U.S. Gov't Sponsors InfoSec Defense Training 115
Anomolous Cow Herd writes: "CNN is reporting that the U.S. government is awarding scholarships to a select few computer science students to study information security, with the caveat that they must agree to work for a government agency for at least two years afterwards. This is in response to the general state of paranoia that has ensued since 9/11, with 'cybersecurity' as a high priority. Considering that a vast majority of government agencies run on Windows NT and derivatives, it's no wonder that they consider the eventual graduating class of 180 'doesn't have a chance.'"
Re:I don't know about you (Score:2)
Re:I don't know about you (Score:1)
The fact is (Score:1, Troll)
Re:The fact is (Score:5, Insightful)
On what basis do you make that statement? The most brilliant people almost always look for intellectual challenges and you are much more likely to find those challenges in an academic setting (because that's the point of them). Certainly some very intelligent people burn out and drop out of school but they generally do not live up to their potential intellectually, despite the fact that they may well have a much more satisfying life.
In reality, most of the really brilliant people in this world are professors in universities (note that the reverse is not nessecarily true however).
Re:The fact is (Score:1)
Cheers,
Jake
Re:The fact is (Score:1)
Re:The fact is (Score:1)
Even I find the work to be too simple. Once, I skipped six consecutive weeks of a philosophy class and ended up with a B+.
I think that this is less of a problem with IT, but the problem exists, even in reputable colleges.
Steve
Re:The fact is (Score:2)
OT: College slacking strategies (Score:3, Interesting)
The exams were usually well over 80% based on the course lectures, which tended to be an overview of the reading. The better professors threw in some easy nuggets that were never discussed in class, only in the readings. The weaker ones lectured basically the books plus some fill-in material, but the fill in was just glue to give the course some coherency.
I found that I could ace most classes if I wrote an A paper and scored an A on the exam. The work it took to do this involved light reading of research material and great class notes. The actual assigned reading I generally just skimmed to make sure there was no great deviation from the lectures. I seldom if ever actually "read" it, except for literature assignments. Just going to class, writing notes and doing the paper was all it took.
I discussed this with a friend who is a history professor and he said that undergrad land its pretty difficult to have significant test material on assigned readings without 2/3s of the class getting Ds or Fs -- even if he announces on day 1 that 50% of the exams will be taken exclusively from readings not lectured in class. He thinks its legit to do this, but hes gotten flak from department people who say its beyond the scope of the average undergrad to assimilate meaning from academic readings.
I would assume at serious classes at high-end academic places like Harvard would have lectures that didn't cover the readings AND readings not included in the lectures, making it impossible (without notes from somebody who WAS there) to get more than C if you skipped lectures.
At other schools (mine was a big 10 university), skipping lectures was suicide but skipping the reading was not.
Re:The fact is (Score:4, Insightful)
Certainly, some intelligent people don't get formally trained. Alot more do.
There is much less correlation between brilliance in the academic success and commercial success - alot of bright people have relatively ordinary jobs. It depends on what they want out of life.
So I don't think that this would deter all the prospective applicants for such a scheme, even though I would value my freedom more than that. Then again, I didn't really have any financial problems through Uni.
If it gives people an opportunity that they might not otherwise get, 2 years of work isn't a bad deal.
My 2c worth
Michael
Re:The fact is (Score:1)
Could be worse. (Score:5, Insightful)
Re:Could be worse. (Score:1)
Bo^h^h CyberCorps knows Football! (Score:1)
Don't discount the athletic ability of the CyberCorps!
At the University of Tulsa, we made it to the finals for Intramural Flag Football. However, I don't believe TU's real football team could handle writing an Intrusion Detection System for a Signalling System Seven telecom network. Check us out! [utulsa.edu]
Re:Could be worse. (Score:1)
Good for Linux? (Score:3, Interesting)
Re:Good for Linux? (Score:1)
imagine if you will, this conversation,
boss: "hey, the dataserver needs to be rebooted again- hey new guy, go do it."
newguy: "um, why does it have to be rebooted?"
boss: "because it blue-screened and I can't get PCAnywhere to work."
newguy: "well, my college has an operating system that never needs to be rebooted- there's very little downtime."
boss: "well, fill out the 100,000 pages of paperwork and we'll look into changing things- where you go to school again?"
newguy: "berkeley."
then, as the boss retires and the newguy becomes the boss, his personal prefrences come into play.
Don't believe me? go look at your local server room- you can tell what the favorite server was of former IT managers like rings on a tree.... one person buys hp, the next dell, the next compaq, etc.....
Re:Good for Linux? (Score:4, Informative)
Also, all classified systems run only on Trusted operating systems and software, which meet criteria for a specific level in the Orange Book from the NSA. According to this [ncsc.mil], the latest version of Windows that was certified is NT 4.0 with SP 6a and the C2 update, in Nov 1999.
Re:Good for Linux? (Score:2)
Isn't Windows' C2 certification only valid if it is NOT connected to a network?
Re:Good for Linux? (Score:2)
NT (Score:1, Funny)
would NT
should NT
even in severely depressed times in the tech industry security guys can get sh*t loads more money in the private sector.
Re:NT (Score:1)
That's true, if there are jobs available. In Denver, in the last, oh, 4 months or so, there have been MAYBE 6 or 7 security jobs posted on monster.com.
After I got laid off and before I went back to school, (about 8 months ago) the last full time job I applied for had over 300 reasonably qualified resumes. In some markets, it's nearly impossible to find a job in IT (let alone security) unless you're willing to preclude your talents to Windows. As annoying as the
Work in the corporate sector just blows now, it's back to the olden days of kissing your boss's ass to make sure you keep your job because now, even if you're quite talented, you're very expendable.
FYI: Free COMPSEC training materials on CD (Score:5, Informative)
http://iase.disa.mil/eta/index.html [disa.mil]
Re:FYI: Free COMPSEC training materials on CD (Score:1)
Re:FYI: Free COMPSEC training materials on CD (Score:3, Insightful)
... if you're affiliated with the military. There's a field to specify organization, if you put "Bob's Auto Maintenance" instead of "PACOM", they're going to throw out the application. If you lie on the form, they're going to prosecute you for impersonating a government worker or official or something like that.
Luckily, I do work for the goverment. ^^
This is old news (Score:3, Interesting)
http://www.wired.com/news/politics/0,1283,46567
Re:This is old news (Score:2)
WTF is Wired smoking these days? Why the heck is 60% of the story comprised of some kid's battle with liver cancer and another's dreams of becoming a golf champion?
I mean, really.
Bash boy, bash (Score:3, Interesting)
Quite amazingly you will realise that most of them are UNIX (vast majority Linux, then some HPUX/Solaris/IRIX).
Not a flamebait, but really disguss me all these creeps that try to bash Microsoft at the first chance.
Kisses.
Re:Bash boy, bash (Score:1)
There are plenty of security issues on any platform, sure. But they have a vastly different character. Typically unix alerts are about obscure bugs that haven't been exploited, but could be, and the patches to fix them are usually very quick. With MS, the problems are pretty major, often have already been exploited, and the fixes, if they ever arrive, at the very least are not timely.
Re:Bash boy, bash (Score:4, Interesting)
Whilst I know the "many-eyes" theory isn't as good as many people think, I'm sure that the average line of code in an open source app gets more eye time that the average line of code in a proprietary, closed source one, so we find a higher percentage of our security problems. Now, just what percentage of security issues do you think that Microsoft et al actually openly admit to? I don't think there have been more than a couple of occasions where microsoft has said, without someone sticking the proverbial gun in their back, hey - security issue, we fess up, come and get the fix. Do you believe they don't find many more? Sure they do, they either just ignore them or quietly fix them and slip it in a servicepack.
Quite clearly you can't compare the numbers just by taking them at face value. Filter out all those with "theoretical exploits" for a start. Next, take out all the duplicates - a patch released by RedHat may be for an identical issue to one released by SuSE and Mandrake - how many times did you count it? One? Three? Or do you just look at one distro? Which one? The one with the most patches - maybe they're really good at looking for problems and putting out fixes, on the other hand maybe they really screwed up the original release. The one with the least patches? Probably not paying attention.
Now a more interesting exercise would be to have a couple of groups of security experts sit down for a few months with the complete source of a recent Linux system and that of WinXP and tot up the number of security issues they can come up with. How about an independent study, draw up a set of rules, have MS put up 50% of the money and one (or more ) linux companies put up the other 50.
Re:Bash boy, bash (Score:4, Insightful)
Whilst I know the "many-eyes" theory isn't as good as many people think, I'm sure that the average line of code in an open source app gets more eye time that the average line of code in a proprietary, closed source one, so we find a higher percentage of our security problems. Now, just what percentage of security issues do you think that Microsoft et al actually openly admit to? I don't think there have been more than a couple of occasions where microsoft has said, without someone sticking the proverbial gun in their back, hey - security issue, we fess up, come and get the fix. Do you believe they don't find many more? Sure they do, they either just ignore them or quietly fix them and slip it in a servicepack.
Actually, a large portion of security holes in MS software are fixed before there is an exploit. The problem is the few that aren't get lots of press, and people don't install the patches, and MS still gets the blame. The CodeRed worm is a perfect example. There was a patch available months before CodeRed was even heard of, put people didn't install it, and now everyone points to CodeRed as the perfect example of MS vulnerability.
I'm not saying MS is perfect by any stretch, but check out how many security fixes they offer and compare it to the amount of tools for exploiting them. You'll find most holes are fixed before there is an exploit for them available.
Re:Bash boy, bash (Score:1)
I think you are kind of missing the point. A lot of people forget that the script kiddie warez and IRC bots is just one form of security risk.
We assert that open source has less total security flaws, because more are discovered by the general public.
A major security hole, unknown to the general public, could be considered a weapon, of vast power. It would allow you to break in to your enemy's and competitors computers, stealing sensitive information, etc.
It is impossible to know how many secret security holes there are in Windows, that people may be keeping under their hat. Look at eEye. They are a company that regularly finds major security holes, because they beat on windows constantly looking for them. I'm sure their core talent isn't more than one or two people.
Suppose a blackhat version of eEye, with a couple or few adept people, banging on windows in every possible way. It's likely that such an orginization would have found many previously unknown security holes, and/or combinations of little holes that can lead to system compromise.
With open source, it's more likely that people in the normal course of debugging their problems will find problems, such as the zlib issue. That was just someone trying to get his project working, and that led him to discover the error in zlib that could be a security hole.
It's not the holes we know about that matter, it's the ones we don't.
Re:Bash boy, bash (Score:3, Interesting)
Yes! A perfect example. A perfect example of how difficult it is to keep up with the dizzying array of patches from Microsoft. Why, Microsoft [com.com] can't even do it. Gartner advised customers to ditch IIS exactly because you can't patch fast enough [gartner.com].
Further, the Microsoft patches, available for a long time, cause other problems [secadministrator.com], and I quote:
Re:Bash boy, bash (Score:1)
Funny how people bash Microsoft for both a) not releasing patches and b) releasing too many patches.
Re:Bash boy, bash (Score:1)
Yes, well, there's obviously a problem with both a) and b). Under a) the problems don't get fixed. Under b) not even MS can keep up with the dizzying array of patches.
Re:Bash boy, bash (Score:1)
1. There are more UNIX variants then Windows
2. UNIX systems have been around longer, so there may be more because of this.
3. Traditionally, in much of the UNIX community, security problems are well publicized.
And there's always the claim that OpenBSD hasn't had a remote root exploit in two years is it? Can Windows claim this?
And when you throw out the extra services, and just compare services that Windows systems and UNIX systems have in common, are there still as many vulnerabilities?
Josh
OpenBSD (Score:1, Offtopic)
It's:
Four years without a remote hole in the default install!
Which is rather awesome for anyone just trying to mess around with BSD or get into the UNIX-variant world. You can just shove in a boot disk, set up your system, install with the default config, and you have an up and secure system. Just add some ip forwarding and whatnot and you already have a personal gateway/firewall for your household.
REAL security [Re: Bash boy, bash] (Score:3, Informative)
You are all mainly talking about application level security.
How many exploits are there on Windows NT - for IIS, for LANServer, for other NT services, for hacking the registry?
How many exploits are there for Linux - for Sendmail, for BIND, for telnet and even for SSH?
You mentioned OpenBSD, so let's take some look at OpenBSD. Its DEFAULT install is secure.
What about adding third-party software? What happens, when you've got Sendmail installed, and someone manages to hack uid 0 by exploiting some vulnerability in the Sendmail daemon?
All of these exploits are application level vulnerabilities.
The real problem with operating systems is, that they highly depend on application level security. Even OpenBSD is NOT really a secure Operating System - it's just a really secure software distribution.
OSes themselves may not be vulnerable - but their highly privileged application make them vulnerable.
However, for some derivates of Unix and specific setups of Unices, this is no longer true, while for Windows NT/2000/XP it is still true - and that is, why some Unices actually are more secure than NT, because their OS Kernels offer really strong security below the application level (user space).
Did you ever take a look at Trusted Solaris, at AIX/CMW, or at Argus' Pitbull for Solaris or AIX?
Sure, if some application is vulnerable to being exploited, it will still be vulnerable when running on one of these OSes - but it doesn't matter that much, because these Operating Systems are locked up from inside the OS kernel.
On 'normal' Unices, you simply attack some process, which has root privileges, and all system security is gone because of root's omnipotent superuser privileges.
On the OSes mentioned above, you do not run any process with root-like privileges, because you simply don't need to - instead, you've got a large set of privileges to allow some very specific privileged operations (like using a restricted port or changing the root directory), so what do you want to attack in order to get access to the Operating system itself?
On an Argus-enhanced Solaris box, for example, Sendmail would be running in its own compartment and with the PV_ASN_PORT privilege in it's effective privilege set.
If someone would successfully attack Sendmail, he/she would...
a)
b)
c)
d)
e)
Provided that these Trusted Operating Systems are correctly configured, the only way to hack into one of them is to attack the OS kernel itself.
So, how many exploits can you find for the Pitbull-enhanced AIX kernel?
More information:
Trusted Solaris [sun.com]
Argus Systems [argus-systems.com]
kind regards from Austria,
octogen
Re:Bash boy, bash (Score:1)
Blame the editors.
predicting the future (Score:2, Insightful)
Re:predicting the future (Score:1)
Re:predicting the future (Score:2)
Of course just about the time they're due to get out, there will be a sexy must-have course that will make their lives perfect on the outside just for a four year commitment. Then it's I'm one third of the way to a cushy government pension at age 40
April fool? (Score:1)
Re:April fool? (Score:1)
Re:April fool? (Score:1)
Application (Score:3, Funny)
My name is Osama Ben Logan and I would like to apply for a scholarship and two years employment managing computer security in a sensitive government facility.
-
Re:Application (Score:2)
Re:Application (Score:1)
That would never work. That would be like expecting Mohamad Atta's visa application to be approved after the September 11 attacks.
Motivation (Score:5, Interesting)
While the VERY FIRST PARAGRAPH of the article reads:
Ya know what? Other than putting some additional paranoia in the public (and management) mind, infosec has little to do with terrorism. Sure, the politicians like the run around screaming "digital pearl harbor" [newsbytes.com]. But the general state of most organizations' infosec stance has been in shambles well before 9/11. And those vulnerabilities mean that these organizations are much more likely to be attacked by a random attack-of-opportunity than a coordinated terrorist activity.
And that includes the US Government. It might go especially for the US Government where "security" is usually dealt with a Cold War mentality. One that has little to do with the current state of information security. Instead, government agencies tend to rely heavily on prosecution (which kicks in well after the damage has been done). Change to this mindset is hampered by limited budgets which make hiring experts (or retaining anyone with the appropriate skillset) difficult. A couple years ago, the FBI even complained to congress that they could not attract experts in the field due to their uncompetative pay.
So to wrap it all up. Government computer systems tend to make suprisingly easy targets. This program is part of the awakening and catch-up the government is undergoing on this issue. It has very little to do with terrorism and 9/11. And even the very article referred to states that.
Re:Motivation (Score:1)
Oh come on, do you really beleive that? Or that freenet, anonymizer and all the other anonimizing services abruptly invoked "pre-9/11" decisions to cut their services? And RSA/NAI dropping PGP?
Jeez, I'm not wearing my tinfoil hat right now, but you must have your head burried 4 feet in the sand...
Re:Motivation (Score:2)
Re:Motivation (Score:1)
Yeesh -- the melodrama is overwhelming. Sounds like 13-year-old script kiddies wrote the article. Why do I suddenly have visions of "an elite corps" of acne-ridden guardians "against cyberterrorism" wearing black jumpsuits with a Nike logo stiched just above the US flag on the sleeve?
Re:Motivation (Score:1)
NSA (Score:4, Informative)
On a lighter note, after hearing that Intel is trying to claim the word 'inside' as its own, [slashdot.org] I decided to do a little investigating as to exactly what is inside. Take a look. [slashdot.org]
Re:NSA (Score:2)
CIA, etc (Score:3, Informative)
Here in the link, for example, to the CIA College Intern Page [cia.gov].
so basically, sounds like non news item.
Maybe these are the guys who bugged a student press office at Quaker Campus [radiofreenation.net] a while back? Although i mention this with a something of a tongue in cheek spirit, to be serious, that incident does seem to be more of a local job using radio shack parts.
benefits of working for the CIA (Score:2)
Yes I know this is likely a research facility.
Is this something like the search for Intelligent life in the Universe?
Cyber Security, Cyber Mashurity... (Score:4, Insightful)
Yes, I do believe some terrorists use this so called "interweb" to communicate. I do not believe we are going to be having cyber terrorists hacking into the pentagon. If they hack into it via the web, well, shame on them for even putting any sort of outside access.
If a cyber terrorist hacks into our missile control system and has it launch missiles at ourselves, we deserve it, because if there is anyway for a terrorist to log onto the missile launch programs from their terrorist hide out we should be bombed for our stupidity.
/end tangent
Re:Cyber Security, Cyber Mashurity... (Score:2)
Every system should have one and only one classification level.
Re:Cyber Security, Cyber Mashurity... (Score:2)
This is the way it's traditionally done in the military. You either have access to something based on your security level (plus need-to-know, see below), or you don't. And if you don't, well, you're not getting it. When you join the military, they do a background check on you to assess what your level of clearance will be. If you get a security clearance, it will be one of Secret, Confidential, and something else. ("something else" being the highest) If they decide you may be worthy of Confidential and above, the background check gets more in-depth; one friend of mine mentioned that the military interviewed his family, friends, and even high school teachers. Scary shite. Once you are assigned a clearance, it can never be increased (unless there is a very good reason). But your clearance can (and routinely is) taken away completely for something like a DUI.
Need-to-know: Despite what Hollywood will tell you, just having the right clearance is not enough to gain access to something that is classified. You also need a reason to have access to it, which normally comes in the form of the approval of a superior.
Wow, I just rambled a lot.
ROTC (Score:2)
Re:ROTC (Score:2)
ROTC includes classes, leadership laboratories, and summer field training during school. The service commitment time is usually 4 years (or 5 years if they pay for that many). Also, not all ROTC cadets get scholarships, some in the program just pay their own way through school but still get commissioned.
Re:ROTC (Score:1)
Re:ROTC (Score:2)
In the Air Foce, the service commitment for most programs is twice the amount of time the USAF paid for your education.
There are literally dozens ways to become an officer, partly because the services are really hurting for members right now. And to anyone considering a commission: don't think of a commission as some nifty job you get to try out for a couple of years. You join the service for x amount of years and your life will be the service for those x years.
Re:ROTC (Score:2)
No, besides doctors, lawyers, & chaplains (direct commissions with 2 or 4 weeks of training), there are exactly 3 ways to get commissioned into the Air Force: the Academy, ROTC, & OTS.
Re:ROTC (Score:2)
No, the commitment is equal to the number of years they paid for, but the minimum is 4. Some majors can get 5 years paid for.
I can't bring up any specific ROTC programs, but I know that there is at least one that requires you to give back at least 2x the amount of time you're in school. Maybe there is another minimum x amount of years that get tacked on, but they don't advertise that.
No, besides doctors, lawyers, & chaplains (direct commissions with 2 or 4 weeks of training), there are exactly 3 ways to get commissioned into the Air Force: the Academy, ROTC, & OTS.
But there are different ways to get into those 3 different commissioning programs. I know because I'm active duty enlisted and they are constantly advertising them--they want more high-quality enlisted members to try for commissions, it's less training the AF has to do. And in the opinion of many enlisted and officers alike, it frequently results in better officers. If I had my way, all officers would have to have a minimum amount of time (say, a year or two) as enlisted before their commission starts. But that's just me.
Re:ROTC (Score:2)
Right, just remember that they all funnel through the 3 programs. I was an active duty SSgt, now I'm in ROTC, through the ASCP.
I definitely agree! While many non-prior-enlisted officers were good, I believe on average the prior-enlisted ones make better officers. After going through ROTC field training and seeing what a joke it is, and how bad of a program ROTC is, they should at least send every officer candidate through basic training.
CS in the 21st Century (Score:3, Funny)
"Machine code? Huh? Direct memory access? Programs can't do any of that!"
Re:CS in the 21st Century (Score:1)
sad but true [utulsa.edu]
Purdue is one of the recipients (Score:3, Insightful)
A free education is nothing to sneeze at. Talk to a current grad student who is either teaching a class or picking up his prof's dry cleaning to pay the bills and they will tell you how they wish they could find a funding source like this.
The institutions that received this grant do cutting-edge research in security that will influence the field for years to come. Heck, I'd do it just to go and study w/Spaf [purdue.edu].
DOD has a long road ahead (Score:1, Interesting)
Good Idea (Score:3, Insightful)
You can't realistically expect the government to be able to attract top of the line talent in IT security with their traditional job structure.
You know: come in from 9 to 5, have a GS rating with plodding single digit percentage raises each year, put up with a few petty bureaucrats, slug it out for several decades and finally retire well off.
The people they're after are young and don't care about retirement plans, but do care they get paid what they're worth on the open market and don't want supervisors having a cow if they come in 8:05 am.
I think any plan, like this one, that helps to get those talented people into government service is just what the government desperately needs.
It reminds me of people going to medical school on military scholarships and serving a while after their schooling is finished.
setting some things straight (Score:4, Informative)
Here in Mississippi (Score:3, Interesting)
At least the gov't is trying to get some better sysadmins into there workforce. Not to insult any gov't sysadmins out there, but it's obvious that they want more people checking each others work so that there are fewer holes, hopefully/theoretically.
Happening here (Score:3, Informative)
1. This started before 9/11. This is not in response to terrorist threats, but rather a real nderstanding that critical infrastructure is at risk.
2. There are both 2-year fellowships for grad students and scholarships for undergraduates. They cover full tuition, room, board, books and fees, plus a stipend.
3. It works a lot like a ROTC scholarship: we give you two years of support, you owe us two years of work after you graduate. Which in security isn't a bad tradeoff; guaranteed job plus very resume-boosting experience. Yeah, you can make more money elsewhere, but it's a good job.
If you want more information about actually applying, you can look at the program webpage here [iastate.edu], or the ISU Information Assurance Program site here [issl.org].
The wrong solutions (Score:1)
Yeah, there seems to be no end to the proposals the government has come up with since 9/11. The only problem is, none of them would have stopped the 9/11 terrorists. It's a bit like shutting the barn door after your car has been stolen from the garage.
Not inspiried by 9/11 (Score:1)
I don't really see a big correlation to that tragic event and this program, at all. What, is learning how to properly firewall a system going to suddenly make INS and customs capable of keeping known terrorists out of our country? I don't think so. Not *everything* that happens in this country is related to that, you know.
Re:Not inspiried by 9/11 (Score:1)
Re:Not inspiried by 9/11 (Score:1)
Look at how old the 'students' are. (Score:2)
How much of cyberterrorism is FUD? (Score:2)
it's over (Score:2)
It is, however worth noting that according to the scholarship program website [nsf.gov], the proposal deadline for this scholarship was December 19, 2001. Way to fuck with me on 01Apr, Slashfags.
Re:Working for the government? (Score:5, Interesting)
I work for the government, and in these times when the economy is still on shaky ground, the job security alone enough was enough to get me to take the position.
The fact is that IT positions in the government actually pay quite well. Considering the area I live in, my starting salary was quite competetive with what the private sector was willing to pay. Not to mention the famous government benefits packages.
The U.S. government does indeed have alot of NT servers. The Powers That Be (TM) understand the vulnerability, and apparently are willing to pay handsomely to fix it. In a time of a job market that's uncertain at best, I can think of worse situations than a free education and a 2-yr. job guarantee.
Re:Working for the government? (Score:1)
Think about all the gov't secrets you'd have access to!
First time I got to meet the president, I'd go into work wearing this shirt. [thinkgeek.com]
Re:Working for the government? (Score:2)
Another myth, at least when it applies to government IT jobs.
If I were so motivated to take advantage of it(and I will eventually), there's a government internship program that will pay for most of my MS (as opposed to M$ of course) after 3 years, and would double my salary to a more-than-comfortable level.
The opportunities in the government are there, though sometimes you have to dig for them.