SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, August 4, 2010

Conti and Easterly on Cyber Warriors

Posted on 8:34 AM by Unknown
Thanks to Lieutenant Colonel Gregory Conti and Lieutenant Colonel Jen Easterly for pointing me to their article Recruiting, Development, and Retention of Cyber Warriors Despite an Inhospitable Culture. They are doing a real service by examining cultural issues challenging the success of a Cyber Command.

I'd like to provide a few excerpts:

Until the end of the 20th Century combat arms expertise ruled the day, but in the 21st Century kinetic combat arms soldiers must learn to co-exist, cooperate, and coordinate with non-kinetic cyber warriors...

[E]xperience gained to date in building the Army Network Warfare Battalion (ANWB) overwhelmingly points to the critical need for a career path to effectively recruit, manage and retain cyber talent...

In the world of cyber warfare, experts such as Mr. Kaminksy are the “Chesty Pullers” of the 21st Century...

The problem often lies not in the talent or desire of these individuals, but in inflexible military human resource systems...

A big question is when to allow personnel to join a cyber warfare force. Should this occur immediately upon joining the service, or at a later point, after the individual has had operational, possibly even combat, experience. We believe the cyber force would be best enriched by allowing both options...

Regardless of entry point, though, care should be taken to select only those with a true passion and capacity for cyber warfare, not those with careerist or other ambitions. Under no circumstances should an individual be forced into a cyber warfare assignment. To fall into any of these traps will certainly create an unhealthy work environment that encourages talent to leave and undermines mission accomplishment...

Cyber Command must take advantage of the prior experience of incoming personnel, and link it closely with cyber-related career fields rather than the current haphazard approach that wastes years of academic preparation. In addition, we should identify talent as early as possible and track their careers, reaching out to them at an appropriate time...

We cannot build a professional cyber warfare force without viable cyber warfare career fields within each service. Recreating the current model that rotates personnel into and out of cyber assignments is insufficient. It drains training resources, induces skillset atrophy and encourages the departure of our best and brightest. For many specialists, an assignment away from their skill area is reason enough to leave the force...

We will know we have succeeded when we have General Officers, Sergeants Major, Senior Warrant Officers, Master Chiefs, and Chief Master Sergeants that are products of a pure cyber warfare career.

All of the above speaks to my experience, directly. What do you think?
Email ThisBlogThis!Share to XShare to Facebook
Posted in cybercommand | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • Review of Crypto Posted
    Amazon.com just posted my four star review of Crypto by Steven Levy. From the review : Steven Levy's "Crypto" is a fascinati...
  • SANS WhatWorks Summit in Forensics and Incident Response
    I wanted to remind everyone about the SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. The Agenda looks gre...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • Sguil 0.7.0 on Ubuntu 9.10
    Today I installed a Sguil client on a fresh installation of Ubuntu 9.10. It was really easy with the exception of one issue I had to troubl...
  • Microsoft Updates MS09-048 to Show XP Vulnerable to 2 of 3 CVEs
    Microsoft published a Major Revision of MS09-048 to show that Windows XP Service Pack 2 and Windows XP Service Pack 3* are now Affected So...
  • Understanding Responsible Disclosure of Threat Intelligence
    Imagine you're hiking in the woods one day. While stopping for a break you happen to find a mysterious package off to the side of the t...
  • Embedded Hardware and Software Pen Tester Positions in GE Smart Grid
    I was asked to help locate two candidates for positions in the GE Smart Grid initiative. We're looking for an Embedded Hardware Penetr...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ▼  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ▼  August (15)
      • GE Looking for Business Response Team Leader
      • Bejtlich on Silver Bullet Podcast
      • Review of Least Privilege Security Posted
      • Bejtlich Teaching at Black Hat Abu Dhabi 2010
      • Review of IT Security Metrics Posted
      • Review of Practical Lock Picking Posted
      • Consider Reading Network Flow Analysis
      • World's Worst Security Visualization?
      • Do You Use Visualization in Production?
      • Review of Wireshark Network Analysis Posted
      • Hexcompare and Finding New Tools
      • Conti and Easterly on Cyber Warriors
      • August 2010 Digital Forensics Magazine Published
      • July 2010 Hakin9 Magazine Published
      • Project Vigilant Is a Publicity Stunt
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile