Posted on Oct 1, 2013
Cybersecurity in the Army: How to Identify, Train, and Retain Future Cybersecurity Warriors
17.4K
36
24
4
4
0
<p>Recently I had a conversation with a Signal co-worker concerning the military's cybersecurity strategy and how to get a foot in the door in the cyber career field. He was very interested in becoming a hacker and wanted to learn what kind of training he should focus on to stand out from the crowd. After being turned down for a reclass into a cybersecurity job he is strongly considering an ETS. This conversation epitomized to me what I think is a failure in our current plans in developing an elite cyber force.</p><p> </p><p>First, I think there exists a pop culture definition of hacking that creates critical misconceptions in any conversation about the subject. This misconception exists at all levels, often even amongst those that work in the field.</p><p> </p><p>No one can teach you to hack. It is not a skill that can be learned by rote and offered up on the platter of military training. Running a script or a program is not hacking. Typing a command into a bash shell is not hacking. Even programming a Remote Access Tool is not hacking! A hacker is simply a person that understands his/her targets' chosen technologies better than they do and can think in a critical, outside the box fashion. Skilled hackers can identify and exploit the mental scotomas of their victims, using their oversights as pivot points to open up a vast chess board with an unlimited field of movement.</p><p> </p><p>If you want to be a hacker you must have strong foundations in computers from the hardware to the bare bones of network technologies. Reading and digesting RFCs on various TCP/IP packets and then getting excited when you see a way to use that packet in a way no one intended is a step in the right direction. A hacker sees a program crash or a computer blue screen and wonders if its reproducible or causes buffer overflows. A hacker must be a Cisco Engineer, a Microsoft subject matter expert, a Linux guru, and a Python, Bash, PowerShell, Ruby, Java, Assembler fool. In summary, we need technologists that are passionate about IT, motivated to learn new technologies, and subject matter experts in multiple domains.</p><p> </p><p>1. How do you identify soldiers with exceptional technology skills and the aptitude to apply those skills to an asymetric task such as hacking?</p><p> </p><p>2. What kind of training should be used to enhance the skills of selected soldiers and prepare them for their missions?</p><p> </p><p>3. How do you retain those soldiers after you have invested considerable time and energy into their training?</p>
Posted 11 y ago
Responses: 13
I agree with your thoughts of hacking being about the passion, capabilities, thoughtfulness, curiosity, and finesse. I've done just about every signal MOS short of going out with a manpack. I have observed, watched and patiently learned. I have studied and gotten elbow deep into equipment (breaking and repairing). I just wish I knew where to sign up for MOS' like cyber security. Because honestly our enemies are too different from us. They have drives and passions and motivations that could easily be exploited. They just as easily hire those who are not as knowledgeable about the equipment they use. They make mistakes and leave vulnerabilities. Show me where to sign, I'd love to become an asset in cyber security.
(4)
(0)
CW3(P) (Join to see)
Visit the 7 sig cmd link I have in the other post. It explains what MOS's are being accepted and how to apply, etc. Plus look into the new cyber enlisted MOS of 25D.
(2)
(0)
SGT (Join to see)
Talk to sfc hogan if you still have his contact. He helped recreate the 25D mos and has all the info.
(3)
(0)
SGT (Join to see)
Looked into 25D a big wall known as "not the MOS we are looking for" was there. They were only accepting SGT and above of the 25B MOS unfortunate for me.
(2)
(0)
Suspended Profile
1. How do you identify soldiers with exceptional technology skills and the aptitude to apply those skills to an asymetric task such as hacking?
Establishing an open capture the flag / skills assessment that will gauge any soldiers capability. There are many CTFs available as well as proven examples out there (netwars). This combined with psychological screening could provide the right people.
2. What kind of training should be used to enhance the skills of selected soldiers and prepare them for their missions?
Classes on self-learning methods, programming, reverse engineering, development and debugging, etc. These will establish a baseline - then incorporate popular frameworks.
3. How do you retain those soldiers after you have invested considerable time and energy into their training?
Incentives, money, and freedom to use skillsets. Adjusting the PCS schedule and training expectations would be helpful. "Pro" pay already exists for medical realm and bonus pay for needed MOS. These skillsets are different but also valuable and should be treated this way.
Establishing an open capture the flag / skills assessment that will gauge any soldiers capability. There are many CTFs available as well as proven examples out there (netwars). This combined with psychological screening could provide the right people.
2. What kind of training should be used to enhance the skills of selected soldiers and prepare them for their missions?
Classes on self-learning methods, programming, reverse engineering, development and debugging, etc. These will establish a baseline - then incorporate popular frameworks.
3. How do you retain those soldiers after you have invested considerable time and energy into their training?
Incentives, money, and freedom to use skillsets. Adjusting the PCS schedule and training expectations would be helpful. "Pro" pay already exists for medical realm and bonus pay for needed MOS. These skillsets are different but also valuable and should be treated this way.
Read This Next