Dailydave mailing list archives
Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security)
From: travis+ml-dailydave () subspacefield org
Date: Wed, 1 Sep 2010 17:30:38 -0700
On Tue, Aug 31, 2010 at 07:18:54PM -0700, Michal Zalewski wrote:
It's not as much that I suspect the government has questionable motives, of course; this is best left to the Slashdot crowd :P Rather, I feel that particularly when it comes to IT, it's plagued by problems far more profound that these plaguing the private sector. There are reasons why they have so much difficulty hiring security talent, and it has very little to do with any sort of a stigma associated with govt jobs.
Summary: Government: We need cyber-security, put out a contract for bids. CompanyA: We can do it for $120k/seat. CompanyB: We can do it for $100k/seat. CompanyC: We can do it for $140k/seat. Government: SELECT * FROM CONTRACTOR ORDER BY COST_PER_SEAT; CompanyB: Find us the people who are arguably qualified, and will work for a maximum of $50k, fill out an EPSQ, submit to a SSBI, and whose poo doesn't stink. Nobody who who has used the word "hacker" need apply. Nobody who has used bittorrent need apply. Nobody who looks odd need apply. No foreign nationals need apply. Nobody with ties of obligation to foreign nat'ls need apply. You need to know shell scripting and vi. And you'll relo to DC, MD, Northern VA, or some red state where land is really cheap, senators really influential, and sheep really scared. Leave your ipods, cell phones, thumb drives and laptops at home. You'll be working 12-hour shifts, and have to arrange vacation by trading days with co-workers. And don't think of using printer, FAX or email for personal use; we take FW&A very seriously. Three years later: Government: OMG, CompanyB is charging $120k/seat, put it up for bids. CompanyA: We can do it for $100k/seat. CompanyB: We can do it for $110k/seat. CompanyC: We can do it for $120k/seat. Government: SELECT * FROM CONTRACTOR ORDER BY COST_PER_SEAT; CompanyB: You're all fired. CompanyA: Hire half the employees of CompanyB, but decrease their salary by 20%. Make sure they're glad to have jobs. Employee perspective: No incentive to do better, because government won't ever pay contracting company more for above-average performance. But heaven forbid you mess up. Result: Massive CYA and buck-passing. Marginally-qualified employees (with some exceptions, of course) Exact minimum work required by contract. Highly qualified employees leave for greener pastures. -- It asked me for my race, so I wrote in "human". -- The Beastie Boys My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email john () subspacefield org to get blacklisted.
Attachment:
_bin
Description:
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Michal Zalewski (Aug 31)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) dan (Sep 01)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Michal Zalewski (Sep 01)
- Message not available
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Michal Zalewski (Sep 01)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) dan (Sep 01)
- Message not available
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Michal Zalewski (Sep 01)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) travis+ml-dailydave (Sep 02)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Michal Zalewski (Sep 01)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Fyodor (Sep 01)