-----Original Message-----
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
full-disclosure-requ...@lists.grok.org.uk
Sent: Saturday, June 02, 2012 7:00 AM
To: full-disclosure@lists.grok.org.uk
Subject: Full-Disclosure Digest, Vol 88, Issue 2
Send Full-Disclosure mailing list submissions to
full-disclosure@lists.grok.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-requ...@lists.grok.org.uk
You can reach the person managing the list at
full-disclosure-ow...@lists.grok.org.uk
When replying, please edit your Subject line so it is more specific than "Re:
Contents of Full-Disclosure digest..."
Note to digest recipients - when replying to digest posts, please trim your
post appropriately. Thank you.
Today's Topics:
1. Re: NSA Cyber security program [ maybe off-topic ]
(InterN0T Advisories)
2. TrueCaller Vulnerability Allows Changing Users Details
(Kuwait WhiteHat)
3. Re: NSA Cyber security program [ maybe off-topic ]
(Benjamin Kreuter)
4. Re: NSA Cyber security program [ maybe off-topic ]
(Alexander Georgiev)
5. Re: NSA Cyber security program [ maybe off-topic ] (Urlan)
----------------------------------------------------------------------
My 10 cents:
While out of topic, the subject has touched a few people.
I worked for US Navy as information security analyst /contractor for a few
years, and had two projects with US DoT. Plus, had an interview at .... Let's
not to mention exact name.
I can share a few things with you guys.
First, US government employees are paid very well. There are several levels of
(as I remember around 12 - 14) starting at 25-30K and up to around 150-170K.
That is for non-managerial positions. With my MS in CS and IT and security
experience I would easy target 120K. So, the same level as in private sector.
Plus, they have numerous perks, and being just contractor I managed to use one.
Plus, low cost very good health insurance, and pretty good pension after
several years, which is much better than what the rest of US have.
So, those are positives. There are negatives as well. First, the environment is
highly politicized, and technical upper level management is out of common
sense. All is about getting more power. One top level manager once said during
business meeting "There should be no humor during business meetings". And this
idiot was absolutely serious. The same manager later destroyed security
department and moved information security in IT department, where one IT boy
said "Even monkey can do vulnerability scanning". He was expected to replace me
and my contact had been terminated. I was really happy to quit. BTW, it was not
a dumb stupid base in the middle of nowhere. It was Naval System Command top
research center.
Often US government big projects, like current related to cloud computing, are
out of technical common sense and are driven by political will and something I
name "legal corruption". In my collection of the most stupid US government
activity cases is so named NMCI project - Naval Marine Corp Intranet, which was
not Intranet project at all. Who is interested to know details, please email me
directly. I'm writing that because being government employee you would be
involved in such stupid projects.
Concerning hiring process, it also very specific. To be hired, you need to file
(now electronically) twenty pages of questionnaire. Plus, two stupid tests,
plus writing an essay. Does not matter if you are well-known high level
professional - you should pass that crap of tests and writing. In general, each
US government department has some specifics in hiring, but it is pretty
standard and requires some time and devotion to deal with.
Some time ago I saw a paper that US government immediately needs approximately
20,000 security professionals. My assumption - mostly in activities associated
with this list interests. However, I do not think the government will do
anything real to fill out this gap. NSA project in question, which triggered
this discussion, is an example. BTW, NSA build new center in the middle of
nowhere, somewhere in Mormon's country. If you like Wild West, you can try that.
Summary: if you want good salary, thinking about retirement, health insurance,
etc., you can try to get there. You can earch through US government
departments' sites, and there are a few head-hunting portals listing all
departments, etc. But, be ready for specifics of hiring and internal
environment. In some places, like DC, you can find shocking results of equal
opportunity employment. I would assume that in some places you could find good
professional environment and good people to work with (I enjoyed working with
navy guys of my level), but do not count on that.
Good luck
Mikhail
CONFIDENTIALITY NOTICE: This email communication and any attachments may
contain confidential
and privileged information for the use of the designated recipients named
above. If you are
not the intended recipient, you are hereby notified that you have received this
communication
in error and that any review, disclosure, dissemination, distribution or
copying of it or its
contents is prohibited. If you have received this communication in error,
please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of
this communication
and any attachments. For further information regarding Commonwealth Care
Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
