-----Original Message----- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of full-disclosure-requ...@lists.grok.org.uk Sent: Saturday, June 02, 2012 7:00 AM To: full-disclosure@lists.grok.org.uk Subject: Full-Disclosure Digest, Vol 88, Issue 2
Send Full-Disclosure mailing list submissions to full-disclosure@lists.grok.org.uk To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-requ...@lists.grok.org.uk You can reach the person managing the list at full-disclosure-ow...@lists.grok.org.uk When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. Re: NSA Cyber security program [ maybe off-topic ] (InterN0T Advisories) 2. TrueCaller Vulnerability Allows Changing Users Details (Kuwait WhiteHat) 3. Re: NSA Cyber security program [ maybe off-topic ] (Benjamin Kreuter) 4. Re: NSA Cyber security program [ maybe off-topic ] (Alexander Georgiev) 5. Re: NSA Cyber security program [ maybe off-topic ] (Urlan) ---------------------------------------------------------------------- My 10 cents: While out of topic, the subject has touched a few people. I worked for US Navy as information security analyst /contractor for a few years, and had two projects with US DoT. Plus, had an interview at .... Let's not to mention exact name. I can share a few things with you guys. First, US government employees are paid very well. There are several levels of (as I remember around 12 - 14) starting at 25-30K and up to around 150-170K. That is for non-managerial positions. With my MS in CS and IT and security experience I would easy target 120K. So, the same level as in private sector. Plus, they have numerous perks, and being just contractor I managed to use one. Plus, low cost very good health insurance, and pretty good pension after several years, which is much better than what the rest of US have. So, those are positives. There are negatives as well. First, the environment is highly politicized, and technical upper level management is out of common sense. All is about getting more power. One top level manager once said during business meeting "There should be no humor during business meetings". And this idiot was absolutely serious. The same manager later destroyed security department and moved information security in IT department, where one IT boy said "Even monkey can do vulnerability scanning". He was expected to replace me and my contact had been terminated. I was really happy to quit. BTW, it was not a dumb stupid base in the middle of nowhere. It was Naval System Command top research center. Often US government big projects, like current related to cloud computing, are out of technical common sense and are driven by political will and something I name "legal corruption". In my collection of the most stupid US government activity cases is so named NMCI project - Naval Marine Corp Intranet, which was not Intranet project at all. Who is interested to know details, please email me directly. I'm writing that because being government employee you would be involved in such stupid projects. Concerning hiring process, it also very specific. To be hired, you need to file (now electronically) twenty pages of questionnaire. Plus, two stupid tests, plus writing an essay. Does not matter if you are well-known high level professional - you should pass that crap of tests and writing. In general, each US government department has some specifics in hiring, but it is pretty standard and requires some time and devotion to deal with. Some time ago I saw a paper that US government immediately needs approximately 20,000 security professionals. My assumption - mostly in activities associated with this list interests. However, I do not think the government will do anything real to fill out this gap. NSA project in question, which triggered this discussion, is an example. BTW, NSA build new center in the middle of nowhere, somewhere in Mormon's country. If you like Wild West, you can try that. Summary: if you want good salary, thinking about retirement, health insurance, etc., you can try to get there. You can earch through US government departments' sites, and there are a few head-hunting portals listing all departments, etc. But, be ready for specifics of hiring and internal environment. In some places, like DC, you can find shocking results of equal opportunity employment. I would assume that in some places you could find good professional environment and good people to work with (I enjoyed working with navy guys of my level), but do not count on that. Good luck Mikhail CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/