25 April 2010
Security Clearance Management
29/04/10 12:01 Filed in: Security
When I was honorably discharged form the service, there was hardly any market for IT security professionals. Either you worked as a government contractor or as a government employee. Sad part is that with my rank and credentials, I would have entered into the federal employment arena as a GS9-GS11 range. Good luck there. There is a real negative bias in government hiring of outside labor coming in at anything other than a GS4-GS6 range.
Yes, I am more than a little miffed that my clearance lapsed and it is a REAL pain in the backside to get another one today. It is the chicken and the egg ting. To get the good paying security jobs, you need a clearance, to get a clearance you need a sponsor (employer) that is willing to handle your clearance. The other sucky part is that most clearance related jobs require immediate employment. They can't wait 6 months for your TS / SBI to go through the system.
My suggestion to ANYONE getting out of the military or a government job. Make sure you can transfer your clearance and do what you can to keep it active. Find a job before your contract ends and make sure your new employer is capable of keeping your clearance up to date. Don't take anyones word for it, check on it regularly yourself.
Yes, I am more than a little miffed that my clearance lapsed and it is a REAL pain in the backside to get another one today. It is the chicken and the egg ting. To get the good paying security jobs, you need a clearance, to get a clearance you need a sponsor (employer) that is willing to handle your clearance. The other sucky part is that most clearance related jobs require immediate employment. They can't wait 6 months for your TS / SBI to go through the system.
My suggestion to ANYONE getting out of the military or a government job. Make sure you can transfer your clearance and do what you can to keep it active. Find a job before your contract ends and make sure your new employer is capable of keeping your clearance up to date. Don't take anyones word for it, check on it regularly yourself.
Security Credentials
29/04/10 11:47 Filed in: Security
I just got an earful from one of my legal clients. Apparently I have been remiss in listing my security credentials.
I was trained in a security-minded atmosphere. Everyone in my shop had a Top Secret clearance or higher. I had a Top Secret / SBI, the highest you can get. People went to jail for not keeping information secure. No hand slap, or being put on report. You went to the brig, then a trial of some sort and off to federal prison. FYI: Federal prison does not do any form of parole or early release, you serve your whole sentence.
Now it seems like certifiable, credible people are few, and the demand is increasing. I researched the subject for about three days. Small Business owner looking to get a security clearance (My old one expired so long ago, they laughed when I asked to have it reinstated.). Nothing but brick walls. If you don't work for a government contractor or for the government, you can forget it.
I have not given up yet, I have some feelers out. An alternative seems to be some sort of background check certification. The companies I found seem shady and more focused on artificially pumping up their credentials than providing a viable service. I really didn't feel comfortable giving ANY of these over-marketed institutions my background information to have them go poking around.
If anything pops up, I will update this post.
I was trained in a security-minded atmosphere. Everyone in my shop had a Top Secret clearance or higher. I had a Top Secret / SBI, the highest you can get. People went to jail for not keeping information secure. No hand slap, or being put on report. You went to the brig, then a trial of some sort and off to federal prison. FYI: Federal prison does not do any form of parole or early release, you serve your whole sentence.
Now it seems like certifiable, credible people are few, and the demand is increasing. I researched the subject for about three days. Small Business owner looking to get a security clearance (My old one expired so long ago, they laughed when I asked to have it reinstated.). Nothing but brick walls. If you don't work for a government contractor or for the government, you can forget it.
I have not given up yet, I have some feelers out. An alternative seems to be some sort of background check certification. The companies I found seem shady and more focused on artificially pumping up their credentials than providing a viable service. I really didn't feel comfortable giving ANY of these over-marketed institutions my background information to have them go poking around.
If anything pops up, I will update this post.
NIST Bulletins
29/04/10 11:29 Filed in: Security
NIST has been updating their Information Technology Library (ITL) documents lately. Most of it is repackaged procedures from the mainframe days, but updated. The information is extremely relevant in todays cybercrime environment.
Recommended Reading:
Secure Management Of Keys In Cryptographic Applications: Guidance For Organizations
Cybersecurity Fundamentals For Small Business Owners
Protecting Information Systems With Firewalls: Revised Guidelines On Firewall Technologies And Policies
Risk Management Framework: Helping Organizations Implement Effective Information Security Programs
Security For Enterprise Telework And Remote Access Solutions
Security Of Cell Phones And PDAs
http://csrc.nist.gov/publications/PubsITLSB.html
There is a lot more information, but it is over 2 years old and needs to be reviewed.