Schneier on Security
A blog covering security and security technology.
« Hacking a Time Poll |
| Funny "War on Photography" Anecdote »
April 21, 2009
DHS Recruitment Drive
General Dynamics Information Technology put out an ad last month on behalf of the Homeland Security Department seeking someone who could "think like the bad guy." Applicants, it said, must understand hackers' tools and tactics and be able to analyze Internet traffic and identify vulnerabilities in the federal systems.
In the Pentagon's budget request submitted last week, Defense Secretary Robert Gates said the Pentagon will increase the number of cyberexperts it can train each year from 80 to 250 by 2011.
Posted on April 21, 2009 at 6:25 AM
• 32 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Hasn't white house already managed this? They did hire a convicted thief to run their computers.
"think like the bad guy"?
I'm having a weird feeling that they will remember all applicants...
Looks like a real-world honeypot to me ;-)
It must be a honeypot they couldn't have gotten smart enough overnight to hire the right kind of people.
I would be more interested in the profile of "The Bad Guy" one is supposed to think alike.
With all the propaganda chaffs and flares that were fired over the last 8 years (and what Hollywood made out of it), I find it hard even to imagine what the real baddy would be like.
Is he/she a chinese teen? A bored north-european script-kiddie? Or an elderly Ex-KGB computer specialist (Hollywood got me there I guess)?
Well maybe just some medium-aged married father of 2 from some country not even it's neigbors can pronounce who took an interest in practical computer-related crime once they got internet Cafés and broadband over there.
Sure I'm interested, if they're actually ready to make an honest effort to protect America, rather than using security as a means of maintaining political tenure and supporting fiefdoms full of lifers who care more about their pensions than this country.
Why yeah, sure. I could work for them. I understand boondoggles, racism, sexism, divisiveness, entrapment, siphoning off money from salaried positions that are never filled, bullying people from behind a clearance and a badge, illegal domestic spying, bribes, kickbacks, cronyism, extortion, the need to protect popcorn stands in Iowa...
Oh, wait, am I thinking like the WRONG bad guys?
I knew I'd regret reading the comments.
Maybe some of you should sign up and show them how its done?
What is it you expect them to do? Request applications from cyberidiots?
I've got the perfect candidates!! They are two ex-FBI employees.
They just got busted watching teen girls at a changing room in a suburban mall.
They definitely "think like a bad guy", no? They probably still have their security clearances....:)
The whole organization was created from the ground up to be Bush's golden parachute. The existing intel agencies need to be retooled to do their jobs and also police each other. DHS is completely useless. We don't NEED another intelligence agency, especially one with this DHS's history for creating artificial crises, actionable harassment of law abiding people at the borders and in our airports, and sensationalizing the harvesting of low hanging fruit like those pizza nimrods in New Jersey. Recruit cyber idiots? Oh please. Enough of them already WORK there. Who the hell wants to work with - or FOR - that?
@ Eponymous "Sure...if..."
So that'd be a no, then?
Great for the guy or gal that gets the job... everyone else's resume will be forwarded to the FBI with the subject line "Suspect"
No thanks. I already work as a contractor for the Federal govt. This has been, and will be, the last time I ever work for any level of government.
I've never seen so much dead wood, lifer mentality then before I got here. You name it, and it happens: People sleeping at their desks, highly unqualified/incompetent people always getting promoted because they can't get fired, multiple redundant systems for data entry all from seperate internal groups insisting their solution *has* to be used, over dependance on contractor staff, which is treated *very* poorly.
I seriously wonder how this country stays a float.
1. I'd have to work in, and live near, Northern Virginia. No thanks.
2. Already need to be cleared TS/SCI. I didn't think they cleared people who "think like the bad guy." :-)
3. I would actually enjoy helping to secure their systems, but I'd insist on actual security -- not GovSecurSpeak Compliance, into which these type of positions typically degenerate. Well, I've got the education; I've got the experience ... You know where to find me.
You do know where to find me, right?
I don't think like a bad guy, but I can think like a naughty guy. Will this qualify? :)
Funny how Schneier and his little hobbit followers scream about rights and yet this baboon deletes any post that he doesn't like. What a chimp.
Swami, you'd be a more effective troll if you weren't so predictable. You wore out your welcome last year by using sockpuppets to fling insults at everyone in sight. When you came back to post another obnoxious comment without even a trace of a substantive argument, you knew perfectly well it was going to be deleted. Now you're completing your little gambit by complaining that your views are being suppressed. Ho hum.
If I'd thought anyone but me would remember who you are, I'd have left your original comment up just for the entertainment value. "Adults wouldn't post stupidity like this": so says Swami Poobah, the only person on this blog ever to come back and use *the same series of sockpuppet names* after being caught at it once! An expert on intelligence and maturity, clearly.
Despite all the scorn here, I've always thought all my fellow infosec professionals should strive to think like the bad guys, just as police should. Isn't that how you stop them? By trying to figure out what they might do next? And isn't the problem here that too many politicians and government workers are thinking like Hollywood writers instead of like bad guys? Or maybe it's best if the security people just respond to stuff after it happens instead of trying to figure it out ahead of time and stop it. Maybe that's what you guys are getting at?
Think like a bad guy? Hey, I run Linux...
@KnockKnock " didn't think they cleared people who "think like the bad guy." :-)"
Well there was Col. North, Adm Poindexter, robert hassen, Johnathan Pollard, Aldrich Ames, John Anthony Walker, Jr., Jerry Whitworth, Michael Walker, Robert Soblen, Kim Philby, Clyde Lee Conrad, Ronald Hoffman, Jeffrey Carney,Albert T. Sombolay, Virginia Jean Baynes, Frederick Christopher Hamilton, Michael Stephen Schwartz, Robert Stephan Lipka, Kurt G. Lessenthien, Harold James Nicholson, Ana Belen Montes....et cetera, et cetera, et cetera.
Seems like they are more than willing to give clearances to bad minded people...maybe just not those with a public record of badness.
Good memory there. When I saw this discussion I made it to North and Hansen before I got stuck.
That loud bang in the wind is Marcus Ranum shooting himself.
I don't believe we need focus on Security.
From what I have seen the real focus needs to be a WIDE understanding of Process Control and Quality Control with Security addressed as the need arises...
You should manage the forest and deal with the fire. Not spend all your time and effort getting ready for the fire (that may never happen)
If you read the ad, it only seeks people who already have security clearences (IOW, already work within the government).
Maybe one of these days they'll quit rustling each others' sheep and hire some new people.
Yeah, I know, paying for security clearences to be done is expensive but I'd think having your systems raped by intruders on a regular basis would also have a cost.
"Within microseconds of being turned on from first principals deduces the existence of fire, algebra, the tax code"... and ITIL.
I'd agree BUT - engineers who build things tend to think in straight lines. No Project Manager I know deliberately tries to find ways to break things (it is tough estimate time and cost and plays havoc with the schedule.)
DHS wants people who are built trying to look around corners from down the block.
@Anonymous I am an email/Messaging expert by trade... if I saw a job ad that said "Looking for someone who thinks like a spammer... or looking for someone who really understands how to ruin a mail database." I would RUN away
Saying your looking for someone to "think like the bad guy." implies a view of the job/position that is incorrect and kind of scary too.
i kinda take offense to your broad generalization... i have been in the federal work force for 15+ years, and like in any large workforce, have seen abuses. however, i have seen far more efforts to keep things "staying afloat" using what they have and honestly trying to make a difference.
but, i guess a contractor, ergo someone who does not regularly and consistently work with the federal workforce, would not see that range over time.
People power stems from having a big revolving door and cutting deals.
Problems make bigger doors, especially in computer security.
Security is hopeless in the USA.
@Fed Tech "i kinda take offense to your broad generalization"
Fedtech I was going to defend federal workforce having worked both for it and as a contractor for it for the last 25 years; including engagements within DHS. I've met many dedicated, highly skilled, smart GS people. People who are in it for more than just the money. I envy them their sense of mission.
Met some drones too. Drones have value though - lots of scut work needs doing.
But then I realized the people who say such things are not well informed or inclined to become well informed.
Someone saying that all federal workers are mediocere, non-achievers on the level of the FBI guards who were recently accused of peeping, fits their personal philosophical and political agendas. It's intentionally biased and arrogant.
Every disciplinary problem I've had to deal with, with a smart technical person resolved down to their thinking "I'm smarter than you, my manager or my customer so screw you! you ain't the boss of me".
That sort of arrogance isn't subject to modification from persuasion or facts.
But I suppose there is value in not just letting the slanging go unchallanged. For that I thank you.
@OP and others. Definitely a Trap.
@BF Skinner. People can't get to be smart it they ignore persuasion and facts. See projection: http://en.wikipedia.org/wiki/...
Well that's the problem isn't it?
People _don't want_ to be smart if it means giving up warm snuggly delusions.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..