Re: Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]

["Mikhail A. Utin" <mutin () commonwealthcare org>]

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
full-disclosure-request () lists grok org uk
Sent: Saturday, June 02, 2012 7:00 AM
To: full-disclosure () lists grok org uk
Subject: Full-Disclosure Digest, Vol 88, Issue 2

Send Full-Disclosure mailing list submissions to
        full-disclosure () lists grok org uk

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
        full-disclosure-request () lists grok org uk

You can reach the person managing the list at
        full-disclosure-owner () lists grok org uk

When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.


Today's Topics:

   1. Re: NSA Cyber security program [ maybe off-topic ]
      (InterN0T Advisories)
   2. TrueCaller Vulnerability Allows Changing Users    Details
      (Kuwait WhiteHat)
   3. Re: NSA Cyber security program [ maybe off-topic ]
      (Benjamin Kreuter)
   4. Re: NSA Cyber security program [ maybe off-topic ]
      (Alexander Georgiev)
   5. Re: NSA Cyber security program [ maybe off-topic ] (Urlan)


----------------------------------------------------------------------
My 10 cents:

While out of topic, the subject has touched a few people.
I worked for US Navy as information security analyst /contractor for a few years, and had two projects with US DoT. 
Plus, had an interview at .... Let's not to mention exact name.
I can share a few things with you guys.
First, US government employees are paid very well. There are several levels of (as I remember around 12 - 14) starting 
at 25-30K and up to around 150-170K. That is for non-managerial positions. With my MS in CS and IT and security 
experience I would easy target 120K. So, the same level as in private sector. Plus, they have numerous perks, and being 
just contractor I managed to use one. Plus, low cost very good health insurance, and pretty good pension after several 
years, which is much better than what the rest of US have.
So, those are positives. There are negatives as well. First, the environment is highly politicized, and technical upper 
level management is out of common sense. All is about getting more power. One top level manager once said during 
business meeting "There should be no humor during business meetings". And this idiot was absolutely serious.  The same 
manager later destroyed security department and moved information security in IT department, where one IT boy said 
"Even monkey can do vulnerability scanning". He was expected to replace me and my contact had been terminated. I was 
really happy to quit. BTW, it was not a dumb stupid base in the middle of nowhere. It was Naval System Command top 
research center.
Often US government big projects, like current related to cloud computing, are out of technical common sense and are 
driven by political will and something I name "legal corruption".  In my collection of the most stupid US government 
activity cases is so named NMCI project - Naval Marine Corp Intranet, which was not Intranet project at all. Who is 
interested to know details, please email me directly. I'm writing that because being government employee you would be 
involved in such stupid projects.

Concerning hiring process, it also very specific. To be hired, you need to file (now electronically) twenty pages of 
questionnaire. Plus, two stupid tests, plus writing an essay. Does not matter if you are well-known high level 
professional - you should pass that crap of tests and writing. In general, each US government department has some 
specifics in hiring, but it is pretty standard and requires some time and devotion to deal with.

Some time ago I saw a paper that US government immediately needs approximately 20,000 security professionals. My 
assumption - mostly in activities associated with this list interests. However, I do not think the government will do 
anything real to fill out this gap. NSA project in question, which triggered this discussion, is an example. BTW, NSA 
build new center in the middle of nowhere, somewhere in Mormon's country. If you like Wild West, you can try that.

Summary: if you want good salary, thinking about retirement, health insurance, etc., you can try to get there. You can 
earch through US government departments' sites, and there are a few head-hunting portals listing all departments, etc. 
But, be ready for specifics of hiring and internal environment. In some places, like DC, you can find shocking results 
of equal opportunity employment. I would assume that in some places you could find good professional environment and 
good people to work with (I enjoyed working with navy guys of my level), but do not count on that.

Good luck

Mikhail


CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/