Want a Security Pro? Get Politically Incorrect and Learn Geek Culture 314
coondoggie writes "While complaints can be heard far and wide that it's hard to find the right IT security experts to defend the nation's cyberspace, the real problem in hiring security professionals is the roadblocks put up by lawyers and human resources personnel and a complete lack of understanding of geek culture, says security consultant Winn Schwartau. Take Janet Napolitano, U.S. secretary of the Department of Homeland Security, who has said the country can't find the right people for network defense. The real problem is a misunderstanding of computer geeks, their personalities, habits and their backgrounds, said Schwartau today during his talk at the Hacker Halted information security conference."
Two big barriers (Score:5, Interesting)
Pay scale
The GS payscale doesn't map well to high-end IT skills. So often you end up with the marginally qualified, or those rare individuals who are not only not in it for the money, but somehow find a way to turn down offers every quarter from another round of head-hunters.
Extra scrutiny
The government security and screening process is a lot tougher than many commercial enterprises. It leads to ironic debtor-prison type situations where an otherwise qualified guy about to have his house foreclosed can't get the job because he is a security risk because he needs the money. The government just doesn't want to take the risk he will be try to pay off his bills by selling access to the highest bidder.
Re:I'm sure geeks (Score:5, Interesting)
Guess what? The skills that define a "good hacker" are going to tend towards somebody who's "counter-culture."
Most of the really good hackers I've met are very enterprising souls. They don't give a rat's ass about your "rules". They typically are making a passable living working outside the boundaries. They define your rules as "bullshit." They have one motivation: toys. They don't care about your petty office drama, your corporate ladder-climbing, and your marketing bullshit.
It's exactly your mentality that ensures that the US Government (and, by in large, most of the Fortune 500) will continue to fall further behind. Your average hacker can make more in two hours than you'd pay him in a week hacking together some Perl script on a contract basis. And you can bet crime does, in fact, pay here. It pays quite well.
Defcon (Score:4, Interesting)
This year's Defcon had a HUGE push by Homeland security and the CIA attempting to recruit. It was funny going to watch Bruce Schneier talk and someone told him that and he bascially said "I hope you didn't believe anything they said". They guy from Homeland security seemed like a good guy and was tring to actually hire good people, but my only question to everything he said was "You do realize you work for Janet N.?"
The Federal government has become a joke. If you go out on a limb for them and it becomes slightly inconvient for them they hang you out to dry. You find them doing something wrong and think about whistleblowing, you will be fired and probably sued (see ATF guy who told about Fast and Furious). You interrogate terrorits and you will be threatened with jail (See CIA agents at Gitmo). They have a history of stomping on people who might make them look bad.
No thanks. The Federal government is corrupt beyond fixing. Anyone who goes in to do the right thing will end up being a casuality.
Re:Right (Score:4, Interesting)
I've had an unusual working life, 15yrs of blue collar, and 20+yrs of white collar, I get along with most people and can hold my own in a conversation with the janitor or the CEO, but I have no respect for superficial judgement. As soon as some cockhead like the guy in TFA tries to pigeon hole me, I will refuse to cooperate. That one rebellious trait makes me unsuitable for security work, I get that. I'm an honest, trustworthy person with a strong loyalty ethic, and with some oil to those rusty neurons could probably get past the technical interview, but I wouldn't hire me for the job so why would they?