Want a Security Pro? Get Politically Incorrect and Learn Geek Culture 314
coondoggie writes "While complaints can be heard far and wide that it's hard to find the right IT security experts to defend the nation's cyberspace, the real problem in hiring security professionals is the roadblocks put up by lawyers and human resources personnel and a complete lack of understanding of geek culture, says security consultant Winn Schwartau. Take Janet Napolitano, U.S. secretary of the Department of Homeland Security, who has said the country can't find the right people for network defense. The real problem is a misunderstanding of computer geeks, their personalities, habits and their backgrounds, said Schwartau today during his talk at the Hacker Halted information security conference."
Marijuana/Drug Laws (Score:5, Informative)
I haven't met a too many good hackers who haven't, at least at one time, engaged in some drug use -- whether it be smoking weed (usually), tripping on mushrooms/acid, or cocaine etc..it seems to permeate the culture quite a bit.
A couple three-letter agencies once tried to recruit me, but I didn't want to stop going to festivals/parties, smoking pot, etc. It felt like I would have to become a square and this job would be my life, and I'd have to disown much of the culture I was associated with previously. Plus, I thought if I went forward, I'd never get past the polygraph where they ask you tons of questions about drug use, and it would just be a waste of time.
For context, I am an IT professional with a specialization in security and about 20-40% of my workload is security related.
Maybe if drug testing wasn't required, these agencies would get more applicants. But no one wants to piss in a cup on a monthly basis to work at a rate of pay less than they could get at companies that don't drug test.
This is normal... (Score:4, Informative)
Ah, but What is a Hacker Like? (Score:5, Informative)
An important point: Except in some relatively minor respects such as slang vocabulary, hackers don't get to be the way they are by imitating each other. Rather, it seems to be the case that the combination of personality traits that makes a hacker so conditions one's outlook on life that one tends to end up being like other hackers whether one wants to or not (much as bizarrely detailed similarities in behavior and preferences are found in genetic twins raised separately).
General Appearance
Intelligent. Scruffy. Intense. Abstracted. Surprisingly for a sedentary profession, more hackers run to skinny than fat; both extremes are more common than elsewhere. Tans are rare.
Dress
Hackers dress for comfort, function, and minimal maintenance hassles rather than for appearance (some, perhaps unfortunately, take this to extremes and neglect personal hygiene). They have a very low tolerance of suits and other ‘business’ attire; in fact, it is not uncommon for hackers to quit a job rather than conform to a dress code. When they are somehow backed into conforming to a dress code, they will find ways to subvert it, for example by wearing absurd novelty ties.
Female hackers almost never wear visible makeup, and many use none at all.
Physical Activity and Sports
Many (perhaps even most) hackers don't follow or do sports at all and are determinedly anti-physical. Among those who do, interest in spectator sports is low to non-existent; sports are something one does, not something one watches on TV.
Further, hackers avoid most team sports like the plague. Video games being a notable exception, both in terms of team play and consideration as a sport... Hacker sports are almost always primarily self-competitive ones involving concentration, stamina, and micromotor skills: martial arts, bicycling, auto racing, kite flying, hiking, rock climbing, aviation, target-shooting, sailing, caving, juggling, skiing, skating, skydiving, scuba diving. Hackers' delight in techno-toys also tends to draw them towards hobbies with nifty complicated equipment that they can tinker with.
The popularity of martial arts in the hacker culture deserves special mention. Many observers have noted it, and the connection has grown noticeably stronger over time. In the 1970s, many hackers admired martial arts disciplines from a distance, sensing a compatible ideal in their exaltation of skill through rigorous self-discipline and concentration.
Today, martial arts seems to have become firmly established as the hacker exercise form of choice, and the martial-arts culture combining skill-centered elitism with a willingness to let anybody join seems a stronger parallel to hacker behavior than ever. Common usages in hacker slang un-ironically analogize programming to kung fu (thus, one hears talk of “code-fu” or in reference to specific skills like “HTML-fu”).
Education
Nearly all hackers past their teens are either college-degreed or self-educated to an equivalent level. The self-taught hacker is often considered (at least by other hackers) to be better-motivated, and may be more respected, than his school-shaped counterpart. Academic areas from which people often gravitate into hackerdom include (besides the obvious computer science and electrical engineering) physics, mathematics, linguistics, and philosophy.
Food
Ethnic. Spicy. Oriental, esp. Chinese and most esp. Szechuan, Hunan, and Mandarin (hackers consider Cantonese vaguely déclassé). Hackers prefer the exotic; for example, the Japanese-food fans among them will eat with gusto such delicacies as fugu (poisonous pufferfish) and whale. Thai food has experienced flurries of popularity. Where available, high-quality Jewish delicatessen food is much esteemed. A visible minority of Southwestern and Pacific Coast hackers prefers Mexican.
For those all-night hacks, pizza and microwaved burritos are big. Interestingly, though the mainst
Re:Right (Score:5, Informative)
Re:You've got to admit (Score:4, Informative)
I have worked for the Federal Government for some time now (6-7 years). Below is a brief detail of my hiring/firing history.
1 - Apply for intern job (summer 2004), a month (month!) later, go on an interview, be told that I "got the job". Two months (!) later, I start. The first 50 hours are entirely paperwork. I work 20 hours/week for a year after this.
2 - Due to the conditions on my hire, I was only allowed to be employed for 12 months. The plan is to fire me on a Friday, and hire me on Monday (more paperwork). Somebody gets sick, or lazy, or something (never found out). I end up unemployed for a month. My supervisor gives me a bonus (equal to a weeks pay... $240), as an apology.
3 - I get my degree, and get hired on as a full time employee. I start the process early, but it takes three months (during which I work full time at less than half of the full time rate).
4 - I take a temporary assignment. This takes 9 months to set up. It is a two month assignment.
5 - I take another temporary assignment. We don't fill out the paperwork, as it is a lateral for the same pay on the other side of the building.
6 - I find new employment (June 2010). A position is opened up with my name on it. I start mid-January 2011.
Among my group, one of them took over a year to hire (and had to jump through a "temporary hire" hoop in order to wait out a hiring freeze), one of them took 9 months to hire (full time federal), one of them took nine months to hire (full time post-doc contractor), and one of them took 4 months to hire (contractor). I don't know what it looks like in the private sector, but this is INSANE. In a previous federal job, we had two applicants find other employment while we were in the process of hiring them (restarting the 6-9 month process!).
Want to talk waste/fraud/abuse? Have an engineer work 70 hour weeks for 6 months while you try to promote the person who will do the job. This has happened twice in my observation (the first person got promoted out). Fucking disaster.
While you are correct that it is difficult to fire someone (I've seen it done twice), it is also very hard to hire them. It is double-hard to hire people when you tell them that it will be 6 months before they start. You tell that to graduating seniors, and they walk away from the recruiting station.
Re:Right (Score:2, Informative)
Let e get this straight, you want someone who obeys the rules and is moral to fight against someone who doesn't have any rules and is immoral? That is like saying we can eliminate the threat of nebular war by disarming all of our nukes, and hope our enemies see things the same way.
The fact is that you have little understanding of the hacker culture. They are able to do their hacking because they have experience getting around the restrictions placed there by others. This creates the mistrust and sometimes bad records that end up surrounding them. So in effect, the very thing that disqualifies them for the position is the very thing that makes them experts in the field. Now don't get me wrong, I'm not saying that they should hire just any hacker off the street. I'm just saying that they need a different set of criteria for them. The sad thing is that I doubt anyone in security is qualified to draft the qualifications that are necessary.
Re:The Right People (Score:2, Informative)
The infamous SF86 (Score:5, Informative)
If you're going to get a Fed security clearance of any kind, you're going to *start* the process by filling out this form (127 pages, although large parts are skipped for most people):
http://www.opm.gov/forms/pdf_fill/sf86.pdf [opm.gov]
Just so you know the kinds of questions they start with. It gets more invasive from there. They generally only care about the last 7 years of your life, however.
Oh, and skip to page 96 if you want to get to the "what drugs have you done?" part.