Announcement

Collapse
No announcement yet.

DT In the news... Government, CyberSecurity, Inter-Agency cooperation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

    If there are a few others willing to participate, I would be willing to volunteer to write up the CFP for a panel discussion.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

    Comment


    • #17
      Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

      Originally posted by theprez98 View Post
      If there are a few others willing to participate, I would be willing to volunteer to write up the CFP for a panel discussion.
      To make what I said even more clear...

      I do not have plans (myself) to be on a stage. I don't like the cameras, I don't like the attention. I'll be happy to contribute from the sidelines, but I am stating for the record that I do not want to be on a panel.

      I think you're subscribed over on dc-stuff, which means you have an email address for me. If you'd like offline input (especially from the investigative side), I'm quite fine with that. I think this has the potential to be a good talk, and would probably be very interesting to most folks, and answer a lot of questions.

      You and Thorn (and others) would be great up there on the stage, under the lights.

      Comment


      • #18
        Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

        Originally posted by shrdlu View Post
        To make what I said even more clear...

        I do not have plans (myself) to be on a stage. I don't like the cameras, I don't like the attention. I'll be happy to contribute from the sidelines, but I am stating for the record that I do not want to be on a panel.

        I think you're subscribed over on dc-stuff, which means you have an email address for me. If you'd like offline input (especially from the investigative side), I'm quite fine with that. I think this has the potential to be a good talk, and would probably be very interesting to most folks, and answer a lot of questions.

        You and Thorn (and others) would be great up there on the stage, under the lights.
        Thanks for the vote of confidence, but I've never held a DOD or DOE clearance, so I wouldn't have the foggiest idea of what's required. Actually, from what I've heard in the past, I may be ineligible for them. My clearances (as such) were always on the state level.

        Besides, I'd probably get turned down for a Federal clearance since I distrust polygraphs exams to the point where I have never taken one, and have no intention of ever doing so. While the machines merely measure some basic physiological functions, the "exams" are nothing but voodoo science, and there is a very good reason that courts don't allow them. I have it on good authority that the average person can beat one in no less than thirteen different ways.
        Thorn
        "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

        Comment


        • #19
          Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

          Originally posted by Thorn View Post

          Besides, I'd probably get turned down for a Federal clearance since I distrust polygraphs exams to the point where I have never taken one, and have no intention of ever doing so. While the machines merely measure some basic physiological functions, the "exams" are nothing but voodoo science, and there is a very good reason that courts don't allow them. I have it on good authority that the average person can beat one in no less than thirteen different ways.
          In the immortal words of George Constanza, "It's not a lie, if you believe it".
          A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

          Comment


          • #20
            Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

            Originally posted by Thorn View Post
            Thanks for the vote of confidence, but I've never held a DOD or DOE clearance, so I wouldn't have the foggiest idea of what's required. Actually, from what I've heard in the past, I may be ineligible for them. My clearances (as such) were always on the state level.
            Okay, I admit it. I was just looking for other people to throw under the bus.

            Originally posted by Thorn View Post
            Besides, I'd probably get turned down for a Federal clearance since I distrust polygraphs exams to the point where I have never taken one, and have no intention of ever doing so.
            There are an amazing number of clearances that don't require (or even need) polygraphs. Poly stuff is usually for SCI/SAR kinds of things, and is too expensive to waste on garden variety Q and Secret clearances. The investigation alone is hideously expensive (and the company you work for pays, not the fedgov); adding in the cost of a poly would be insane and pointless.

            On the other hand...

            Originally posted by Thorn View Post
            While the machines merely measure some basic physiological functions, the "exams" are nothing but voodoo science, and there is a very good reason that courts don't allow them. I have it on good authority that the average person can beat one in no less than thirteen different ways.
            Actually, no they can't. I'm not a fan of them. I've seen far too many innocent people fail because they just couldn't control the nervousness. Still, every time I hear someone brag about how they beat a poly, I look for evidence, and I'm not seeing a lot of it. Do I think they're accurate? I think flipping a coin is more useful. However, the person giving and interpreting the poly for the clearance world is a much different animal than your one step above a sideshow police world.

            I know that someone, somewhere, just read that statement, and is now annoyed with me. So it goes.

            Yes, indeed, I've taken polygraphs. I've never had to take a lifestyle poly, but that's because I'm very good at sidestepping anything that would have required one. I should add that usually, by the time you're in a position where they'll want you to take a poly, you've been working for a while, you've had background investigations, and you're working in a pool of people that are going to pay attention to your behavior.

            Here's a fairly informative article:

            http://www.washingtonpost.com/wp-dyn...061901415.html

            Comment


            • #21
              Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

              URL3: Part 2: Q&A with Jeff Moss on computer hacking

              This is a part 2. This covers history, and opportunities. It covers questions about how much work it takes to become skilled in a discipline, and more.

              Comment


              • #22
                Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

                Another thing to consider is that not all problems needing to be solved are secret. I've been working on an idea that since it's public money being spent, the public should reap the results more directly.

                Often a project or problem has gobs of money thrown at it and it fails for whatever reason part way through. If applicable, why not open source it back to those who paid for it. At the very least something one department does half of before deciding to abandon it could save some other department a huge amount of work. Very much the open source mentality but applied to public projects. Often the project itself is not secret, just the contents.

                I'm also wondering what the potential for small projects or general 'we'd like it if this happened' could be posted somewhere and the public given an opportunity to solve the problem.

                There is an interesting situation up here where the gov funded a web app that would give you clear, side by side comparisons of the end cost of different plans between cell phone carriers. Obviously the carriers threw a fit and it was stopped, however there was an interesting call that since the development was paid for with public money, why not release it to the public and let them finish it.

                Much of this whole debate has been edicts of 'be more secure' without any followup guidance. Like most security, it's best if those being protected are given opportunity to be part of the process rather than seen as the problem (i.e. airport security).

                The fact that we have a twinge of guilt or worry about being 'caught' being curious about our security is proof that something is wrong. If the security is good enough, it should stand up to me taking photo's of it and insensitive enough to tolerate general poking. If I do find something of concern, who do I call without fear of being jackbooted?

                Yes I know this is very idealistic and pie in the sky, but it's a start. Comment away!
                Never drink anything larger than your head!





                Comment


                • #23
                  Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

                  Originally posted by renderman View Post
                  Another thing to consider is that not all problems needing to be solved are secret. I've been working on an idea that since it's public money being spent, the public should reap the results more directly.
                  Well...I don't know how they do things up in Communist Canadidia, but here in the good old US of Fuckin' A the problem is that the only governement or government contractor positions that seem to pay decently enough to compete with the corporate world require clearances.

                  Many agencies ridiculously over classify though....but that's a completely different discussion.
                  perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

                  Comment


                  • #24
                    Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

                    Originally posted by Melesse View Post
                    And that's all, since this thread is supposed to be about DT and how famous and easy he is.
                    Perhaps someone will split the thread.

                    Originally posted by renderman View Post
                    Another thing to consider is that not all problems needing to be solved are secret. I've been working on an idea that since it's public money being spent, the public should reap the results more directly.
                    Have you worked in the Government (employee or contractor)?

                    It's pretty much ALL about control....

                    I've seen some organizations/entities cooperate, but even then, it's about what they can get out of it.

                    Also, most Government employees (I'm not speaking of elected officials) really don't think of it is tax paper money, or even if they do, they really don't care.

                    Maybe other people here in this thread have other perspectives, but that's what I've seen on all levels of Government (Local, County, State, Federal)..

                    Don't get me wrong, there are good government employees. However, if you want to rise in the ranks to the positions where you control something like open sourcing a project, you probably had to sell part of your soul somewhere along the lines.
                    And I heard a voice in the midst of the four beasts, And I looked and behold: a pale horse. And his name, that sat on him, was Death. And Hell followed with him.

                    Comment


                    • #25
                      Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

                      Originally posted by Melesse View Post
                      And that's all, since this thread is supposed to be about DT and how famous and easy he is.

                      Wait, easy to find. Right.
                      Originally posted by HighWiz View Post
                      Perhaps someone will split the thread.
                      I don't think splitting is really needed... it is not like we have competition between two different topics in the same thread. (We are in the middle of October during one of the slow times on the forum.) It seems more like the topic of this thread evolved with no dissension. Any mods that still wants to split it can do so if they want, but at this point, I don't think enough would be gained to justify the splitting, so I won't be splitting it. (I'm lazy. ;-)

                      Carry-on. :-)

                      Comment


                      • #26
                        Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

                        Originally posted by shrdlu View Post
                        Actually, no they can't. I'm not a fan of them. I've seen far too many innocent people fail because they just couldn't control the nervousness. Still, every time I hear someone brag about how they beat a poly, I look for evidence, and I'm not seeing a lot of it. Do I think they're accurate? I think flipping a coin is more useful. However, the person giving and interpreting the poly for the clearance world is a much different animal than your one step above a sideshow police world.
                        Perhaps someone with a poly could create a Defcon contest. If anything it would be good for laughs.

                        Originally posted by HighWiz View Post
                        Don't get me wrong, there are good government employees. However, if you want to rise in the ranks to the positions where you control something like open sourcing a project, you probably had to sell part of your soul somewhere along the lines.
                        Wish I had a soul to sell, mine is mortgaged to the hilt.


                        xor
                        Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                        Comment


                        • #27
                          Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

                          Originally posted by HighWiz View Post
                          Have you worked in the Government (employee or contractor)?

                          It's pretty much ALL about control....
                          I'm working some gov agency contracts right now but nothing requiring clearance. I'm far from any place that needs them and frankly, it's Canada, what secrets?

                          Yeah, your right, no one gets through the ranks by giving anything away and that's part of the problem, the right people aren't interested in the job.

                          It's back to the same problem, competitive compensation. That begs the question of how to attract talent. The flip side is that maybe not putting things online would reduce need, or at the least, minimize what the impact would be if something was compromised.
                          Never drink anything larger than your head!





                          Comment


                          • #28
                            Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

                            Originally posted by xor View Post
                            Perhaps someone with a poly could create a Defcon contest. If anything it would be good for laughs.
                            The kind of person willing to put on such a circus sideshow is not the same species as a person who administers polygraphs for clearances. The world is very black and white to many people in that world (lord knows I certainly have that feature). It's just a different outlook on things, and I'm not sure that posting in a forum is going to adequately explain those differences.

                            [edit]

                            Here's references to the most recent directives governing information security. Please note that this supercedes the DCID 6/3 & co.

                            http://infosecurity.us/?p=1918

                            Brought to you by the Office of the Director of National Intelligence. Download and read the PDFs. It will be good for you. There will be a pop quiz tomorrow morning.

                            This means that my years of memorizing the pertinent portions of the 6/3 were all for naught. As an amusement, my current signature is from a security plan.
                            Last edited by shrdlu; October 19, 2009, 23:07.

                            Comment


                            • #29
                              Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

                              Originally posted by HighWiz View Post
                              ...

                              Also, most Government employees (I'm not speaking of elected officials) really don't think of it is tax paper money, or even if they do, they really don't care.

                              Maybe other people here in this thread have other perspectives, but that's what I've seen on all levels of Government (Local, County, State, Federal)..

                              ...
                              My experience working in three of those four is that there is a direct correlation between contact with the public and caring about "tax payer money" as a concept. i.e. The . further away from direct contact with the taxpayers, the less likely they are to give a damn. The part that always amazed me was the bureaucrats who could bitch one moment about their own personal taxes increasing, and then in the next breath be seeking "state funding" or "federal funding" for a pet project. They never seemed to make any connection between the two.

                              Elected officials are the worst. They think of public money as their own feeding trough, unless being interviewed by the press. Then they express the same sincerity and deep concern about the taxes as they have for any other issue. The lifespan of said issue being until the cameras are off and the reporters are out of sight.
                              Thorn
                              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                              Comment


                              • #30
                                Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

                                Originally posted by renderman View Post
                                Another thing to consider is that not all problems needing to be solved are secret. I've been working on an idea that since it's public money being spent, the public should reap the results more directly.
                                I live right outside DC, and whenever I entertain the notion of leaving my cushy overpaid job for a position of challenge and peruse the USAJobs website, all I see is TS/SCI staring me in the face. Is that a requirement for all Gov infosec/SysAdmin positions?

                                The alternative is that the non-clearance jobs are just getting snapped up fast, and it's the TS/SCI ones that are languishing open for months.

                                M.
                                Last edited by Melesse; October 20, 2009, 11:28. Reason: For clarity
                                Secretary

                                Comment

                                Working...
                                X