Schneier on Security

Well, if they're anything like the rest of the country, they won't have any misgivings about hiring recent graduates of the 2-year Real Estate Flipper/Network Security Specialist mail-order training programs.

@I suppose it depends on what she meant by "expert."
___________

And also what she meant by "cybersecurity," perhaps moreso.

In "cybersecurity expert" there are two words that mean different things, or different levels, to different people.

Ooh, cushy Fed job? I volunteer. Do I have to move to DC, though?

@Mark J.: "Ooh, cushy Fed job? I volunteer. Do I have to move to DC, though?"
__________

If there were ever a job that should have a telecommute policy...

So.. if we couldn't get a security clearance before, you think now they'd be willing to overlook stupid youthful... transgressions of the electronic type?

I could probably quality as an "expert" in comparison to some of the people they will actually hire. After all, I've been reading Bruce's blog for years.

Probably she meant "anybody who is CISSP certified" by "expert".

I receive at least two offers a week from the DC area all looking for highly qualified experience security 'experts' but pay the equivalent of a high school intern. I always wonder who takes those gigs...

Could I become a cybersecurity expert in three years? I've got a computer, and hardly any of my passwords are "password." What else do I need?

I know better than to fall for a phishing scam. I figure that makes at least more of an expert than the FBI's boss.

http://www.theregister.co.uk/2009/10/08/...

Not that the Fed can print enough money for me to go work for DHS.

"cringly" wants to be cringely

If(CISSP == EXPERT) { die "Were all doomed!!!"; }

As someone who makes his living providing personal bodyguard detail and entourage services to high profile cyborgs, I resent the synonymous use of "cybersecurity" and "internet security."

If it's only 1000 openings then they will all be filled by nephews, nieces, and children of golfing buddies.

Let's say they can in fact 1000 'true' cybersecurity experts. My guess is only a fraction of them will last the government imposed bureaucracy and paper security rules they will have to endure.

In my experience what an organization needs to have a chance at securing their infrastructure is a core group of people who really care about just that and have very senior management behind their efforts to accomplish their goals.

Expert. Take the word apart.

Ex. a has-been
Spurt. drip under pressure

No Friday squid blogging? Here's a little help:

http://www.reuters.com/article/newsOne/...

I wonder if they consider hackers cybersecurity experts. I also wonder if they'd hire people with a history of hacking, or if said individuals would want to work for the government.

Although I suppose the U.S. has been doing some very high-profile top-level recruiting on this guy from England...

There are plenty of people out there claiming to be cyber-security experts, the challenge of course is that while the population of security experts continues to increase - sum total security IQ remains essentially stable.

Word counts:
1 cyberanalysts
1 cyberczar
1 cyberexperts
1 cybernetworks
1 cyberorganization
5 cybersecurity
1 cyberthreats
1 cyberwarfare
That's the most buzz-prefix heavy article I've read in quite some time. It's like the government realized that putting the letter "e" before a word to make it Internet-related is passé, and putting "i" before everything makes it sound like you work for Apple.

Time to get back to looking for a cyberjob in the cyberrecovering cybereconomy...

@Trevor: or adding é to every silent E to make a McDonalds commercial.

(I just had to. As an average American, I can't even find the key to put the accent on "passé," I had to cut/paste from yours =) )

Its like Y2K all over again.. That lovely smell of fear, government bureaucracy and easy money.. God I love capitalism. If history repeats itself we should have another 'bubble' too..

Have they started cloning bruce yet?

@Trevor

It makes for a hell of a drinking game.

"She said "cyber"! -shot-. "

``Cybersecurity'' is the new Java (is the new COBOL)

I find all of the flap about this story a bit puzzling.

I don't know what exactly they have in mind as "experts", but I'm kind of more interested in knowing what they want these experts to do. If we're talking about a bunch of people to do risk assessments, vulnerability analyses, secure coding practice education, liaising with/leaning on various corporations on security standards for critical or ubiquitous software packages/system (e.g. Office, Windows, Linux, Oracle, etc.),
etc. on Federal systems, then yes, I think they could find and would probably need more than 1000 such experts. If they're looking for people to design a secure national infrastructure, then no, I don't think they're going to find 1000 experts, and don't need them, either.

I suppose the technicians and managers who were helping the FBI do their computer upgrade in 2001-2006 will be certified a cybersecurity experts by middle of next year.

They've had a couple of years to work on the certification, after all.

http://www.washingtonpost.com/wp-dyn/content/...

When listening to announcements about cybersecurity be sure to process using a Wiener filter.

Will these 1000 experts be hired to replace 1000 among the hundreds of thousands of non-experts currently using government terminals to play pirated copies of Half-Life? Because that's the only way I can see this making even a dent.

Cloning?

What is scary is running across people who look more like me than I do... and, believe me, there's a surprising number, some older, some younger, so I am not one of the first to be stamped out.

The only problem I see with this kind of cloning is that the skills/talents are not likely to have been cloned.

Bob Cringely is Robert X. Cringely. "He" is not a "she", although only the airport scanner knows for sure ;)

@tim

is right...the pay for "experts" is below market.

If you are a firewall administrator with 3-5 years of network (preferably CISCO), incident response manager, policy development expert, 2-3 years of forensics, and 5 years of software development you can expect to be offered ... people (TSA) think they can hire for < 70k a year.

There are two somewhat loaded terms in use here, the first is expert. Of course with any expert its a matter of relative knowledge. To me the guy who fixes my car when it breaks is an expert on cars. To the mechanical engineer that designed the car, not so much. I suspect they're going to want people closer to the mechanic in this analogy. If thats the case, then I'm sure they're out there.

The second word that tends to confuse (at least in terms of what makes you an expert) is security. I've worked in security for over 10 years now, in that time I've given presentations at all the major conferences, written substantial parts of a number of commercial IDS/IPS products, worked doing pen-tests and code audits, etc etc...I'm definitely an expert in something, but the more I think about it I wouldn't really say that something is security. Although I work to improve security I think what I'm really an expert in is insecurity. The difference being that a security expert has to be an expert in all ways to defend, and insecurity expert has to be an expert in as little as a narrow area of how to attack. Often this is enough, and most working security professionals, even those with lots of talent are probably experts of insecurity rather than security. If that is good enough for DHS then they should be able to find them, if not, then good luck with that.

"Probably she meant 'anybody who is CISSP certified' by 'expert'". - Rochus

I have to admit that I had regarded the CISSP certification with awe and reverence until I started helping my partner review for the exam. To my surprise, *I* knew the answers to most of the review questions, and I'm a technical writer!

No need for 10000 experts. I nominate myself to solve all of their problems

They could hire some of those British pigs...

http://www.schneier.com/blog/archives/2009/10/...

All cybersecurity experts are equal, but some cybersecurity experts are more equal than others.

Cringely has become a bit...eccentric now that he no longer has editors to hold him in check. There are plenty of computer security experts out there. The NSA alone probably has 10000.

Well speaking as an ACTUAL "cybersecurity expert" who has been out of work for six weeks, I certainly could use one of those jobs. Meanwhile, my prior contract position has been reposted - at half the rate they had been paying me.

During economic hard times, everybody likes to jump on the "drive down the contracting rates" bandwagon, but nobody jumps on the "drive down the cost of tuition for my two kids in college" bandwagon.

i guess "expert" in a context like this does only mean "considered to be qualified by the people trying to sell their point to you".

nothing more.

.~.

Expert:

Ex is a has-been. Someone who used to be good.

(s)pert is a drip under pressure.

Enough said.

All you need to do is read a book and voila, you too are an expert! Reminds me of days past when you were considered a programmer if you could spell "C".

My education and experience qualify me fairly high up the food chain in the field of information assurance. (I can't stand the "cyber" moniker.)

I've seriously looked into the U.S. federal jobs offered, in my sort of old-fashioned notion that it might help serve my country.

I'd have to take a pay cut, move my family to one of the congested areas of the country from which I moved away, and get so entangled in federal government red tape that I couldn't perform my job.

Choices. Choices. Choices.

@J without the J

Everyone has needs...

now many of us have mission?

What is the "Metric" used to define a cyber expert? This is the problem with politicians.... they have no metrics, just needs.

I just applied, hope they hire me :P