Results 1 to 2 of 2

Thread: The process goes to the movies, or Pentagon new information security certification

  1. #1
    Council Member
    Join Date
    Nov 2007
    Boston, MA

    Default The process goes to the movies, or Pentagon new information security certification

    An update first (courtesy of the Washington Times):

    Quote Originally Posted by Washington Times
    The Pentagon has ordered all troops and officials involved in protecting computer networks from enemy hackers to undergo training in computer hacking themselves.

    A Feb. 25 update to a directive on information security from the office of the assistant defense secretary for networks and information integration requires workers involved in what the Pentagon calls computer-network defense to be certified in understanding as many as 150 hacking techniques.
    Here's how I'd read this. The guys tapped to head up this effort were snowed by their technical people and as a result are going to place human bodies in roles probably better served by an off-the-shelf 2u rack appliance per 100 target machines running some good vulnerability check software.

    Hacking covers a wide range of disciplines and arts that do not lend themselves well to the certification process, if for no other reason than the underlying technical and psychological assumptions change so frequently that there's little if anything approaching useful general principle. A general course looks more like a full year of collegiate study--and is aimed for the professional computer scientist and engineer, not the work-a-day technician. That general course usually considers 2-years minimum experience in on-the-job information security experience as a must, and only places tools in the hands of people apt enough to explore the vast, unpredictable landscape of penetration testing and defense.

    This is why security market vendors bundle training with their products. Train people to work very well with a very limited tool set--or better yet, replace them with appliances--and keep your over-educated, over paid generalists on retainer exorbitant to paper over the cracks.

    On the other hand, if DoD is spot on if they're looking to build the IT equivalent to the TSA.
    PH Cannady
    Correlate Systems

  2. #2
    Council Member Wargames Mark's Avatar
    Join Date
    Aug 2009
    Wherever you go, there you are...


    Quote Originally Posted by Presley Cannady View Post
    ...your over-educated, over paid generalists on retainer exorbitant...
    Boy-howdy. I feel this pain, though not in the IT security world.
    There are three kinds of people in this world:
    Those who can count, and those who can't.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts