backtop


Print 14 comment(s) - last by spaced_.. on Feb 20 at 9:29 PM

DOD is currently rewriting its cyber workforce policy

The U.S. Department of Defense (DOD) is rewriting its cyber workforce policy and reviewing current qualifications because it worries that too many cyber experts are underqualified or unprepared for such positions at DOD.

DOD wants to go on a hiring spree of capable cyber experts, but current certifications/qualifications necessary to work for DOD may not be enough to prepare these experts for the job ahead of them.

"One of the biggest threats to the DOD networks is the inability of DOD security professionals to secure the networks," a U.S. Army chief warrant officer assigned to U.S. Army Cyber said. "Many of these security professionals have the required certifications but no understanding how to truly secure the DOD networks and make poor decisions resulting in vulnerable networks."

One main issue is that these experts are merely required to do a lot of book training rather than hands-on training.

"The current requirements aren't turning out people who are prepared," said Jeff Moulton, a senior cyber researcher at the Georgia Tech Research Institute. "The school of hard knocks can teach quite a few lessons, but at DoD that can cost people's lives. Book training is simply not enough."


Another U.S. Army major said that one certification is not enough for an intrusion analyst, infrastructure support, incident responder, auditor and manager because these are five different professions with five completely different skill sets.

The current requirements for cyber security workers was put in place in August 2004 under DOD Directive 8570. It could use an update, especially considering technology and security measures have changed significantly since that time. And the problem is that technology changes so often that it's difficult for DOD to keep up.

"We're rewriting essentially all of the cyber workforce policy, so we are going to have an overarching cyber workforce policy that will include all of the cyber skills including cyber defenders, cyber attackers, malware analysts, all that stuff," said Richard Hale, Deputy Chief Information Officer for DOD Cybersecurity. "Then we will rewrite specific manuals underneath each."

Last month, the Pentagon said it planned to boost its cyber security unit five-fold from 900 trips to about 4,900 over the next several years.

Source: Defense News



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Well duh
By FITCamaro on 2/18/2013 1:50:30 PM , Rating: 4
Very rarely does the government recruit the best people. They recruit the best people that the companies of the world didn't want.




RE: Well duh
By Motoman on 2/18/2013 4:37:33 PM , Rating: 3
I've done work in a DOD installation before.

They are the remnants of society that simply can't get a job anywhere else. If you ever do work in a government facility, you'll no longer be astounded at how bad the government is at getting things done - you'll be astounded that anything *ever* gets done.


RE: Well duh
By half_duplex on 2/19/2013 9:47:20 AM , Rating: 2
I second this. The sad part is that they pay well enough to get top notch talent.

They don't need to revise the required credentials... they just need to draw attention to their job opportunities.

I know many people who are more than qualified, myself included, but I have not seen or heard of anyone seeing a DOD job posting.

The truth is, the current process of working or contracting for the DOD appears to be the same as any other government job... they are only attracting 'government/union types' candidates... those people who can't make it in the private sector and know it.


RE: Well duh
By Master Kenobi (blog) on 2/19/2013 10:47:14 PM , Rating: 2
I also endorse this. The biggest problem is once you are in, it is nearly impossible to get rid of you. Unlike the private sector where one needs to at least somewhat compete to maintain their job and pay over time, most government employees can be near worthless for their entire lifetime and it is perfectly acceptable. The old joke is the 80-20 rule, well in the government its more like the 95-5 rule. 95% of the government is worthless, the other 5% make everything happen. While you do occasionally see good talent make its way into the government either through contract or hire, they typically don't last more than 2-3 years before they return to or enter the private sector because they just can't deal with the high level of incompetence prevalent in the government.


RE: Well duh
By MadMan007 on 2/19/2013 2:06:04 AM , Rating: 1
I thought you worked for the VA? hmm...that would explain some things.


RE: Well duh
By umpalumpa on 2/19/2013 4:44:43 PM , Rating: 2
Maybe what the DOD needs to do is use private industry to protect them. Yes have a cyber warfare department, but have private businesses using their talent to monitor and block intrusions , trace and destroy those trying to access systems. All well and good to let the DOD do everything but a group of 100 of the best of the best could protect the us much more than the DOD could do, especially if they have access to the tools the DOD has.
Imagine having a 100gb fiber connection to your workstation.
Imagine having the backdoor to every system in the world.
Imagine being able to decrypt with the best and fastest equipment..
I can see a small group performing much much better than anything the DOD can do without all the faff involved in the DOD.


Well duh!
By Ammohunt on 2/18/2013 2:58:31 PM , Rating: 3
quote:
"One of the biggest threats to the DOD networks is the inability of DOD security professionals to secure the networks," a U.S. Army chief warrant officer assigned to U.S. Army Cyber said. "Many of these security professionals have the required certifications but no understanding how to truly secure the DOD networks and make poor decisions resulting in vulnerable networks."


Thats because you hire people based on the Clearance they possess and nothing more! Most ex-military types that have the proper clearance received the bare minimal crappy training on whatever proprietary system they worked on in the military and have no real world transferable knowledge or experience. Either teach these people real skills or spend the cash to get IT professionals like myself the clearances the job requires.




RE: Well duh!
By Milliamp on 2/19/2013 12:26:48 AM , Rating: 2
You can't teach people passion.


RE: Well duh!
By Master Kenobi (blog) on 2/19/2013 10:51:40 PM , Rating: 2
You also can't teach them the talent necessary to be top contenders. Most individuals within the military can simply do what they are told and follow a step by step process. The sad truth is most of the office workers in the military can be replaced with simple robots, we might even be better off, at least then they would work faster. The US Military lacks the talent and skills necessary to be taken seriously within the cyberwarfare field. They would be better off hiring a security/penetration testing company and give them a government endorsement to do what needs to be done. The results would be a whole lot better.


Engineering
By dsx724 on 2/18/2013 2:54:10 PM , Rating: 4
Today's advanced degrees and certifications have little relevance in engineering except for the top schools (and not as a result of the curriculum but rather the people that go there). The most talented people in the field have intuition, scope and practical experience. A piece of paper is no indication of a person's ability. Passion, creativity, comprehension and diversity of knowledge are far better indicators than any certification process that the DOD hires by.




Degrees are a problem too
By Milliamp on 2/18/2013 11:55:23 PM , Rating: 2
I wonder how much of the chaos and compromises are performed by people with degrees?

I used to be in security deep enough to know a lot of the best people are young with a lot of free time. Not exactly the polished DoD types.

As a professional I found a lot of knowledge of security causes a lot of distrust. If you know law people don't always to assume you to be a criminal but if you know computer security that seems to be the assumption with a lot of people I have met on my way up in my career.

You have to know what bad guys will come at you with if you plan to do well defending against it.




By f22dragoon on 2/19/2013 2:00:59 AM , Rating: 2
... bemoaning government employee's. Great irony is most of them would not be able to get hired for any of the jobs.

The idea that private sector selects for the best and brightest is also a bunch of bullshit. There are tonnes of poorly managed companies with shit people.

The reality is, that because of the nature of the bell curve most people are just mediocre and shit. Only maybe 10% of a population is expert. The rest are mediocre to absolute shit for anything.

Since most dailytechers are average, this means they are among the most mediocre as they exemplify in their rather naive opinions on many things.




Given all of the recent reports
By spaced_ on 2/20/2013 9:29:05 PM , Rating: 2
Perhaps the DOD should look towards hiring some Chinese to work for them.

Many pros associated:

- Proven expertise in cyber warfare
- Cuts costs 10x
- Management can get on with important tasks like watching cat videos.




By Milliamp on 2/19/2013 12:14:15 AM , Rating: 1
I'd also like to add that government generally moves slow as shit.

I once noticed a major mistake they made in the firewall of several critical systems. Lets just say that once the mistake was pointed out it was obvious and simple to fix. I decided to take on the project of getting them to fix it.

I spoke numerous people in numerous government organizations and the total process to get it resolved took over 6 months. Any normal company could have corrected this inside a couple of days.

At some point in my life I wanted to work for a 3 letter branch of government. It was working with government on this issue that I realized I am happy working for a civilian organization. Being a government employee would tie both hands behind my back in red tape to the point that I really couldn't accomplish anything useful.

As cool as it would be to be a computer security expert for the NSA, DHS, or CIA etc. after you get past the cool title all it would mean is I would have to overdress to sit through meetings where we accomplish nothing every day.




"My sex life is pretty good" -- Steve Jobs' random musings during the 2010 D8 conference














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki