore is just another reason to justify my paranoia. Everyone should have email encryption at their fingertips. I really don't care if carnivore intercepts some twofish/serpent/rijndael encrypted traffic, because it would take the FBI three years to decrypt it. How relevant or incriminating could it be then? I pose a different question: How can we force ISP's to participate in augmenting the current net to include Public Key Infrastructure? Why doesn't every email/file transfer program have a PGP-like plugin? Shut down the US Internet, my left butt cheek!
Doesn't really matter what Ridley Scott says, the movie is based on Phillip K. Dick's "Do Androids Dream of Electric Sheep?" and Dick says that Deckard was left as a personal philosophical exercise.
As a loyal Road Runner user, I wish AT&T would have a bigger stake in RR and not have AOL/TW own the whole freakin' thing. It worries me when I start getting emails from AOL that they'll be 'improving' my internet access soon.
Rensselaer Polytechnic has been offering a course in Philosophy of AI with course materials including Blade Runner, Terminator, and the week the Matrix came out, it was added to the course.