Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Full-Disclosure Digest, Vol 88, Issue 2 Re: NSA Cyber security program [ maybe off-topic ]

From: Alexander Georgiev <alexander.georgiev () daloo de>
Date: Mon, 04 Jun 2012 20:58:49 +0200
I think its a quite intresting discussion. We are all security people
and having a sneak peak into work/payment of the US can't be bad. As we
learned the US government pays much better than the German does or that
this might be a lot of money for foreign people.

btw, thanks for the insight Mikhail!



Am 04.06.2012 20:35, schrieb Georgi Guninski:

On Mon, Jun 04, 2012 at 10:45:52AM -0400, Mikhail A. Utin wrote:


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
Of full-disclosure-request () lists grok org uk
Sent: Saturday, June 02, 2012 7:00 AM
To: full-disclosure () lists grok org uk
Subject: Full-Disclosure Digest, Vol 88, Issue 2

Send Full-Disclosure mailing list submissions to
     full-disclosure () lists grok org uk

To subscribe or unsubscribe via the World Wide Web, visit
     https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
     full-disclosure-request () lists grok org uk

You can reach the person managing the list at
     full-disclosure-owner () lists grok org uk

When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.


Today's Topics:

   1. Re: NSA Cyber security program [ maybe off-topic ]
      (InterN0T Advisories)
   2. TrueCaller Vulnerability Allows Changing Users Details
      (Kuwait WhiteHat)
   3. Re: NSA Cyber security program [ maybe off-topic ]
      (Benjamin Kreuter)
   4. Re: NSA Cyber security program [ maybe off-topic ]
      (Alexander Georgiev)
   5. Re: NSA Cyber security program [ maybe off-topic ] (Urlan)


----------------------------------------------------------------------
My 10 cents:

While out of topic, the subject has touched a few people.
I worked for US Navy as information security analyst /contractor for a few years, and had two projects with US DoT. 
Plus, had an interview at .... Let's not to mention exact name.
I can share a few things with you guys.
First, US government employees are paid very well. There are several levels of (as I remember around 12 - 14) 
starting at 25-30K and up to around 150-170K. That is for non-managerial positions. With my MS in CS and IT and 
security experience I would easy target 120K. So, the same level as in private sector. Plus, they have numerous 
perks, and being just contractor I managed to use one. Plus, low cost very good health insurance, and pretty good 
pension after several years, which is much better than what the rest of US have.
So, those are positives. There are negatives as well. First, the environment is highly politicized, and technical 
upper level management is out of common sense. All is about getting more power. One top level manager once said 
during business meeting "There should be no humor during business meetings". And this idiot was absolutely serious.  
The same manager later destroyed security department and moved information security in IT department, where one IT 
boy said "Even monkey can do vulnerability scanning". He was expected to replace me and my contact had been 
terminated. I was really happy to quit. BTW, it was not a dumb stupid base in the middle of nowhere. It was Naval 
System Command top research center.
Often US government big projects, like current related to cloud computing, are out of technical common sense and are 
driven by political will and something I name "legal corruption".  In my collection of the most stupid US government 
activity cases is so named NMCI project - Naval Marine Corp Intranet, which was not Intranet project at all. Who is 
interested to know details, please email me directly. I'm writing that because being government employee you would 
be involved in such stupid projects.

Concerning hiring process, it also very specific. To be hired, you need to file (now electronically) twenty pages of 
questionnaire. Plus, two stupid tests, plus writing an essay. Does not matter if you are well-known high level 
professional - you should pass that crap of tests and writing. In general, each US government department has some 
specifics in hiring, but it is pretty standard and requires some time and devotion to deal with.

Some time ago I saw a paper that US government immediately needs approximately 20,000 security professionals. My 
assumption - mostly in activities associated with this list interests. However, I do not think the government will 
do anything real to fill out this gap. NSA project in question, which triggered this discussion, is an example. BTW, 
NSA build new center in the middle of nowhere, somewhere in Mormon's country. If you like Wild West, you can try 
that.

Summary: if you want good salary, thinking about retirement, health insurance, etc., you can try to get there. You 
can earch through US government departments' sites, and there are a few head-hunting portals listing all 
departments, etc. But, be ready for specifics of hiring and internal environment. In some places, like DC, you can 
find shocking results of equal opportunity employment. I would assume that in some places you could find good 
professional environment and good people to work with (I enjoyed working with navy guys of my level), but do not 
count on that.

Good luck

Mikhail


CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.





Advertising working for the nsa on _this list_?

If you ask me, don't work for them, pwn them.

spam v



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: