Department of Defense Digital Security Job Opportunities

A friend of mine from DoD is trying to hire clueful digital security practitioners. He is looking for people to accept positions with DoD-wide and/or service-specific responsibilities. Skillsets needed include reverse engineering, incident response and analysis, penetration testing, and security engineering. The most important characteristic of the candidate is a desire to see DoD achieve its missions successfully. The next requirement is intense interest in the sorts of subjects discussed in this blog. A SECRET clearance is a minimum requirement but TS is preferred. Please email cyberjobs2009 [at] hotmail [dot] com if interested. I have no other information -- email the point of contact with all questions. Thank you.

Richard Bejtlich is teaching new classes in Las Vegas in 2009. Regular Las Vegas registration ends 1 July.

Comments

H. Carvey said…
Hotmail used to collect DoD-based job applications???
9:04 AM
Richard Bejtlich said…
The interested party didn't want to post a .mil email address in this blog post.
9:44 AM
yoshi said…
It appears silly and rather suspicious for an individual working for a government organization looking for applicants to use a hotmail address. I will go farther and say sending any information to that address should be avoided. I would also claim that his organization has policies against doing this.
10:34 AM
lostzero said…
I have a pretty good idea of who this individual is and his intentions are good, regardless of not wanting to reveal his .mil email address.
10:55 AM
Richard Bejtlich said…
"yoshi", do you think I would extend my blog, and hence my reputation, to some no-name individual? (Like, say, "yoshi"?)

What is this, the world's most intricate identity theft scam? You must be new here.
12:51 PM
Wayne S. Anderson said…
The challenge there is that the pay needs to be commensurate with the position. Information Security, for someone with appropriate credentials AND experience, is a pretty lucrative area in the more general IT industry.

The challenge then is the difficulty posed by giving up a certain standard of living to contribute to DoD or elsewhere in government for someone of the caliber that needs to be there and already has enclave level 8570.1 credentials AND a TS clearance.

Instead you end up with some homie that just finished college, took some classes, scraped a bare pass on the CISSP and hasnt had enough experience yet to have messed up anything on his record.

I wish your friend the best. Im seeing a lot of positive steps in the right direction over there particularly in the last 3-5 months but it will take some intensive focus at the political leadership levels and some tough choices to make that area effective.

-W
8:46 PM
bsdwiz said…
yeah, sounds interesting but how much $$ are they willing to pay?
9:49 AM
Unknown said…
The positions require an active DoD clearance so if you are qualified to apply then you are already in the DoD world and know what level of compensation to expect (which is not bad at all in my experience). Furthermore, assuming these are GS positions rather than contract, a big part of the compensation package is the pension that by and large no longer exists in the private sector. As for the "homie fresh out of college"...I don't think a pension that takes 30 years to earn is of much use to someone 50 years old.
9:13 AM
computer programming jobs said…
Yeah, I heard the salary range at the DDDS is pretty decent. I was considering a computer programming position there but I don't think that my bad record will fly with them.
8:17 PM
بناتي said…
This comment has been removed by a blog administrator.
2:14 AM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more