DHS Wants To Hire 1,000 Cybersecurity Experts 222
Cyrus writes "DHS Secretary Janet Napolitano plans to hire 1,000 security experts over the next three years. 'Department officials could not say precisely how many cyberexperts now work at DHS and its various component agencies such as the Secret Service and Immigration and Customs Enforcement. Napolitano said she doubts it will be necessary to fill all 1,000 of the authorized positions, but she is focused on making DHS a "world-class cyberorganization."'" Cringely points out, "There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!," except he uses all caps and bold.
Equivalent of the TSA... (Score:5, Insightful)
Cringely points out, "There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!,"
No matter. These guys will be the "cybersecurity" equivalent of the TSA goons at the airport, probably with a management culture even worse than those poor slobs have to live with.
Nobody's going to work for a government salary.. (Score:2, Insightful)
When they can make over 6 figures easily, with private company perks and bonuses working outside the government.
If the DHS wants qualified people, they need to pay a competitive salary. Of course, u
Re:Well, I've already had my DHS background check. (Score:3, Insightful)
Re:Equivalent of the TSA... (Score:3, Insightful)
Or they could become overpaid IT techs who can't design an open access website to comply with government accessibility standards. How about 7 million to "install a firewall" from Norton or AVG or something?
Doesn't matter if they hire 10,000... (Score:3, Insightful)
...as long as they can't hire Bruce.
Cringely points out... (Score:4, Insightful)
..."There aren't one thousand civilian cybersecurity experts in the entire friggin' world!!!!,"
And he would certainly know, wouldn't he? World-reknowned expert that he is. On everything.
"World-class cyberorganization"? (Score:5, Insightful)
"Cyberorganization"? What the hell does that even mean? You use computers and computer networks? Computers and computer networks are your primary focus? Big goddamn deal! You don't see Microsoft or IBM or Cisco calling themselves "cybercorporations", do you?
Look at me, I spend a lot of my time on the Internet! I'm a cyberperson!
Yes, it's hight time to fight the Spam! (Score:5, Insightful)
Spammers brings much more harm to the world economy than Afghan tribesmen. Billions of people are working as slaves for free for spammers sorting out and deleting their junk day and night. Billions of hours of working time are being stolen as matter of course.
Maybe the DHS decided at last to tackle this problem? These experts and predators could make the word to sigh with relief. Godspeed!
Translation: (Score:2, Insightful)
security expert=security professional
And as everyone knows, professional=employed
So, they are saying that they're going to employ 1000 people with security nametags.
Business as usual, in other words.
Security clearances? (Score:2, Insightful)
This paragraph from the article is probably the most interesting point:
"Another item of great importance is a security clearance to do the work. This is where you will get only one brand of thinking; DoD or DoE clearance. This will prohibit the security "black hat" types from ever being involved in the project without coming from the DoD or Energy."
This will limit the pool of resources to such an extent to make the project worthless.
The real reason for this (Score:3, Insightful)
Summary: DHS gets to look more important.
If that is all that they do then be thankful. Be fearful that they start to push pointless rules on everyone.
Re:The U.S. government is EXTREMELY corrupt. (Score:5, Insightful)
In this case I'd say it's about damn time, that's probably a good starting point considering that so much of the military network is so completely hopeless right now, depending upon who their looking for it would take a goodly number of entry level employees just to get the simple stuff done. Let alone the more complex tasks.
Re:Cringely points out... (Score:1, Insightful)
Based on your post, you're a Contractor, which is who Government hires when actual work needs to get done.
Re:The head guy is from Microsoft (Score:5, Insightful)
Then you're forgetting the negative things that could happen. Like Linux declared a threat to national security.
Re:The American Way (Score:5, Insightful)
That's kind of a bogus observation. If you aren't world-class, then you are at the mercy of those who are. "World-class" doesn't mean "better than anyone else in the world." It just means "good enough to hold your own with the best in the world." Really, everybody needs world-class people. The pity is that not everyone can afford them.
Re:Security clearances? (Score:5, Insightful)
I'm going to go out on a limb here and guess that the DHS doesn't need uber-black hat types doing security for them. What they are looking for is a small army of semi-competent employees who can go from agency to agency, department to department and secure them by implementing generally accepted best practices. They need firewalls installed with the rulesets locked down. They need IDS and IPS devices configured. They need anti-virus and anti-malware on the workstations. They need VLANs configured, servers locked down, disaster recovery plans designed and implemented, etc.
This is the government we're talking about. They aren't looking for the best of the best. They're looking for good enough to get the job done. Maybe you guys have heard of the saying, "It's good enough for government work." ?? The DHS doesn't need anything that your average small business or Fortune ## organization doesn't need. They just need clean workstations, secure servers and reliable data. They need to be able to process their reams and reams of paperwork and forms and all the other nonsense that comes with the huge machinery of the Federal government.
Re:Well, I've already had my DHS background check. (Score:2, Insightful)
Maybe there aren't 1000 security experts (Score:3, Insightful)
... but there are surely tens of thousands of people that currently have, or can get, cyber security certification. This is good enough for government work.
Building Parnerships (Score:3, Insightful)
From the referenced link on list of priorities:
Building Partnerships: "We're defining our partnership models, making sure they're as efficient as possible, that they let the private sector work effectively with us and as one, and we're starting the process of developing a national cyberincident response process..."
Translation: If it's a problem with a security exposure in Microsoft Windows, hand it over to Microsoft to deal with. Let them do the coverup.
Re:Equivalent of the TSA... (Score:4, Insightful)
Their experts will be very effective, however, against the rather common type of attacker that you can block with the kind of network protection that anyone with half a brain already has. Their effectivity numbers will reflect the number of attacks repelled, and thus they'll be commended for their excellent work.
Re:World Class? (Score:3, Insightful)
Why Chicago lost the Olympics (Score:3, Insightful)
I think you can lay the blame at Chicago's loss of the Olympics squarely at the feet of DHS and Customs enforcement. The USA is NOT a friendly place to visit. I wish President Obama would have put an end to this Bush era foolishness, but it seems he wanted to cuddle up with the right wing Republicans instead. Strike, one. Strike, two.
Re:Security clearances? (Score:3, Insightful)
It's not accident that reputable companies won't hire them.
Re:The head guy is from Microsoft (Score:4, Insightful)
Notice the focus on words like "ecosystem", "religion" and placing the blame on machines and people. No mention of vulnerable drivers, protocols or applications.
Practical things would be
o Develop reliable methods of network protocol design to prevent vulnerabilites in network services.
o Proper application design so that the above aren't compromised by feature bloat of applications. "Hey, let's add macros and automatic E-mail sending/receiving to our application. Never know when it might come in useful".
Re:Yes there are over 1000... (Score:3, Insightful)
1000 people who think they are security experts would do far more harm than 5 people who actually are.
U.S. financial system unchanged. (Score:3, Insightful)
Re:Equivalent of the TSA... (Score:1, Insightful)
Yup. Sorry to say, but 91k isn't going to attrack the best and the brightest of anything. This isn't much different than other government. And they wonder why commercial people (non-government amployees) outsmart them daily. BTW, this is the same problem with the USPTO.
Re:World Class? (Score:3, Insightful)
Al Qaeda?
They're nothing on this stage.
Look to your trading partners for the real threat.