On Mon, Jun 04, 2012 at 10:45:52AM -0400, Mikhail A. Utin wrote: > > > -----Original Message----- > From: full-disclosure-boun...@lists.grok.org.uk > [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of > full-disclosure-requ...@lists.grok.org.uk > Sent: Saturday, June 02, 2012 7:00 AM > To: full-disclosure@lists.grok.org.uk > Subject: Full-Disclosure Digest, Vol 88, Issue 2 > > Send Full-Disclosure mailing list submissions to > full-disclosure@lists.grok.org.uk > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > or, via email, send a message with subject or body 'help' to > full-disclosure-requ...@lists.grok.org.uk > > You can reach the person managing the list at > full-disclosure-ow...@lists.grok.org.uk > > When replying, please edit your Subject line so it is more specific than "Re: > Contents of Full-Disclosure digest..." > > > Note to digest recipients - when replying to digest posts, please trim your > post appropriately. Thank you. > > > Today's Topics: > > 1. Re: NSA Cyber security program [ maybe off-topic ] > (InterN0T Advisories) > 2. TrueCaller Vulnerability Allows Changing Users Details > (Kuwait WhiteHat) > 3. Re: NSA Cyber security program [ maybe off-topic ] > (Benjamin Kreuter) > 4. Re: NSA Cyber security program [ maybe off-topic ] > (Alexander Georgiev) > 5. Re: NSA Cyber security program [ maybe off-topic ] (Urlan) > > > ---------------------------------------------------------------------- > My 10 cents: > > While out of topic, the subject has touched a few people. > I worked for US Navy as information security analyst /contractor for a few > years, and had two projects with US DoT. Plus, had an interview at .... Let's > not to mention exact name. > I can share a few things with you guys. > First, US government employees are paid very well. There are several levels > of (as I remember around 12 - 14) starting at 25-30K and up to around > 150-170K. That is for non-managerial positions. With my MS in CS and IT and > security experience I would easy target 120K. So, the same level as in > private sector. Plus, they have numerous perks, and being just contractor I > managed to use one. Plus, low cost very good health insurance, and pretty > good pension after several years, which is much better than what the rest of > US have. > So, those are positives. There are negatives as well. First, the environment > is highly politicized, and technical upper level management is out of common > sense. All is about getting more power. One top level manager once said > during business meeting "There should be no humor during business meetings". > And this idiot was absolutely serious. The same manager later destroyed > security department and moved information security in IT department, where > one IT boy said "Even monkey can do vulnerability scanning". He was expected > to replace me and my contact had been terminated. I was really happy to quit. > BTW, it was not a dumb stupid base in the middle of nowhere. It was Naval > System Command top research center. > Often US government big projects, like current related to cloud computing, > are out of technical common sense and are driven by political will and > something I name "legal corruption". In my collection of the most stupid US > government activity cases is so named NMCI project - Naval Marine Corp > Intranet, which was not Intranet project at all. Who is interested to know > details, please email me directly. I'm writing that because being government > employee you would be involved in such stupid projects. > > Concerning hiring process, it also very specific. To be hired, you need to > file (now electronically) twenty pages of questionnaire. Plus, two stupid > tests, plus writing an essay. Does not matter if you are well-known high > level professional - you should pass that crap of tests and writing. In > general, each US government department has some specifics in hiring, but it > is pretty standard and requires some time and devotion to deal with. > > Some time ago I saw a paper that US government immediately needs > approximately 20,000 security professionals. My assumption - mostly in > activities associated with this list interests. However, I do not think the > government will do anything real to fill out this gap. NSA project in > question, which triggered this discussion, is an example. BTW, NSA build new > center in the middle of nowhere, somewhere in Mormon's country. If you like > Wild West, you can try that. > > Summary: if you want good salary, thinking about retirement, health > insurance, etc., you can try to get there. You can earch through US > government departments' sites, and there are a few head-hunting portals > listing all departments, etc. But, be ready for specifics of hiring and > internal environment. In some places, like DC, you can find shocking results > of equal opportunity employment. I would assume that in some places you could > find good professional environment and good people to work with (I enjoyed > working with navy guys of my level), but do not count on that. > > Good luck > > Mikhail > > > CONFIDENTIALITY NOTICE: This email communication and any attachments may > contain confidential > and privileged information for the use of the designated recipients named > above. If you are > not the intended recipient, you are hereby notified that you have received > this communication > in error and that any review, disclosure, dissemination, distribution or > copying of it or its > contents is prohibited. If you have received this communication in error, > please reply to the > sender immediately or by telephone at (617) 426-0600 and destroy all copies > of this communication > and any attachments. For further information regarding Commonwealth Care > Alliance's privacy policy, > please visit our Internet web site at http://www.commonwealthcare.org. > >
Advertising working for the nsa on _this list_? If you ask me, don't work for them, pwn them. spam v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
