Want a Security Pro? Get Politically Incorrect and Learn Geek Culture 314
coondoggie writes "While complaints can be heard far and wide that it's hard to find the right IT security experts to defend the nation's cyberspace, the real problem in hiring security professionals is the roadblocks put up by lawyers and human resources personnel and a complete lack of understanding of geek culture, says security consultant Winn Schwartau. Take Janet Napolitano, U.S. secretary of the Department of Homeland Security, who has said the country can't find the right people for network defense. The real problem is a misunderstanding of computer geeks, their personalities, habits and their backgrounds, said Schwartau today during his talk at the Hacker Halted information security conference."
My mother's basement is well defended (Score:5, Funny)
My mother's basement is well defended !!!!!!!
your beloved Greek nation is bankrupt (Score:4, Funny)
And so are you, and oh -- by the way -- your keyboard-'R' is unreliable.
Right (Score:5, Insightful)
And the Catholic Church could prop up its declining clergy membership by recruiting straight from the local sex offender registry.
Seriously, what the fuck? "Legal niceties" is another term for these rules are in place because we don't want to get fucked over again by someone we trusted. They're there for a reason, and actively circumventing them to search for applicants is inviting yourself to get burned. Maybe some of them could be relaxed, sure, like the one-time drug offense bit for security clearances. But just saying "they're narrowing our pool of applicants!"...Shit, Sherlock, that's why they exist!
Re: (Score:2)
With a few exceptions, the reason most exist is because of a lot of greedy lawyers.
Re:Right (Score:5, Informative)
Re:Right (Score:5, Insightful)
They are forever condemned to hammer square blocks into round holes unless they find somebody who thinks the Nuremberg defense is absolutely absolving you.
In my whole professional career(some of it actually required NATO clearance...for blueprints that propably had already been known been known to Teh Enemi for 30 years) I was more than once severely tempted to leak stuff to the national press. Never did, tho. I fully understand what thought process Manning followed when he leaked stuff. We let the fools run stuff and let them cover up their shortcomings with secrecy.
Re:Right (Score:5, Insightful)
study some history. people who follow the "proper chain" tend to just get ignored and shitlisted. What happened after mai lai? the only reason it saw the light of day was that someone ditched the chain and wrote letters to every senior person he could think of. even then how many people actually went to jail?
Re: (Score:3)
"[citation needed]"
right now I know you're just a troll.
nice little political bit too.
it's so offensive to compare the army screwing up over a massive fuckup/abuse then shitlisting the guy who tried to follow the proper chain.
he ignores the chain of command and sent letters to every congressman, who with only a few exceptions ignored it too until they couldn't any more.
human rights abuses happen in the army. if you try to follow the proper chain your career is over because you're then known as the guy who f
Re: (Score:3)
Working inside any large organisation you tend to get a very distorted view of it's behaviour.
Just for an example:
Inside intel do you think they shout "we're breaking the law and practicing unfair trading practices which are going to get us fined heavily"?
no. if you talk to an engineer who happens to work on the fab floor he'll probably think it's all just blown out of proportion by a few consumer groups or competitors because it's constantly repeated that the company is good and that it's top priority is t
Re:Right (Score:4, Interesting)
I've had an unusual working life, 15yrs of blue collar, and 20+yrs of white collar, I get along with most people and can hold my own in a conversation with the janitor or the CEO, but I have no respect for superficial judgement. As soon as some cockhead like the guy in TFA tries to pigeon hole me, I will refuse to cooperate. That one rebellious trait makes me unsuitable for security work, I get that. I'm an honest, trustworthy person with a strong loyalty ethic, and with some oil to those rusty neurons could probably get past the technical interview, but I wouldn't hire me for the job so why would they?
Re: (Score:2)
People forgot how to deal wi
Re: (Score:3, Insightful)
The problem he is alluding to is quite interesting. We accept double agents. We accept terrorists who are "converted". We accept criminals who have "seen the light of day." But heaven forbid you smoke a doubie! No, that can't be right, that person is distrustful. WTF?
Remember this America went to war against Iraq based on a single opinion! An opinion of an "insider". RIGHT... This is good business because the doubie smoker, well he is a real problem for society and the IT infrastructure.
Re: (Score:2, Informative)
Let e get this straight, you want someone who obeys the rules and is moral to fight against someone who doesn't have any rules and is immoral? That is like saying we can eliminate the threat of nebular war by disarming all of our nukes, and hope our enemies see things the same way.
The fact is that you have little understanding of the hacker culture. They are able to do their hacking because they have experience getting around the restrictions placed there by others. This creates the mistrust and sometimes b
Re:Right (Score:5, Insightful)
Seriously, what the fuck? "Legal niceties" is another term for these rules are in place because we don't want to get fucked over again by someone we trusted. They're there for a reason.
I hate this mindset. Rules are there for a reason, yes, but what is that reason? Maybe it's an ironclad principal of human nature ("people with credit problems are easily bribed"); maybe it originates from a once-applicable idea that is now obsolete ("homosexuals are easily blackmailed"); maybe it originated from prudish mindsets or political agendas that never had any validity to begin with ("marijuana smokers are less trustworthy"); maybe it was meant to appease stakeholders whose concerns or opinions no longer hold sway ("art students are more likely to be communist sympathizers"); maybe you're more desperate than before ("sh*t we need a lot of custom code... isn't there some non-critical stuff that we can let non-cleared programmers work on?").
Rules are not so eternal as you seem to think... they are but one of many structural elements in complex human systems, and an organization that is poor at reevaluating and changing rules is doomed to ossification.
BTW, if you RTFA, you'd see that's he's specifically talking about people with AD(H)D, autism, OCD, and perhaps soft drug use. He's also talking about redesigning clearances and pushing back on overweighted HR/legal interests, not outright circumvention of existing rules. (And if he's seen the HR departments that I've seen, he knows they frequently block any meaningful evaluation of a candidate's technical proficiencies and prefer to judge people on their ability to smile, deliver a firm handshake, and make smalltalk with a stranger. Part of it is legal... can't ask that candidate to write a SQL statement like he or she will have to do every damn day on the job because we don't know for sure that it isn't some subtle proxy test to discriminate on race.)
Re: (Score:3)
I'm sure geeks (Score:4, Insightful)
think they deserve special treatment and don't have to be clean, social, pleasant, accountable workers.
newsflash: they do.
Corps and Gov are right to want to make more geeks, so they don't have to make do with the half-defective ones.
Re: (Score:2)
"newsflash: they do."
newsflash to your newsflash: then you won't get the best of the pool.
If that's good enough for you, it's good enough for me: I'm not even American, so it's better than enough for me that you don't get the best of the pool.
Re: (Score:2)
"newsflash: they do."
newsflash to your newsflash: then you won't get the best of the pool.
Gee... Having been part of the pool... I'm offended, either by the implication that I lack even the basic social graces, or by the implication that I'm not the best at what I did....
Congrats, you offended a lot of folks in one post.
Re:I'm sure geeks (Score:5, Interesting)
Guess what? The skills that define a "good hacker" are going to tend towards somebody who's "counter-culture."
Most of the really good hackers I've met are very enterprising souls. They don't give a rat's ass about your "rules". They typically are making a passable living working outside the boundaries. They define your rules as "bullshit." They have one motivation: toys. They don't care about your petty office drama, your corporate ladder-climbing, and your marketing bullshit.
It's exactly your mentality that ensures that the US Government (and, by in large, most of the Fortune 500) will continue to fall further behind. Your average hacker can make more in two hours than you'd pay him in a week hacking together some Perl script on a contract basis. And you can bet crime does, in fact, pay here. It pays quite well.
Re:I'm sure geeks (Score:5, Insightful)
Re: (Score:2)
Ok so to get intelligence we want the guy who is clean, knows to be effective and has polish? Really, that is who we want to get terrorist intelligence? Mob intelligence? You name the crime fighting unit (FBI, CIA, Military etc). The problem is that keeping a network safe and away from hackers is the same sort of person. They are not quite legal, not quite illegal. They are towing that line in the middle. They are definitely counter culture and could not give a eff what others think of them.
The intelligence
Re: (Score:2)
So, all policemen should be crooks ?
Re: (Score:2)
Get something clear: being an effective anything requires having a rod up your ass that you put there yourself. To outside observers, it might look like a counter-culture Fuck You t
Re:I'm sure geeks (Score:4, Insightful)
Re: (Score:2)
And you can bet crime does, in fact, pay here. It pays quite well.
I suppose you might be right... Eventually, you get caught. Then it's an all expense paid trip to the local "big house" with free meals and health care for the duration of your stay.
Seems to me that the online crime that really pays is not generally done by the lonely hacker living in the basement of his parent's house but the guys who spend years on their plans.
Re: (Score:3)
There's no intrinsic difference between an IT security guy, a financial regulator, an auditor, a building inspector... All are dealing with complex systems, with external operators trying to exploit these systems while they themselves have to guarantee their safety. Security IT guys are not a brand new breed of semi-superhuman beings, they're the latest variation of the safety inspector archetype.
Hacking mostly doesn't pay, and mostly will get you in jail. Like everyone else, hackers should welcome a chance
Re: (Score:2)
They will get a job somewhere else. Possibly working for themselves, or possibly working for someone with a less restrictive hiring policy. They will do just fine, thanks.
It's the employer who rejected them who is missing out.
Re: (Score:3)
Yup, they would. Based on the last time we looked, it would take about a year, and they'd end up with yet another "bad attitude". I have to wonder, though, which counts as more dysfunctional - Modern corporate "disposable human" culture, or somewhat arrogant no-respect-for-authority geek culture? Because y'know, I'd trust my geek coworkers to help me get out of a burning building; the former would make more from the insurance payoffs with me dead.
But
Re: (Score:3)
No.
But "the pool" includes people who use drugs recreationally, "ping" somewhere on the Aspbergers/Autism/ADD spectrum (and as a result usually have financial or criminal issues that makes them "unhire-able" by the Government), and to a very large degree don't find a job where there's a lot of spending time in meetings and filling out timesheets and forms to be very rewarding. Often, some of the best candidates have multiples of these issues: some of the best people in security, in fact, have all of these
Re: (Score:2)
Do you really think "the best of the pool" means accepting smelly, unwashed, anti-social jerks?
The pool you're looking in must have awfully low standards.
Well, yes, as a matter of fact I do. If I have to hire smelly unwashed anti-social jerks and that guarantees I have a much greater chance of defending my stuff from the other roving bands of smelly unwashed anti-social jerks I would hire my own smelly unwashed jerks in a heartbeat. You don't hire a plumber to fix your car, so don't hire a squeaky clean butt-kisser that knows nothing about the gritty dirty underhanded bits of network security to secure your network.
Re:I'm sure geeks (Score:4, Insightful)
think they deserve special treatment and don't have to be clean, social, pleasant, accountable workers.
newsflash: they do.
And this is why you get clueless people. Because you hire based on personality and clothes.
Re: (Score:2)
think they deserve special treatment and don't have to be clean, social, pleasant, accountable workers.
newsflash: they do.
And this is why you get clueless people. Because you hire based on personality and clothes.
So show up with your knowledge, reasonably dressed and be pleasant with the people interviewing you and I'll bet they will jump at the chance to hire you. Be a team player, willing to work and eager to help them with their problems and they will be more than willing to keep paying you.
Re: (Score:3)
Isn't the article exactly about how the US government doesn't find competent IT personnel because they think mostly like you?
Re: (Score:3)
newsflash: Good people get away with it not because they think they can but because they're good people.
Half of my department has social skills that make Al Gore look charismatic in comparison, but they deal with computers and not humans so it is not a qualification requirement and I don't give a shit about it either. There's that one guy that looks anywhere but you when he's talking to you, to the point of making you think he's deliberately ignoring you because he keeps working while discussing things with
Re: (Score:2)
There's that one guy that looks anywhere but you when he's talking to you, to the point of making you think he's deliberately ignoring you because he keeps working while discussing things with you. And when mentioned he will simply and bluntly inform you that "merely" telling you something bores him to death, so he has to keep busy with something meaningful while doing it. And behold, he's actually honest, he IS that good that he can flawlessly continue to do whatever task he has at hand while explaining something completely unrelated to you, and that's what I care about
You know, just to put this out there, your coworker may have Asperger Syndrome. http://en.wikipedia.org/wiki/Aspergers [wikipedia.org]
Re: (Score:2)
Possible, likely actually, but for all I care he could have Tourette's, it's none of my business. He doesn't have to interface with a lot of people (and he's actually very, very happy about it) and he's great at his job, so why should I complain?
Re: (Score:3)
Are we talking about the same corps and government that are typically bent on screwing over as many people as possible in order to make a buck? Geeks are the only sane ones.
Hiring the right people (Score:4, Insightful)
Re: (Score:2)
The US has been at war for the last 10 years.
Re: (Score:3)
Yeah, but in a war they can't lose. That's like calling a boxing match between the heavyweight champion and a 3 year old a fight. You needn't give up control because there's simply nothing at stake.
WW2 was, as far as I'm concerned, the last time where the US actually could get into some serious trouble if they didn't muster any and all effort to fight, and where winning was neither certain nor meaningless.
Re: (Score:2)
The cold war was a very very serious affair. The US military combined with all the armies of Western Europe would not have beat the Soviet forces in a conventional fight.
The entire NATO battle plan for defending western Europe basically involved the plan to nuke the soviet front-line while it was still in eastern Europe before it could move into the allied western countries. Because the US KNEW it couldn't win in a conventional fight it basically made it well known that were the Soviets to move to invade We
Re: (Score:2)
Wars involve sacrifice, from both military and citizens. The citizens didn't even notice there was a war. American Idol and Survivor distracted them successfully. Ohh a squirrel.....
Re: (Score:2)
We haven't declared war in a long time. Sure been a lot of illegal military actions since then though.
"roadblocks put up by lawyers and human resources" (Score:4, Insightful)
This isn't even specific to the IT field. This is a problem with every organization that hires people. Unless the organization is too small to have lawyers or human resources.
Re: (Score:3)
Unless the organization is too small to have lawyers or human resources.
And this is why I gave up working for big organisations - I want to spend my time doing a useful job rather than constantly battling against other departments (such as HR) who seem intent on making sure there's as little productivity as possible.
Marijuana/Drug Laws (Score:5, Informative)
I haven't met a too many good hackers who haven't, at least at one time, engaged in some drug use -- whether it be smoking weed (usually), tripping on mushrooms/acid, or cocaine etc..it seems to permeate the culture quite a bit.
A couple three-letter agencies once tried to recruit me, but I didn't want to stop going to festivals/parties, smoking pot, etc. It felt like I would have to become a square and this job would be my life, and I'd have to disown much of the culture I was associated with previously. Plus, I thought if I went forward, I'd never get past the polygraph where they ask you tons of questions about drug use, and it would just be a waste of time.
For context, I am an IT professional with a specialization in security and about 20-40% of my workload is security related.
Maybe if drug testing wasn't required, these agencies would get more applicants. But no one wants to piss in a cup on a monthly basis to work at a rate of pay less than they could get at companies that don't drug test.
Re:Marijuana/Drug Laws (Score:5, Insightful)
Now, is that because good hackers tend to be drug users--or is it because *you* are a drug user and thus a larger percentage of the people you meet are drug users?
Re: (Score:3)
That said, I've spent a lot of time on IRC (this was my hacker training 1996-2002), etc and found there is a significant overlap between 'hacker' and 'stoner' circles, and later on, between 'hackers' and people into psychedelic music or rave scenes..hell, there's a whole genre of the rave scene called "cyber."
of course there's some selection bias because I'm a stoner, but I find the overlap to be too significant to explain away by that fact alone. What's
Re: (Score:2)
Re: (Score:3)
of course there's some selection bias because I'm a stoner, but I find the overlap to be too significant to explain away by that fact alone. What's your take on this?
A non-drug user will see the opposite pattern because the best people who use drugs are also the most discreet.
Re: (Score:2)
Have you ever been to defcon?
Re: (Score:2)
Re: (Score:2)
It felt like I would have to become a square...
You realize this is Slashdot, right?
Re: (Score:2)
Re: (Score:2)
The major reason for drug testing is to prevent blackmail, as was the old ban on homosexuality.
If you don't give a fuck what someone does off-duty, they can't be blackmailed for it.
Re: (Score:2)
If you don't give a fuck what someone does off-duty, they can't be blackmailed for it.
They can be blackmailed as long as someone they care about cares what they do off duty. "Get us the secret plans or your WoW girlfriend will find out you still live in your Mom's basement."
A true hacker .. (Score:5, Funny)
While not terribly talented and hardly the sort of person likely to hold down a decent paying job (let alone know how to write out a resume or pass an interview) these are the sort of people who find the gaps. Recruiting them to work for you may be iffy. Once they have a paycheck, can afford a sports car, some decent clothes and can afford to go out they slowly cease to be the people you wanted.
Best to just hire them on a per item contract and toss them a burrito now and then.
Re: (Score:2)
False. That's what multitasking while compiling or testing is for.
Re: (Score:2)
What do those true hackers do while they think?
This is normal... (Score:4, Informative)
There is a wide skillrange with security (Score:2)
I know about encryption, and I've found security flaws in applications such as Adobe's P2P networking, but I wouldn't consider myse
The solution is obvious (Score:2)
They need to hire a Relationship Manager.
"Ich bin ein nerd"
Bad Idea (Score:2)
Re: (Score:2)
Hiring a known Black Hat? Are you nuts?
I know, there's that myth floating about that a police register is some sort of "letter of recommendation", but actually, it not only tells me that the person at the very least didn't mind playing on the "wrong" team, but he was also not good enough not to get caught. I do NOT want that person on my team!
Actually, what you want to hire as government is that average-good hacker, not the top level one. Why, you may ask? Well, with the former you can be certain that he's
Two big barriers (Score:5, Interesting)
Pay scale
The GS payscale doesn't map well to high-end IT skills. So often you end up with the marginally qualified, or those rare individuals who are not only not in it for the money, but somehow find a way to turn down offers every quarter from another round of head-hunters.
Extra scrutiny
The government security and screening process is a lot tougher than many commercial enterprises. It leads to ironic debtor-prison type situations where an otherwise qualified guy about to have his house foreclosed can't get the job because he is a security risk because he needs the money. The government just doesn't want to take the risk he will be try to pay off his bills by selling access to the highest bidder.
Ok, let's jump into this (Score:2)
First of all, tfa misses it's point completely, but hits on a bigger one. How to tell a crap sec pro from a good one, and at least I believe the answer isn't on paper. HR does background checks on anybody in any dept. , so saying this is discriminant is to generalize the entire work force, same with drug testing. Culturally... well you gotta have somebody that fits in with the team, otherwise you got bigger problems than network security. Most hacker / security types I know of you can't really tell apar
Re: (Score:2)
Which is why the CISSP certification is in such high demand....
Re: (Score:3)
You can tell the difference by subjecting the applicants to creative tests [defcon.org]. If they manage to break in, they're more likely to be able to switch hats and guard the other side of the fence.
Private Sector Pays more (Score:2)
Example: http://www.glassdoor.com/Salary/FBI-Salaries-E24637.htm [glassdoor.com]
Example: http://www.criminaljusticeschoolinfo.com/fbi-agent-salary.html [criminalju...olinfo.com]
So basically... (Score:4, Insightful)
Network security is a position of trust. There is basically no way around this: implicit in running a network is that you have the tools to see what's on it. Encryption only goes so far in such situations, particularly at agencies tasked, in part, with getting at encrypted data.
This adds up to some employers requiring a greater degree of trust in their employees than is currently the norm. Some geeks, it seems, are unwilling to come to terms with the fact that their life choices may have made them poor security risks in that context. The cases where the risk isn't because of a life choice are sadder, but the risk is just as real, and to ask agencies with bona fide requirements for absolute trust to simply ignore those risks is insane.
Have to specify what kind of security job (Score:2)
Security operations on a production network is so different from, say, vulnerability research that it's wrong to use the same term to refer to both.
Then you have to specify what kind of trust you're after. There's an sf story where a character muses about a thug "I would trust him with the crown jewels, but not with my daughter".
Defcon (Score:4, Interesting)
This year's Defcon had a HUGE push by Homeland security and the CIA attempting to recruit. It was funny going to watch Bruce Schneier talk and someone told him that and he bascially said "I hope you didn't believe anything they said". They guy from Homeland security seemed like a good guy and was tring to actually hire good people, but my only question to everything he said was "You do realize you work for Janet N.?"
The Federal government has become a joke. If you go out on a limb for them and it becomes slightly inconvient for them they hang you out to dry. You find them doing something wrong and think about whistleblowing, you will be fired and probably sued (see ATF guy who told about Fast and Furious). You interrogate terrorits and you will be threatened with jail (See CIA agents at Gitmo). They have a history of stomping on people who might make them look bad.
No thanks. The Federal government is corrupt beyond fixing. Anyone who goes in to do the right thing will end up being a casuality.
Ah, but What is a Hacker Like? (Score:5, Informative)
An important point: Except in some relatively minor respects such as slang vocabulary, hackers don't get to be the way they are by imitating each other. Rather, it seems to be the case that the combination of personality traits that makes a hacker so conditions one's outlook on life that one tends to end up being like other hackers whether one wants to or not (much as bizarrely detailed similarities in behavior and preferences are found in genetic twins raised separately).
General Appearance
Intelligent. Scruffy. Intense. Abstracted. Surprisingly for a sedentary profession, more hackers run to skinny than fat; both extremes are more common than elsewhere. Tans are rare.
Dress
Hackers dress for comfort, function, and minimal maintenance hassles rather than for appearance (some, perhaps unfortunately, take this to extremes and neglect personal hygiene). They have a very low tolerance of suits and other ‘business’ attire; in fact, it is not uncommon for hackers to quit a job rather than conform to a dress code. When they are somehow backed into conforming to a dress code, they will find ways to subvert it, for example by wearing absurd novelty ties.
Female hackers almost never wear visible makeup, and many use none at all.
Physical Activity and Sports
Many (perhaps even most) hackers don't follow or do sports at all and are determinedly anti-physical. Among those who do, interest in spectator sports is low to non-existent; sports are something one does, not something one watches on TV.
Further, hackers avoid most team sports like the plague. Video games being a notable exception, both in terms of team play and consideration as a sport... Hacker sports are almost always primarily self-competitive ones involving concentration, stamina, and micromotor skills: martial arts, bicycling, auto racing, kite flying, hiking, rock climbing, aviation, target-shooting, sailing, caving, juggling, skiing, skating, skydiving, scuba diving. Hackers' delight in techno-toys also tends to draw them towards hobbies with nifty complicated equipment that they can tinker with.
The popularity of martial arts in the hacker culture deserves special mention. Many observers have noted it, and the connection has grown noticeably stronger over time. In the 1970s, many hackers admired martial arts disciplines from a distance, sensing a compatible ideal in their exaltation of skill through rigorous self-discipline and concentration.
Today, martial arts seems to have become firmly established as the hacker exercise form of choice, and the martial-arts culture combining skill-centered elitism with a willingness to let anybody join seems a stronger parallel to hacker behavior than ever. Common usages in hacker slang un-ironically analogize programming to kung fu (thus, one hears talk of “code-fu” or in reference to specific skills like “HTML-fu”).
Education
Nearly all hackers past their teens are either college-degreed or self-educated to an equivalent level. The self-taught hacker is often considered (at least by other hackers) to be better-motivated, and may be more respected, than his school-shaped counterpart. Academic areas from which people often gravitate into hackerdom include (besides the obvious computer science and electrical engineering) physics, mathematics, linguistics, and philosophy.
Food
Ethnic. Spicy. Oriental, esp. Chinese and most esp. Szechuan, Hunan, and Mandarin (hackers consider Cantonese vaguely déclassé). Hackers prefer the exotic; for example, the Japanese-food fans among them will eat with gusto such delicacies as fugu (poisonous pufferfish) and whale. Thai food has experienced flurries of popularity. Where available, high-quality Jewish delicatessen food is much esteemed. A visible minority of Southwestern and Pacific Coast hackers prefers Mexican.
For those all-night hacks, pizza and microwaved burritos are big. Interestingly, though the mainst
The only thing I got out of this... (Score:4, Funny)
was confirmation of my opinion that "political correctness" now means "any kind of attitude or phenomenon that I don't like, but I can't be bothered to articulate a proper argument against". A bit like "inappropriate", really.
Bradley Manning... (Score:5, Insightful)
...had a Top Secret / SCI (secure, compartmentalized information) clearance.
They crawled up his ass with the Hubble telescope, looked for people he knows, then went and crawled up the ass of *those* people to find out who *they* know that might know Manning. They hooked him up to a polygraph. They checked, re-checked, cross-checked and followed every single link, social media page, every parking ticket, every word on his school records.
It takes months to do a SSBI. [wikipedia.org]
And yet, when Manning encountered something that he knew for a confirmed fact that what he was seeing/hearing/reading was against the law, he tried to do the right thing, but got shot down by his chain of command. Feeling as though he had no other choice, he allegedly turned the info over to Wikileaks.
What the heck do you suppose a "geek", someone who by their very nature has issues with authority, probably has personal issues around justice, and has tendencies towards just about every "ism" that your average government puts people on watchlists for, is going to do when they see/hear/read something that they think is wrong????
Nabbing geeks off the street to "hack the planet" is fine and dandy for movies about the end of the world, but it doesn't work so well in real life.
Re: (Score:3)
Speaking of geeks tending towards "isms"... even Robert Oppenheimer [wikipedia.org] was being closely watched for his "communist" tendencies, but the real spy Klaus Fuchs [wikipedia.org] went undetected for way
It's not just the insane bullshit... (Score:4, Insightful)
...of security clearances and credit checks and background checks and peeing in cups, although that's a big part of it (official DoD policy is that any marijuana use is a "serious mental disorder.")
The other aspect is that they don't really want their security fixed. They don't want to be told that "TBD" on a security plan isn't acceptable.
Very Simple (Score:2)
The first Boy Scout who develops "elite hacker skills" and is willing to spell it that way gets the job.
hiring prejudices go way beyond this (Score:2)
This isn't just government. People who run businesses and make hiring decisions have all kinds of weird ideas and hangups about what makes a good employee. You are considered not good employee material if you've been out of work for more than 6 months, or your age, appearance, or dress doesn't conform to their startlingly narrow standards, or your attitude isn't just so, or your credit rating is too low or perhaps too high which means you might be able to walk out on them without losing your car and house
must be "like me" (Score:2)
The paranoid nutcases that determine whether, or not, someone is a "security risk" have no clue how to determine that (how many spies have been publicly exposed within the CIA, etc. ?). They fall back on "I'm a good security risk, if I do say so myself, so people like me must also be potentially good security risks.", and, therefore, everyone "not like me" is a bad security risk.
The primary "like me" criterion is the willingness to have your entire life exposed to your bosses and other, less visible, audit
Your first mistake (Score:2)
Was using the government as a benchmark for anything. Government IT contracts are obscenely bloated with regulatory compliance requirements and perilously thin on security. There's difference between the two.
Government contracts stress first and foremost adherence to standards like COBIT and NIST because....well just because. Then the regulatory monkeys fly in and tell you about the 40 different regs you have to be audited to. And all of a sudden you've torn out your whole storage farm and replaced it with
IT needs trades / tech schools not college (Score:4)
IT needs trades / tech schools like learning not college that come with big skills gaps.
"Politically Incorrect" (Score:3)
The infamous SF86 (Score:5, Informative)
If you're going to get a Fed security clearance of any kind, you're going to *start* the process by filling out this form (127 pages, although large parts are skipped for most people):
http://www.opm.gov/forms/pdf_fill/sf86.pdf [opm.gov]
Just so you know the kinds of questions they start with. It gets more invasive from there. They generally only care about the last 7 years of your life, however.
Oh, and skip to page 96 if you want to get to the "what drugs have you done?" part.
Re:You've got to admit (Score:5, Insightful)
If you've ever worked for the government, you'll know that they ensure it's hard for them to hire anyone.
Re: (Score:2)
So you've worked for the Government?
From my experience at the federal level, it's only hard to FIRE a government employee.
Re:You've got to admit (Score:4, Informative)
I have worked for the Federal Government for some time now (6-7 years). Below is a brief detail of my hiring/firing history.
1 - Apply for intern job (summer 2004), a month (month!) later, go on an interview, be told that I "got the job". Two months (!) later, I start. The first 50 hours are entirely paperwork. I work 20 hours/week for a year after this.
2 - Due to the conditions on my hire, I was only allowed to be employed for 12 months. The plan is to fire me on a Friday, and hire me on Monday (more paperwork). Somebody gets sick, or lazy, or something (never found out). I end up unemployed for a month. My supervisor gives me a bonus (equal to a weeks pay... $240), as an apology.
3 - I get my degree, and get hired on as a full time employee. I start the process early, but it takes three months (during which I work full time at less than half of the full time rate).
4 - I take a temporary assignment. This takes 9 months to set up. It is a two month assignment.
5 - I take another temporary assignment. We don't fill out the paperwork, as it is a lateral for the same pay on the other side of the building.
6 - I find new employment (June 2010). A position is opened up with my name on it. I start mid-January 2011.
Among my group, one of them took over a year to hire (and had to jump through a "temporary hire" hoop in order to wait out a hiring freeze), one of them took 9 months to hire (full time federal), one of them took nine months to hire (full time post-doc contractor), and one of them took 4 months to hire (contractor). I don't know what it looks like in the private sector, but this is INSANE. In a previous federal job, we had two applicants find other employment while we were in the process of hiring them (restarting the 6-9 month process!).
Want to talk waste/fraud/abuse? Have an engineer work 70 hour weeks for 6 months while you try to promote the person who will do the job. This has happened twice in my observation (the first person got promoted out). Fucking disaster.
While you are correct that it is difficult to fire someone (I've seen it done twice), it is also very hard to hire them. It is double-hard to hire people when you tell them that it will be 6 months before they start. You tell that to graduating seniors, and they walk away from the recruiting station.
Re: (Score:2, Insightful)
Re: (Score:3)
Well, yes and no...
The bureaucratic bullshit (BBS) is roughly proportional to the size and the age of the organization. There's nothing special about govt work that makes it more susceptible to BBS... except that the govt is much bigger and older than most companies.
Shit, imagine working for the Vatican. They're a worldwide operation, and they've been at it for 2000 years. When St. Peter was doing all the hiring personally, it was a lot easier to get your foot in the door.
Re: (Score:3)
Re: (Score:2)
Really? Congress could have fooled me to think otherwise.
Re: (Score:3)
If you've ever worked for the government, you'll know that they ensure it's hard for them to hire anyone.
Really? Congress could have fooled me to think otherwise.
Congress doesn't get hired, the get elected. The process for the later is even more f'd up than the process for the former.
Re: (Score:2)
We should probably hire them. That way we'd get to choose between more than 2 applicants. Hey, one might even be able to do the job for a change!
Draft people into Congress ... (Score:5, Insightful)
Re:The Right People (Score:5, Insightful)
Don't forget the background checks where they spend six months or more interviewing your family and past employers. And the random drug tests. And polygraph tests. And the credit check. And...
Re: (Score:2)
I wonder when basic - and by that I mean really basic - philosophy has dropped out of our curriculum. It's not as if common sense were an arcane art lost to the ages and bank portfolios. We seem to have replaced it with non-controversy and lazy thinking.
Re: (Score:3, Insightful)
No, they think you are a person. And therefore, a potential terrorist.
Re: (Score:3)
Re: (Score:2)
The author obviously doesn't know very much about government security practice, even though their handbook is available online for anybody who can Google.
hrm..you might want to google that author's name before you say that...here [lmgtfy.com]
Re: (Score:2)
hrm..you might want to google that author's name before you say that.
You're right. He has written a lot of stuff about this sort of stuff. The thing that seems to be missing is the doing.
Remember: Those that can, do. Those who can't, teach. Those who can't teach, teach Phys-Ed. Those who can't teach Phys-Ed write books about it.