>Do the military "cyberwarriors" even have local admin rights on their machines?
We don't, hell I don't even have access to some of the basic tools I need (i.e. version control)
>Hackers don't sign up for active duty military.
They do, I've met the smartest people I know in the military . The hacker types never stay though they either get kicked out because they don't want to put up with the bullshit or separate after their first enlistment and quadruple their salary.
Basically the problem with the military is that they won't (or can't) pay enough to retain any of the talent they have and are unwilling to compensate for the low salary by changing the "culture" they've developed over the last century.
> We don't, hell I don't even have access to some of the basic tools I need (i.e. version control)
Yap. Dealing with the military as a customer I have definitely have seen red tape that goes beyond reasonable for security and actually downright counter-productive (the steps needed to jump through to "secure" a box, many are wasteful, antiquated, yet some obvious ones are not mentioned.
There are things like "tcpdump must not be installed". So debugging is a pain, so then fine, I'll just use a python wrapper around libpcap then.
Some of the password policies are odd, don't remember exactly but requiring large passwords made of random gibberish instead of long pass phrases just make people write them posted notes and carrying them in their wallets.
'They have tools to listen to network traffic. But we told them not to. It's fine.'
'So... if they don't intercept network traffic, they were trustworthy and it wouldn't matter. But if they are not trustworthy... they can still sniff the traffic? Are you sure it's fine?'
'Yeah, every modern network is switched so there is nothing to sniff'
> Basically the problem with the military is that they won't (or can't) pay enough to retain any of the talent they have and are unwilling to compensate for the low salary by changing the "culture" they've developed over the last century.
These are all problems that are slowly working their way up the policy chains. E.g. RAND has put out a very good study on all this, http://www.rand.org/pubs/research_reports/RR430.html that discusses the challenges with public sector/military hiring (and retention).
It may yet have to come down to putting the effort heavily on the Reserves though, because for all the other things the military can change, I don't see culture as being one of them. Even the legendarily free-wheeling communities like submarines and fighter aviation deal with red tape and subsuming egos to the team.
>These are all problems that are slowly working their way up the policy chains.
It doesn't matter that the problems are working their way up the policy chains if they are only going to die when they get to the top. You yourself admitted that they are unlikely to change the culture, and we both know they aren't about to pay a competitive wage to the military. Unfortunately, that leaves us with things exactly the way they are now.
The military likes to talk about starting to take various issues seriously, yet it is an exceptionally rare occasion when they actually do.
In larger tech companies there's plenty of red tape, and some of the best software developers I've seen don't care a lot about ego. People I've heard talk about public sector work (never heard any talk about military software security work) complain more about cultures where there are too many incentives to focus on the narrow mission of your own organizational subunit, and little feeling of (or decision-making with a view towards) the overall goals of the broader organization.
Company red tape and military culture is nothing alike.
The most "conservative" company would have techies that don't meet any customers come in a suit, and those are almost extinct now.
In a military, depending on where you are and your rank, you could detention / penalties for not being shaved, not having your shoes shined, having a haircut that's too long by a few centimeters. You often can't take a week (or even a day) off without weeks notice unless it's an emergency. You could go to jail for disobeying a higher up.
And most importantly, if you signed up for (say) 3 years, you can't quit before those three years are up. Seriously, if you think corporate red tape is anything remotely like serving in the military - you need to revisit your idea of what the military is.
I've been in .mil and .com and with at will employment at least in the more regulated industries its the same outcomes. Whats really different is the formality level.
So if your .com boss decides to fire you for being a dirty hippie, you pretty much get walked out and that's it. More likely they would make up a bunch of B.S. to "prove" your inadequacy so they don't have to pay severance or unemployment claims.
In .mil its surprisingly similar but much more formal. UCMJ article 15 punishments, some written formal counseling, courtmartial trial, yes you can get downsized in the .mil by reorgs making your slot coincidentally happen to disappear, its all very complicated and ritualistic but basically does the same thing as .com.
You only go to jail in .mil if you more or less want to. There are always alternatives that are generally easier than "just say no". Its vaguely similar to .com life in that telling your boss "no" is much more likely to get you fired than explaining "yes, but ...". Along with the traditional homer simpson move of just go to work and retire in place or monkey wrench stuff.
One difference is transferring is much easier and much more uniform in .mil if you have a bad boss than in .com where that may range from no-problemo to impossible without a career death penalty being assessed but usually on average much harder in .com world.
I suspect you misunderstood what I wrote: The army can easily discharge you even if you signed up for 3 years, with a variety of ways. However, YOU cannot quit as easily. That's a world of difference.
And re:transferring - that's another thing that's different in the army; The army can transfer you to, say, Iraq, with a couple of days notice, without giving you the ability to refuse. Ever had anything like that happen in your .com days?
Many hackers / security researchers wouldn't mind working for the military but they don't have the desire to go through basic training and learn the things that will be unnecessary to their main job.
If I were to join the military right now wanting to work on computer systems, how long would it take before I'm actually preforming that role, or would they have to "break" me first? Hackers have no desire to do that when they can easily stay in the private sector and earn twice the pay and have a nice cushy office to work out of.
There should be some kind of alternate route to joining the military for officer and specialization roles (in my opinion of course, I am certainly interested to here if anyone has objections). Give me a few tests, an interview, a basic physical, a polygraph, and some IT training to get familiar with the systems and let me go to work. High pay isn't really an issue for me personally as long as I enjoy the work and am constantly learning or teaching.
Having access to that information is a huge responsibility. There have been spies at all ranks that have done large amounts of harm to the US military. It is absolutely necessary to lock down machines and have strict security checks over each other a logging of everything.
Yes. http://www.military.com/join-armed-forces/air-force-bmt-boot... How much of that is really necessary to be in IT security though? I'm sure it makes you a better person, but when you have highly skilled individuals and show them that kind of requirement, the majority of them would rather stay in the private sector.
The exception is if you have a specialized degree there is officers school for the branches, but basic training is still required, you will still be marching and be broken in, but after that will be more classrooms than physical activities.
Pilots especially must be physically fit. I've heard that leg strength is especially important so that you don't pass out at high g-forces. Drone pilots probably not so much, obviously.
The Reserve forces might be slightly less rigorous, but I'm not positive.
The cyber warfare stuff is mostly Army and Navy though as far as I know.
Agencies like the DHS are the ones that are really struggling to find IT talent. They have a huge amount of responsibility (security all non-military government infrastructure) and have a bad reputation currently (because of airport security staff).
I more or less agree just some minor clarifications/nitpicks
> Officers got through OTS not BMT
> Reserve physical requirements are the same as Active duty requirements
> The Air Force's cyber warfare career field is called 1B4[1]
My dad was a helicopter pilot for the marine corps for 20 years and flew in desert storm and Iraq in the early 2000s. Growing up he was always in insane physical shape and actively participated and taught in Crucible[0] trainings. Part of it was certainly the 'culture' that surrounds the squadrons, but one day I asked him why he stays in shape when in war he'd never had to stand up to do his job? He told me the only thing separating him from a 'grunt' (ground soldier) was his helicopter, which the enemy could take away in an instant. The moral was you always train for the worst possible situation (being grounded behind enemy lines) and hope for the best (never having to stand up).
I don't understand how the military cannot afford to compete with the private sector. This is where wars will be won now (or soon). It's pretty important to defend ourselves. And we have trillions of dollars...
Part of it is that the government doesn't want to, the other part of it is that the American people would shit their pants if they found out that a low-ranking Soldier was making 6 figures a year off of taxpayer money. People resent it when government employees make more money than they do. Also, in the Army, you make the same amount of money no matter what your job is. The people they used to have that were only qualified to do laundry 40 hours a week as a full-time job get paid the same amount of money as intelligence analysts and information technology specialists.
The NSA has no problem paying for top talent, but they do it by going through consulting firms. It's true that most Americans would shit their pants at 6 figure soldiers, but few military skills are so valued by the open market. As we're constantly told by the tech media, you should prefer five $200,000 people to ten $100,000 people, or—god forbid—50+ people writing PowerShell scripts for minimum wage.
>It's true that most Americans would shit their pants at 6 figure soldiers, but few military skills are so valued by the open market.
Infantrymen won't have marketable skills, but we are talking about military security analysts. These guys often do have skills equivalent to their civilian counterparts. You seem to be making the same assumption that many others in this thread have: that all Soldiers are infantrymen of less than average intelligence.
The link upthread of us shows that annual pay for federal cybersecurity professionals is about on par with industry [1], especially when considering geography/cost of living.
My surprise had more to do with learning that cyberwarefare reservists exist, let alone enlisted soldiers. (I'm not familiar with the military.)
>My surprise had more to do with learning that cyberwarefare reservists exist..
I can see how you would be surprised. It seems counter-intuitive, but its actually normal for reservists in technical fields to be better at their jobs than the military. The best example I can think of is the field of aviation. Many reserve pilots are commercial pilots that get to fly 1000s of hours each year. Their full-time military counterparts don't get to fly their fancy fighter jets very often, because its really expensive.
Doctors and pilots get paid reasonably well by the military (especially once training, liability, etc. is factored in). We could probably do something reasonable in infosec.
>Doctors and pilots get paid reasonably well by the military.
Doctors are officers. This means that they get paid much more than Soldiers, but its still a laughably low amount when you compare it to a civilian doctor's salary.
Pilots are also officers. Their salaries are closer to the civilian world, but they are still probably a little low.
I don't think the Army is about to convert tens of thousands of IT specialists and Intel analysts from enlisted Soldiers to commissioned officers. Even if they did, the majority of them would still be making well below market rate.
Even the officer ranks that pay competitively require 10-20 years of service. At that point you are going to have a salary that's comparable to a civilian security analyst with a couple years' experience.
The people I interacted with most were Healthcare Information Systems Officers (70D), who were generally O-2 to O-4. Given that they tended to be fairly early career and living in low cost areas of the country, with college paid, it was a pretty good deal for them.
I think flexibility is the real problem with military hiring, not absolute pay levels.
After allowances, they are making about 52-70k depending on which rank they hold. That's not bad for what they do, but if they were actual doctors it would be terrible.
Its also not a technical job in the traditional sense, 70Ds typically spend 8 years as a 70B (Even though a lot of them will be slotted as 70Ds much earlier than this) which is essentially a management position at a medical facility.
From the description of 70D, it could end up being a technical job depending on the particular assignment, but its more oriented towards healthcare management types.
Its not a bad deal at all if you are looking for a way to pay off your student loans.
if you're a military doctor not only do you save approximately $200k on the cost of your schooling you also far outearn civilian doctors over med school and residency. even top residency programs pay very little. until you make attending (or possibly fellow) you are probably making half of what your peers in the military are making. military doctors earn less for the last 4-6 years of their service but they more than makeup for it over the first 8-10
The base pay is the same, but don't they have all kinds of extra pay they can tack on for various reasons? There is combat pay, but I'm sure there must be more than that.
John is correct. There are different types of extra pay, but they don't have anything for tech related jobs.
The allowances in the Army are for things like jumping out of a plane, scuba diving, foreign languages, combat pay, etc.
The Army still has this attitude that if you aren't outside all day, running around yelling at people, then you must not be doing any work. I'm not sure if that will ever change.
You can get extra money for all kinds of things. Knowing another language, certain career fields (i.e. special forces and contracting) still have re-enlistment bonuses, etc. etc. None of the "cyber" career fields, in the Air Force at least, get any sort of extra money that I'm aware of.
But they would not be low ranking soldiers all IT professionals would have to start at officer level - I did work at one ex civil service tech company and our grades still had a mapping to military and civilservice ones.
>But they would not be low ranking soldiers all IT professionals would have to start at officer level.
Officer income is higher than Enlisted income, but it still starts at around 34k for a single person. Depending on where you live, its probably going to be about 46k for someone that's married. That's still pretty low for the type of people they are looking for.
The military lost the war with the private sector some time ago, and that's why "defence" spending is in the trillions.
My comment at https://news.ycombinator.com/item?id=8009579 applies again. The 'cyberwar' does not matter, or at least not in a way that threatens the existing power structure. To the extent that there are duelling hackers out there, they're operating in the financial realm, which is very far from the military and extremely resistant to being told what to do.
Besides, conventional war is over between major powers. There's colonial policing, guerilla warfare, secret ops -- and then straight up to nuclear exchanges. NATO's eastern border is Poland; Russia's western border is some way east of Donetsk; in the middle is an ugly unacknowledged skirmish using Ukraine as a buffer zone. The skirmish will continue unescalated because neither side can afford to stop the gas pipelines flowing through Ukraine.
(The Russian missile launcher was tracked by, among other things, geotagged selfies on Instagram posted by one of the operators. Does that count as "cyberwar"?)
I think this is a prime example of how pay scales recruiting policies are very difficult to apply across a multi million person organization. If you change the rules for cyber positions, you must consider changing them for all positions. Rank and pay scales are the same across any GS position and across military ranks at this point - perhaps we should think about paying those with key skills more money, but that argument is extremely tough to implement and get legislated.
Result: "Forget it, let's just hire some contractors."
>If you change the rules for cyber positions, you must consider changing them for all positions. Rank and pay scales are the same across any GS position and across military ranks at this point..
This isn't entirely true. Unlike the military pay scale, the GS pay scale does have ways to pay certain fields more money. Its not very much in most cases, but its there. IT jobs generally get you 10% more than other fields.
The only GS jobs I know of that get a substantial about of extra money are the Scientific and Medical jobs. There are special codes that allow them to add at least another 50k-100k to their income, depending on the specific type of position that they hold.
It's difficult to "opt out" of GS pay scales, and even then if you do you then have to follow different recruiting patterns and are subject to fairly strict guidelines. They do have special scales for special positions, but from what I understand that takes awhile to establish and still has strict guidelines. (http://apps.opm.gov/SpecialRates/2014/index.aspx)
Federal recruiting can be quite a minefield, which is a significant problem in fast-moving professions. According to this article the NSA don't opt out of the GS scale, but that's not to say they don't offer temporary positions with slightly different criteria: http://work.chron.com/nsa-pay-scale-16399.html
I'm unsure if it's different on the military side but typically that pay / Basic allowance for housing / etc is also clearly defined in advance.
The NSA doesn't opt out of pay scales -- all general employees follow the GS pay scale with GS 10 removed (GS 9 promotes to GS 11). For those with a degree in certain fields, they follow an increased pay scale but along the same grade. For instance, someone with an electrical engineering degree would follow the GE pay scale, which still has the same path (GE 9, 11-15) but makes something like 2-10k more per year.
The biggest difference, is that their promotion structure is split into two parts: there is a technical route to promotion and an administrative route. This means that you can either be good at being in charge of people and get promoted (administrative), or just be good at what you do (technical). It leads to interesting situations where a GS12 is put in charge of divisions comprising GS15 veterans of 20 years experience, but all in all it is by far the best government run organization I've worked for.
Ah I seem to remember an article that said they did probably wired or a similar publication getting the wrong end of the stick.
The UK scientific civil service has similar problems in that for generic management roles they are paid fairly well for high end technical skills not so much.
Even worse once you get into roles for the TLA's - it will end up like the 30's where the only people that the security services could recruit where those with private incomes or ex military on pensions.
Civilian hackers have a solid intuitive understanding and can use that to select, build, and modify whatever tools they please according to their intentions, and use them however they want to.
Do the military "cyberwarriors" even have local admin rights on their machines? Do they have the education necessary to think about systems and vulnerabilities and the requisite leeway to use that knowledge, or are they (as I would guess) "highly trained," where "trained" means "good at following a set of procedures"?
I'm not knocking that as part of military culture. I want the people in control of weapons and aircraft, etc. to be great at following orders and the procedures they were trained to follow, and do little else. The ICMB fleet is not a place for improvisation.
But computer security is. It's a creativity-driven field that moves quickly, evolves hourly, and requires intellectual agility. I would imagine that from a locked-down, out-of-date OS with a years-long procurement cycle to buy third-rate software from huge, blundering contractors and no leeway to try new things on a whim, it would be impossible to beat a team of educated, unencumbered civilians in a field like this.
Of course, that's just a caricature of military culture that I'm imagining, but can anyone speak to this?
Special Operations forces are given considerable leeway to customize weapons and adjust uniform standards to the situation. I think the "cyberwarriors" would/should argue that their machines are their weapons and so should have similar latitude.
> I think the "cyberwarriors" would/should argue that their machines are their weapons and so should have similar latitude.
They have argued and lost because the big picture military only cares about PT tests, marksmanship, and hair cuts. No one important enough to change policy understands how computers work.
Only the Marine Corps and maybe Army really care about PT performance - from what I understand, promotions in the Navy and Air Force are based off of exams.
USAF cares quite a bit about PT, as they're using it as a force-shaping tool (a way to get rid of people as they downsize).
For years there was debate between the weightlifters and the runners in Air Force leadership over the best way to ensure a fit force. The runners won, which is why a waist measurement is now included in the PT standards.
In the Air Force you get a yearly Enlisted Performance Report or Officer Performance Report. Your OPR/EPR counts towards your promotion, and one of the sections of the OPR/EPR is how well you meet PT standards. Fail a PT test and you get a referral OPR/EPR, then you can pretty much kiss your military career goodbye.
The B-2 bomber pilots are closer to computer hackers... Hacking is long hours spent quietly trolling for marks and acquiring programs and contacts for your "bag of tricks".. With a few hours of frantic planting the hooks and grabbing what you can before the connection is cut.
Ideally, you're like the bomber pilots.. The first time you get noticed is when the bombs are going off and you're already got the data.
>It's a creativity-driven field that moves quickly, evolves hourly, and requires intellectual agility.
That does describe what is expected of military members in combat operations, so it isn't like the military shouldn't be able to apply that philosophy to this area.
I would think the issue is that the "cyberwarfare" group is new and so is being run like an ordinary technical unit, which means procedures and process out the ears and limited flexibility. The military could easily free them of that and let the unit run itself like a special operations unit.
>That does describe what is expected of military members in combat operations
Isn't the tactical playbook set On High? Obviously you need to react to a changing situation in combat, but wouldn't the standard responses to various situations be planned/tested/approved and then turned into training material by some central authority? Or is that sort of thing more up to officers in the field?
No. There are tactical principles that are taught, and basic tactical approaches, but a "tactical playbook" would be completely unwieldy.
The Soviet military used that system, including algorithms to determine which tactical approach to apply. Western military's have long focused on small unit initiative and rewarding novel tactics. A wartime military is the ultimate meritocracy.
Even in WWI, which is often stereotyped as stupid generals sending men walking into machine gun fire, there was a huge amount of tactical innovation from the lower levels (by 1917 they had developed the small unit tactics we still use today).
If we're trying to use uniformed military troops to hack servers remotely, we deserve to lose any 'cyber war.'
They should be used to gain physical access to hardware and people, for the purpose of applying the xkcd decryption heuristic[1]. Leave the hacking to the experts.
>If we're trying to use uniformed military troops to hack servers remotely, we deserve to lose any 'cyber war.'
Not all Soldiers are incompetent. Some of the most brilliant people I've met are people that I met while I was in the Army. China has created numerous units that focus on offensive hacking, and they are wildly successful.
Now, to clarify, I'm not saying that we should have troops performing cyber attacks, I'm just saying that it isn't necessarily an endeavor that's doomed to failure. You seem to be making the assumption that people in the military can't be as good at something as a civilian. That's simply not true. There is a lot of talent in the Army, its just that the organization and its rules are making it hard to be effective.
I know some people who were in the military who are very smart and technical, so I don't doubt there are some good people in there.
On the other hand, while this is admittedly very anecdotal, one really obvious common thread that I see in the vast majority of great hackers I've met has been a distrust (if not borderline disdain) for authority and seemingly needless process; which I have to imagine (having never served myself) doesn't fly really well in the military.
>On the other hand, while this is admittedly very anecdotal, one really obvious common thread that I see in the vast majority of great hackers I've met has been a distrust (if not borderline disdain) for authority and seemingly needless process
You are right, and I am one of those people, but there are some brilliant people out there who for some strange reason I cannot comprehend, love every fucking thing about the military. There are also those of us who do feel the way you described, that stay because we foolishly think we might some day be able to make the military a better place.
Where I work now, there are lots of former military members. All of us are happy that we don't have to deal with the bureaucracy, but most of us don't regret the time we did spend in the service.
I mean no disrespect to the soldiery, but why use soldiers for this, and not the DIA/NSA/CIA/various other TLAs? I guess that's what I'm confused about. Grunts wearing camouflage sitting in front of a laptop trying to outbrain someone seems humorously perverse. It's like some high-level bureaucrat has it in his mind that 'cyberattack' necessarily means that the military has to do it, because we obviously use the military for attacking things.
>I mean no disrespect to the soldiery, but why use soldiers for this, and not the DIA/NSA/CIA/various other TLAs?
I specifically said that I wasn't advocating this as a military mission. I was just stating that if it was a military mission, the Soldiers themselves wouldn't be the reason that it fails.
>Grunts wearing camouflage sitting in front of a laptop trying to outbrain someone seems humorously perverse.
A grunt is an infantryman. Not all Soldiers are grunts. The Soldiers that work as security analysts do it as a full time job. They still have to take a couple PT tests each year and qualify once or twice a year with an M16, but they spend most of their time doing their job.
I'm not sure how wearing camofluage affects a person's ability to use a computer? They are people like everyone else.
There are lots of downsides to the military as an employer. The dresscode is pretty far down that list.
The biggest downside, I think? As a civilian, it is my right to walk off a job at any time. Sure, there are expectations that I'll give you some notice (and I will) but worst comes to worst? I can always walk, and the worst my employer can do is call me bad names.
In the military, those contracts? they mean something. Yeah, you can ask to be transferred around; hell, I know someone who was able to actually quit the navy half way through basic, but it was a big fucking deal.
I mean, there are advantages to the military, too. I'm not saying it's a bad choice for everyone. I'm just saying that wearing dorky pants doesn't even make the list.
The military, like most government jobs, makes a lot of sense for someone who values stability. There are plenty of skilled people that value stability over the ability to leave; I'm just not one of them.
Not every talented person thinks the exact same way that you do. Its a fact that the way the military operates automatically excludes a large part of the talent pool that simply doesn't want to deal with all the bullshit, but everyone has their own set of priorities.
US Cyber Command, the main elite military cyberwarfare unit, is under the joint leadership of the NSA director. What they're doing now is moving the techniques "down-market" so that ordinary units have cyber capabilities as well. Think JSOC vs. regular infantry. You need both to be effective.
Amusing side note, the MD5 hash of CYBERCOM's mission statement, "9ec4c12949a4f31474f299058ce2b22a", is to my knowledge the only hash emblazoned on an agency seal.
The same reason the Army has mechanics to fix their tanks, not some "US Tank Repair Agency".
Also, if you were an officer, how willing would you be to trust a hacker from another agency, if you didn't have someone you trusted to vet their advice?
There'd also be concerns about red tape. If a low ranking officer isn't sure about something, can they put in a tech support ticket to a three letter agency?
I say that flippantly, but I mean that quite seriously. With the amount of resources available to the US military, I see no reason why they should constrain themselves to only a subset of capabilities, especially if the one they're cutting is less capital-intensive.
I absolutely agree that the "$5 wrench algorithm" is a rational choice for the military to pursue: not only is it more available to them than to other organizations, it also aligns more closely with some of their existing core competencies. But that doesn't need to, and shouldn't be, pursued to the exclusion of other approaches.
Those guys exist. But there are a whole host of reasons you'd want a force that could attack an enemy country's infrastructure remotely. As a chief example, it's far less inflammatory than boots on the ground.
Can you imagine the difference in reaction if we sent door-kickers on the ground to Natanz and smashed the Iranian centrifuges, rather than using Stuxnet?
The problem here is that there is a fundamental tension between hacking (or "advanced penetration testing" or "ethical hacking" or whatever) and the structure of the military.
The military relies upon rules and procedures to accomplish repeatable tasks at massive scale. Hacking is an individual or small collective endeavor that involves non-linear thinking and creative leaps.
Right now, they're trying to figure out how to work around that tension, and all we're seeing now are the early tests.
There's at least one other well known agency that focuses on cyber security.
The uniformed forces might have hackers, sure. The Coast Guard has heavy machine guns, but the US doesn't rely on them for naval defence - it's also got a whole other force (the Navy) which can do the heavy lifting.
If the Army doesn't have hackers to win cyber wars, it has hackers because it's a huge organisation that needs internal cyber security expertise.
That says it all there, written by the navy times. Seems like there is a bit of a culture problem, and the perception of tech people by the regular army/navy/whatever.
Apparently, anyone with deep technical skills in hacking computer systems is either a corporate drone, or a hippie.
The DOD cyber effort will be passed off department wide to a more function specific agency just as many other efforts before it. ie CDC NRC DARPA NASA
The specific culture or technical requirements of network technology efficacy will/has end/ed up in a more mixed agency such as the NSA or DIA(redux).
There are a lot of "hackers" in the DOD, as others have said they usually do not stay, but some do. The reason they seem like unicorns is because they usually end up working in the non cat video sector.
The fact is that people with unconventional (by military standards) are going to look at joining the military with skepticism, so right there the military is limiting its pool of potential security service men.
Since when has investing in cyberwarfare skills become a substitute for writing correct code?
Instead of thinking long term, and learning to write open, correct code in sane languages, the continued emphasis is in continuing to ship bug-ridden, untested, source either open with Linux, or closed source with Windows, in an insane languages like C, then announcing that investments need to be made in cybersecurity because the planet needs to be saved from hackers.
Why not focus on getting things right in the first place?
This doesn't seem quite right. It says reservists. They may also have roles in civilian life, but they are also part of the Military. That seems a bit deceptive in the title.
Yeah, the real title of the article is "In supersecret cyberwar game, civilian-sector techies pummel active-duty cyberwarriors". Not sure why it's different here, usually the mods fix any deviation from the original title. I suspect they'll be along shortly.
If American reservists are expected to become a more critical component/dependency for US full-time cyberwarfare defensive or offensive capabilities, would this lead in any way to more time asked of reserve forces at least until internal military specialists are considered to be on par with their civilian and reservist counterparts?
I'm curious if reservists deemed to have critical skills would be called upon to act beyond an amount comfortable for them, considering that they typically already have full-time day jobs as mentioned in the article.
> I'm curious if reservists deemed to have critical skills would be called upon to act beyond an amount comfortable for them, considering that they typically already have full-time day jobs as mentioned in the article.
Yes, that is certainly possible. The whole "1 weekend a month, 2 week a year" thing died with the World Trade Center. While Reserve units certainly try to maximize flexibility to try from interfering with their reservists work balance, getting called up unexpectedly (even for a period of months) is not that unusual if/when shit hits the fan somewhere.
yes I know quite senior (RSM) people in the UK TA (reserves) who got sent to the gulf for an extended period - though that company does sponsor a TA unit so was fairly cool with it.
>though that company does sponsor a TA unit so was fairly cool with it.
Do they have a choice in the matter? I'm just curious because here in the U.S. companies are obligated to hold your position for you until you get back.
I think there are sanctions (you are pissing of Liz II) and of course it might effect the senior mangers if their name came up for a gong or other honour.
They have discussed making it mandatory for employers to give paid leave to TA members for annual training.
What exactly is "amount comfortable to them?" I'm sure if you sign up for the reserves you're going to be ok to be called upon if needed? Since I think that's the whole point?
I know a reservist that got deployed for several months, so it isn't like it isn't heard of.
>Do the military "cyberwarriors" even have local admin rights on their machines?
We don't, hell I don't even have access to some of the basic tools I need (i.e. version control)
>Hackers don't sign up for active duty military.
They do, I've met the smartest people I know in the military . The hacker types never stay though they either get kicked out because they don't want to put up with the bullshit or separate after their first enlistment and quadruple their salary.
Basically the problem with the military is that they won't (or can't) pay enough to retain any of the talent they have and are unwilling to compensate for the low salary by changing the "culture" they've developed over the last century.