[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]

To: "Mikhail A. Utin" <mutin@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
Date: Mon, 4 Jun 2012 21:35:30 +0300

On Mon, Jun 04, 2012 at 10:45:52AM -0400, Mikhail A. Utin wrote:
> 
> 
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of 
> full-disclosure-request@xxxxxxxxxxxxxxxxx
> Sent: Saturday, June 02, 2012 7:00 AM
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: Full-Disclosure Digest, Vol 88, Issue 2
> 
> Send Full-Disclosure mailing list submissions to
>       full-disclosure@xxxxxxxxxxxxxxxxx
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>       https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
>       full-disclosure-request@xxxxxxxxxxxxxxxxx
> 
> You can reach the person managing the list at
>       full-disclosure-owner@xxxxxxxxxxxxxxxxx
> 
> When replying, please edit your Subject line so it is more specific than "Re: 
> Contents of Full-Disclosure digest..."
> 
> 
> Note to digest recipients - when replying to digest posts, please trim your 
> post appropriately. Thank you.
> 
> 
> Today's Topics:
> 
>    1. Re: NSA Cyber security program [ maybe off-topic ]
>       (InterN0T Advisories)
>    2. TrueCaller Vulnerability Allows Changing Users  Details
>       (Kuwait WhiteHat)
>    3. Re: NSA Cyber security program [ maybe off-topic ]
>       (Benjamin Kreuter)
>    4. Re: NSA Cyber security program [ maybe off-topic ]
>       (Alexander Georgiev)
>    5. Re: NSA Cyber security program [ maybe off-topic ] (Urlan)
> 
> 
> ----------------------------------------------------------------------
> My 10 cents:
> 
> While out of topic, the subject has touched a few people.
> I worked for US Navy as information security analyst /contractor for a few 
> years, and had two projects with US DoT. Plus, had an interview at .... Let's 
> not to mention exact name.
> I can share a few things with you guys.
> First, US government employees are paid very well. There are several levels 
> of (as I remember around 12 - 14) starting at 25-30K and up to around 
> 150-170K. That is for non-managerial positions. With my MS in CS and IT and 
> security experience I would easy target 120K. So, the same level as in 
> private sector. Plus, they have numerous perks, and being just contractor I 
> managed to use one. Plus, low cost very good health insurance, and pretty 
> good pension after several years, which is much better than what the rest of 
> US have.
> So, those are positives. There are negatives as well. First, the environment 
> is highly politicized, and technical upper level management is out of common 
> sense. All is about getting more power. One top level manager once said 
> during business meeting "There should be no humor during business meetings". 
> And this idiot was absolutely serious.  The same manager later destroyed 
> security department and moved information security in IT department, where 
> one IT boy said "Even monkey can do vulnerability scanning". He was expected 
> to replace me and my contact had been terminated. I was really happy to quit. 
> BTW, it was not a dumb stupid base in the middle of nowhere. It was Naval 
> System Command top research center.
> Often US government big projects, like current related to cloud computing, 
> are out of technical common sense and are driven by political will and 
> something I name "legal corruption".  In my collection of the most stupid US 
> government activity cases is so named NMCI project - Naval Marine Corp 
> Intranet, which was not Intranet project at all. Who is interested to know 
> details, please email me directly. I'm writing that because being government 
> employee you would be involved in such stupid projects.
> 
> Concerning hiring process, it also very specific. To be hired, you need to 
> file (now electronically) twenty pages of questionnaire. Plus, two stupid 
> tests, plus writing an essay. Does not matter if you are well-known high 
> level professional - you should pass that crap of tests and writing. In 
> general, each US government department has some specifics in hiring, but it 
> is pretty standard and requires some time and devotion to deal with.
> 
> Some time ago I saw a paper that US government immediately needs 
> approximately 20,000 security professionals. My assumption - mostly in 
> activities associated with this list interests. However, I do not think the 
> government will do anything real to fill out this gap. NSA project in 
> question, which triggered this discussion, is an example. BTW, NSA build new 
> center in the middle of nowhere, somewhere in Mormon's country. If you like 
> Wild West, you can try that.
> 
> Summary: if you want good salary, thinking about retirement, health 
> insurance, etc., you can try to get there. You can earch through US 
> government departments' sites, and there are a few head-hunting portals 
> listing all departments, etc. But, be ready for specifics of hiring and 
> internal environment. In some places, like DC, you can find shocking results 
> of equal opportunity employment. I would assume that in some places you could 
> find good professional environment and good people to work with (I enjoyed 
> working with navy guys of my level), but do not count on that.
> 
> Good luck
> 
> Mikhail
> 
> 
> CONFIDENTIALITY NOTICE: This email communication and any attachments may 
> contain confidential 
> and privileged information for the use of the designated recipients named 
> above. If you are 
> not the intended recipient, you are hereby notified that you have received 
> this communication 
> in error and that any review, disclosure, dissemination, distribution or 
> copying of it or its 
> contents is prohibited. If you have received this communication in error, 
> please reply to the 
> sender immediately or by telephone at (617) 426-0600 and destroy all copies 
> of this communication 
> and any attachments. For further information regarding Commonwealth Care 
> Alliance's privacy policy, 
> please visit our Internet web site at http://www.commonwealthcare.org.
> 
>



Advertising working for the nsa on _this list_?

If you ask me, don't work for them, pwn them.

spam v



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]
  - From: Alexander Georgiev

References:
- Re: [Full-disclosure] Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]
  - From: Mikhail A. Utin

Prev by Date: [Full-disclosure] ISC Security Advisory: Handling of zero length rdata can cause named to terminate, unexpectedly
Next by Date: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran
Previous by thread: Re: [Full-disclosure] Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]
Next by thread: Re: [Full-disclosure] Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]
Index(es):
- Date
- Thread