[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]
From: "Mikhail A. Utin" <mutin@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 4 Jun 2012 10:45:52 -0400

-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of 
full-disclosure-request@xxxxxxxxxxxxxxxxx
Sent: Saturday, June 02, 2012 7:00 AM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Full-Disclosure Digest, Vol 88, Issue 2

Send Full-Disclosure mailing list submissions to
        full-disclosure@xxxxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
        full-disclosure-request@xxxxxxxxxxxxxxxxx

You can reach the person managing the list at
        full-disclosure-owner@xxxxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific than "Re: 
Contents of Full-Disclosure digest..."

Note to digest recipients - when replying to digest posts, please trim your 
post appropriately. Thank you.

Today's Topics:

   1. Re: NSA Cyber security program [ maybe off-topic ]
      (InterN0T Advisories)
   2. TrueCaller Vulnerability Allows Changing Users    Details
      (Kuwait WhiteHat)
   3. Re: NSA Cyber security program [ maybe off-topic ]
      (Benjamin Kreuter)
   4. Re: NSA Cyber security program [ maybe off-topic ]
      (Alexander Georgiev)
   5. Re: NSA Cyber security program [ maybe off-topic ] (Urlan)

----------------------------------------------------------------------
My 10 cents:

While out of topic, the subject has touched a few people.
I worked for US Navy as information security analyst /contractor for a few 
years, and had two projects with US DoT. Plus, had an interview at .... Let's 
not to mention exact name.
I can share a few things with you guys.
First, US government employees are paid very well. There are several levels of 
(as I remember around 12 - 14) starting at 25-30K and up to around 150-170K. 
That is for non-managerial positions. With my MS in CS and IT and security 
experience I would easy target 120K. So, the same level as in private sector. 
Plus, they have numerous perks, and being just contractor I managed to use one. 
Plus, low cost very good health insurance, and pretty good pension after 
several years, which is much better than what the rest of US have.
So, those are positives. There are negatives as well. First, the environment is 
highly politicized, and technical upper level management is out of common 
sense. All is about getting more power. One top level manager once said during 
business meeting "There should be no humor during business meetings". And this 
idiot was absolutely serious.  The same manager later destroyed security 
department and moved information security in IT department, where one IT boy 
said "Even monkey can do vulnerability scanning". He was expected to replace me 
and my contact had been terminated. I was really happy to quit. BTW, it was not 
a dumb stupid base in the middle of nowhere. It was Naval System Command top 
research center.
Often US government big projects, like current related to cloud computing, are 
out of technical common sense and are driven by political will and something I 
name "legal corruption".  In my collection of the most stupid US government 
activity cases is so named NMCI project - Naval Marine Corp Intranet, which was 
not Intranet project at all. Who is interested to know details, please email me 
directly. I'm writing that because being government employee you would be 
involved in such stupid projects.

Concerning hiring process, it also very specific. To be hired, you need to file 
(now electronically) twenty pages of questionnaire. Plus, two stupid tests, 
plus writing an essay. Does not matter if you are well-known high level 
professional - you should pass that crap of tests and writing. In general, each 
US government department has some specifics in hiring, but it is pretty 
standard and requires some time and devotion to deal with.

Some time ago I saw a paper that US government immediately needs approximately 
20,000 security professionals. My assumption - mostly in activities associated 
with this list interests. However, I do not think the government will do 
anything real to fill out this gap. NSA project in question, which triggered 
this discussion, is an example. BTW, NSA build new center in the middle of 
nowhere, somewhere in Mormon's country. If you like Wild West, you can try that.

Summary: if you want good salary, thinking about retirement, health insurance, 
etc., you can try to get there. You can earch through US government 
departments' sites, and there are a few head-hunting portals listing all 
departments, etc. But, be ready for specifics of hiring and internal 
environment. In some places, like DC, you can find shocking results of equal 
opportunity employment. I would assume that in some places you could find good 
professional environment and good people to work with (I enjoyed working with 
navy guys of my level), but do not count on that.

Good luck

Mikhail

CONFIDENTIALITY NOTICE: This email communication and any attachments may 
contain confidential 
and privileged information for the use of the designated recipients named 
above. If you are 
not the intended recipient, you are hereby notified that you have received this 
communication 
in error and that any review, disclosure, dissemination, distribution or 
copying of it or its 
contents is prohibited. If you have received this communication in error, 
please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of 
this communication 
and any attachments. For further information regarding Commonwealth Care 
Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]
  - From: Georgi Guninski

Prev by Date: Re: [Full-disclosure] Unauthorized Digital Certificates Could Allow Spoofing
Next by Date: Re: [Full-disclosure] Unauthorized Digital Certificates Could Allow Spoofing
Previous by thread: Re: [Full-disclosure] Unauthorized Digital Certificates Could Allow Spoofing
Next by thread: Re: [Full-disclosure] Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]
Index(es):
- Date
- Thread