Cybersecurity Czar Job Is Useless, Says Spafford 104
Trailrunner7 writes "It's been about seven months since Obama announced his plan to hire a cybersecurity coordinator, and the job is still vacant. Several prominent security experts have turned the position down, and in an interview on Threatpost, Purdue professor Gene Spafford says that the position is pointless. 'It won't have any statutory authority. It won't have any budgetary authority. That does not give it much authority of any kind. So when I hear that there are supposedly people who have been interviewed for this cyber coordinator job and didn't take it, I'm not surprised. It's not a winning position. I'm not at all surprised by the fact that it's empty. That position is a blame-taking position,' Spafford said."
I vote (Score:5, Funny)
...for me? It has Czar in the title, it has to pay more than what I make.
Re: (Score:2)
Re:I vote (Score:4, Funny)
I find this compensation acceptable, particularly since I'm already in a near-volunteer position that only exists to place blame.
Re: (Score:3, Funny)
You work on a helpdesk?
Re: (Score:2)
It's probably a non-paying, volunteer position. However, I doubt you'd go a week before coming home to find a ferrari in your driveway with the license plate "MCAFEE 1" and a note that says "From an old friend." in the driver's seat, under the key.
And there you have the actual use for the position: appointments for help during the campaign to positions that themselves have their own kickbacks.
Oh, also for Obama et al to hold up and say they strengthened security.
Note that I voted for Obama, this is not bias. All politicians do bullshit moves like this, and I didn't vote for him because of anything related to cybersecurity (it was to get an appointment to department of interior.)
Re: (Score:1, Funny)
By that logic you must agree that Eminem a white nigger.
Comment removed (Score:5, Interesting)
Re: (Score:3, Insightful)
When you have a high profile job in the public sector, you can expect that people are going to find out a lot about you. The media will want to know, and if you have any skeletons in your closet, they could well be revealed, one day.
Bravo on you for wanting to keep your personal details private, but don't seek out any high profile positions as a result.
Comment removed (Score:5, Interesting)
Re:I vote (Score:4, Insightful)
And they're also recruiting from the same talent pool as Google, Microsoft, and the Fortune 100.
Those companies will also sniff around your background, but won't have a hissy fit if you've smoked a joint, own a gun or got a DUI in a rented Escalade with your mistress.
After reading some of the disclosure materials required for government employment I'm pretty sure I will never even bother applying. Way too intrusive and not telling them exactly what they want is some kind of nasty Federal felony.
Evil SF86 (Score:2)
In case anyone wants specifics, here is the "main" questionnaire you have to fill out if you're going to have any kind of security clearance (even a really low one) while working for the Gov.
http://www.opm.gov/Forms/pdf_fill/sf86.pdf [opm.gov]
Also, note that lying on the SF86 is a felony. It's a terrifying, terrifying form.
Re: (Score:2)
Re: gun ownership. Most states require that firearms be registered, so it's not like they're asking about the ins and outs of your sex life with your spouse. Moreover, I doubt that gun ownership would be a major roadblock for any appointee. But it would be prudent of them to look over a person's ownership history and make sure they complied with the relevant laws at all times. After all, if they don't do opposition research, FOX News will.
Re: (Score:3, Interesting)
Re: (Score:2)
True, and in most states, the background check isn't a requirement for legitimate private sales either. However, I do know of a person with a Federal firearms license who attempted to get around the background checks with one customer and it blew up in his face.
Re: (Score:3, Interesting)
When you have a high profile job in the public sector, you can expect that people are going to find out a lot about you. The media will want to know, and if you have any skeletons in your closet, they could well be revealed, one day.
However, if you did want that high profile position, holding a very public auction of the (above-mentioned) McAfee 1 Ferrari and donating the proceeds to Kids with Cancer would pretty much guarantee you one. It would be the right thing to do, a nice thing to do, with the added bonus of cementing your image of incorruptability in the public eye. A smokescreen, yes, but one that'll get you high. At least until the McAfee "security enforcers" find you near a dark alley.
On second thought, it does sound rathe
Re: (Score:2, Insightful)
If you want any authority over me, then damn right it's my business. We have every right to know if you are abiding by the same rules you expect us to. Don't take it personally. I expect all people in a position of authority to give up their private lives, at least to the extent that we have to. Besides, government service is supposed to be exactly that, not a lifetime career position.
"Pay your taxes" is NOT draconian (Score:1)
Geez, look who's been confirmed.
An Attorney General who thinks it's OK to pick a fundamental Constitutional right and strip it from individuals [gurapossessky.com].
A tax cheat in charge of the IRS [wsj.com].
A CIO who was strangely the ONLY one in his entire department that wasn't corrupt [businessinsider.com].
What "draconian disclosure requirements" are you referring to? These are the guys who were CONFIRMED in office.
Re:I vote (Score:5, Funny)
Among other things they want to know every single handle that you've ever used online, every single website that you've posted on...
This is what disqualified me when I applied. I told them I sometimes used "Anonymous Coward" on slashdot.org...
Re: (Score:2)
Then I guess the application wasn't for you or people like you. You realise there are plenty of others who would take such a job, including all the intrustions, for the power or prestige or simply as a damn impressive thing they could put on their resumes?
I do agree it is somewhat ironic that they are asking for a "cybersecurity" position, since people with
Re: (Score:1)
Do you think the President cares about embarrassment? You've pointed out the tax cheat, who actually never completely paid all the money he owes, but what about...
He seems to appoint whomever he wants, sometimes in spite of FBI background checks.
Actually, the private sector makes less (Score:2)
Umm... you actually make way less in the private sector. A USA Today article [usatoday.com] that appeared last week confirmed what many of us have suspected for years, especially since this recession started. And that is that government employees make more than private sector employees. Period. They make more in salary (approximately 30% more), they have far better benefits (healthcare, pension, etc), and they get more perks. It's not the working/middle class
Re: (Score:2)
Yea I would take it as well. No win? not at all if you play the game.
"The problem is that we have not budgeted enough for the needed programs."
"The problem is that we do not the laws in place to solve the problems"
"The problem is that organized crime, terrorists, and drug lords are using piracy to make/launder money"
"This is a complex problem but with a enough study and the cooperation of industry and the goverment we can solve the problem."
By the time I am out I will have a nice big consulting job for a mu
Re: (Score:1)
I'd prefer to be one of the snack-food czars. Maybe the potato chips, or pizza czar. As long as it pays well, or I get a lot of free snacks.
Recession (Score:3)
I'll take it. I've even worked in security, although as a programmer not as an executive or highly respected author and lecturer (e.g., Bruce Schneier) which is what I imagine they want and will never get.
Where do I send my resumé?
Re: (Score:3, Insightful)
Czar is the Slavic rendering of Caesar. Why anybody sees this as an expediency worthy of trade-off for democratic involvement and oversight is a question I leave you, the dear reader to resolve.
Re: (Score:1)
Sorry if you were using sarcasm and I couldn't differentiate from a wingnut.
Re: (Score:1)
They generally don't actually have any administrative capacity.
Re:Recession (Score:4, Funny)
I'll take it. I've even worked in security, although as a programmer not as an executive or highly respected author and lecturer (e.g., Bruce Schneier)
That's okay. As far as I know, few highly respected authors and lecturers have been asked. And asked or not, several such people have preemptively refused the, er, honor.
which is what I imagine they want and will never get.
If they wanted, I imagine they would've asked more people who could do it.
Where do I send my resumé?
First print off a copy of everything you've ever said online and send it so they can check it for anything embarrassing. I gather that's what one of their pre-screening requirements was. Which is to say, they want people who have never used the internet for their security czar.
Re:Recession (Score:5, Insightful)
How much time will pass before everybody is naked, drunk and stoned on their MyBooooook page, so that we can get over all this nonsense about being persecuted for stuff everybody knows happens?
Mark Zuckerberg (Score:1)
Is that in response to those pictures of Mark Zuckerberg that got leaked off the facebook site after the privacy policy changes?
Who watches the Internet (Score:3)
I'm not sure a tzar helps. The people on the front line are independant businesses selling cyber security and the military. The two do not meet openly so the position is merely cerimonial.
Re: (Score:2)
I'm not sure a tzar helps. The people on the front line are independant businesses selling cyber security and the military. The two do not meet openly so the position is merely cerimonial.
Of course a T zar wouldn't help. That's a Soviet idea. We're talking about C zars here...
Re: (Score:2)
It's a pretty silly title anyway for the head of a group of advisors to an elected government. I suppose they couldn't use the standby of "VP of whatever" for a title back when Nixon or whoever started using it in the USA.
This position (Score:4, Funny)
Bruce Schneier agrees (Score:5, Informative)
Re: (Score:2)
He went on to note that he wouldn't even need to be physically present in order to carry out the duties of the position. In fact, he's already carrying them out every morning while he eats breakfast [schneierfacts.com] and reads the paper, hence the position remaining apparently vacant for all this time.
Well how about that! (Score:2, Funny)
Someone who's actually paid to be the goat.
I can do that! Were can I get a job like that.
Re: (Score:2)
That position is a blame-taking position,' Spafford said."
Someone who's actually paid to be the goat.
I can do that! Were can I get a job like that.
Almost any computer/IT/network/[yourtermhere] security position in a Fortune 500 company would fit the bill.
Re: (Score:2)
That position is a blame-taking position,' Spafford said."
Someone who's actually paid to be the goat.
I can do that! Were can I get a job like that.
Seems like just about any IT position would qualify...
Puppet (Score:4, Funny)
It's a perfect representation! (Score:3, Insightful)
Kinda represents the majority of IT departments in big corporations.
Hey, being a fall guy isn't always so bad (Score:3, Interesting)
Tom Ridge [wikipedia.org] was nothing but the designated fall guy at the Dept. of Homeland Security, but he managed to parlay it into a book deal and a ton of great press. Not bad for a guy who had formerly been an almost completely unknown governor of a minor state. You think anyone would have given a rat's ass about his memoirs if he had turned that job down?
If you can be a fall guy who manages to get out BEFORE the fall, there is real money and fame in it.
Comment removed (Score:5, Funny)
Re:Hey, being a fall guy isn't always so bad (Score:4, Funny)
The last 8 years proved that the set of states in the Union are,
Not minor: Texas, East Texas, Dallas-FortWorth and California
Minor: the other states.
Re: (Score:1)
Re: (Score:2)
Re:Hey, being a fall guy isn't always so bad (Score:5, Funny)
You realize it's the 6th most populous state, with the 6th most populous city...
And it happens to be the 6th largest [actionpa.org] emitter of carbon dioxide. Could Pennsylvania be, hmmm... SATAN!?!
'blame taking position' -- nailed it (Score:5, Interesting)
Anyone else (unemployed and looking like me) feel like a disturbing portion of the job market is constituted of 'blame taking positions'?
It's probably paranoia, but I feel like the businessworld is composed of corrupt people who will lie and bullshit, and then the poor saps that get stuck with the 'blame taking positions'.
In my youth, I had naive libertarian beliefs about talented and competent people winning out in the free market against those types. Now that I've witnessed the naked annihilation of even the illusion of capitalism, via the bank bailouts... I just have no real hope that there is any way to make a living without either being one of those bullshitters, or poor blame taking saps. I guess the honorable thing is to just accept a sequence of blame taking jobs, and survive and get fed until we see a better age.
Re: (Score:1)
Sure they talent and were competent - at bullshitting.
Oops. I hope I didn't add to your despair. I have found a cure for that - see sig.
Re: (Score:2)
Sure, it is true the banks managed to get their bailout through lucky lobbying, but unless they change what they a
Re: (Score:2)
Sure, it is true the banks managed to get their bailout through lucky lobbying, but unless they change what they are doing, they will fail again, and smart people are already working on ways to make sure they don't get bailed out another time.
I have some predictions to make here: 1) these banks will fail again, 2) they'll get their bailouts again through "lucky" lobbying, and 3) the smart people will once again be ignored.
Invent something great and you will do fine. (Score:2)
Tell that to Philo Farnsworth. You forgot a step.
"Invent something great," have a few million on hand to defend your patent, "and you will do fine."
Re: (Score:2)
2+2=5, for moderately large values of "fine" (Score:3, Informative)
OK, now we have more steps:
1. Invent something great.
2. Have millions to defend your patent.
3. Have millions to beat the vulture capitalists away from your baby.
4. Have a mother on the board of IBM and a father as a partner in one of the nation's most powerful law firms.
5. Acquire the social connections to market your product.
6. Profit.
Bonus reading: The cheerful history of Edison and Tesla, and why virtue does not always win, even when Mickey Rooney plays you in the movie.
Re: (Score:2)
In my youth, I had naive libertarian beliefs about talented and competent people winning out in the free market against those types. Now that I've witnessed the naked annihilation of even the illusion of capitalism, via the bank bailouts... I just have no real hope that there is any way to make a living without either being one of those bullshitters, or poor blame taking saps.
Oh, cheer up. It's nearly Christmas! :-)
I guess the honorable thing is to just accept a sequence of blame taking jobs, and survive and get fed until we see a better age.
Maybe some universities will start offering that as a major.
Re: (Score:2)
It's plenty well possible to [i]make a living[/i] without being a corrupt businessperson who feasts upon the lives and souls of the working class, it's just extremely difficult to become immensely financially successful.
The trick, then, is to be happy with a comfortable lifestyle. Make enough money to ensure you and your family have a good life, make some smart choices with your savings, and be lucky enough to not work for a company that steals everything from you when it fails.
Re: (Score:2)
Anyone else (unemployed and looking like me) feel like a disturbing portion of the job market is constituted of 'blame taking positions'?
It's probably paranoia, but I feel like the businessworld is composed of corrupt people who will lie and bullshit, and then the poor saps that get stuck with the 'blame taking positions'.
In my youth, I had naive libertarian beliefs about talented and competent people winning out in the free market against those types. Now that I've witnessed the naked annihilation of even the illusion of capitalism, via the bank bailouts... I just have no real hope that there is any way to make a living without either being one of those bullshitters, or poor blame taking saps. I guess the honorable thing is to just accept a sequence of blame taking jobs, and survive and get fed until we see a better age.
What you want is a manufacturing job of some sort. A job where you can actually point at an object and say I made that.
Service sort of works for this as well... Except that it's very easy to wind up in a service position where your customers are blaming you anyway. Manufacturing generally results in an object that either does what it is supposed to, or doesn't - and there isn't typically a whole lot of room for shifting blame.
Now, I'm not necessarily suggesting that you get a factory job - though there's
Re: (Score:2)
"Or point at a person who was either served or not."
Whores: keeping the American Dream alive.
Re: (Score:2)
In a world where it's cheat or be cheated, it's hard to choose.
Re: (Score:2)
the naked annihilation of even the illusion of capitalism, via the bank bailouts
Free markets tend to lead towards capitalism, but it is not the same thing as capitalism. Those banks that received bailouts are still making capital investments and are able to make their living doing nothing but investing. That is the definition of capitalism.
Re: (Score:2)
Your beliefs were right, they just don't exist in reality.
I still hold forth that a free (libertarian) society provides the best opportunity for all people.
Every other system has some ruling class that gets to sit on its laurels.
That said, we do not live in a free society. ... ...
Wall-street is not the free market.
The healthcare system is not free market.
Transit is not the free market.
Government is not the free market.
So yeah, if you want a job, you either have to go into a free market part of the economy (
Re: (Score:2)
In my youth, I had naive libertarian beliefs about talented and competent people winning out in the free market against those types. Now that I've witnessed the naked annihilation of even the illusion of capitalism, via the bank bailouts... I just have no real hope that there is any way to make a living without either being one of those bullshitters, or poor blame taking saps. I guess the honorable thing is to just accept a sequence of blame taking jobs, and survive and get fed until we see a better age.
Out of curiosity, did those naive libertarian beliefs ever get invalidated? Or are you glum because the problem is a bit harder than you thought?
Re: (Score:2)
I mean, as a society of 300 million people, why can't we, after an economic mess like this, just fire the top 1000 politicians/bank ceos/etc..? Is it so hard to find qualified people? Or is it just hard to get rid of unqualified people whose real qualification is gaming the system and exploiting it, to the detriment of billions of others?
Not even that. My view is that we simply need the strength to do nothing, to let people and businesses suffer for their mistakes.
"Every American depends -- (Score:1)
directly or indirectly -- on our system of information networks. They are increasingly the backbone of our economy and our infrastructure; our national security and our personal well-being."
And despite it all, he is totally unwilling to tell us we have the right to access. Just more bla bla bla..
I'll take it (Score:3, Funny)
Here's a photo of me on the job: http://www.frogview.com/uploadimages/45f9f6b1c0ed04.86765571frogview-gallery.jpg [frogview.com]
Pick me! Pick me! (Score:2, Funny)
Spoken like a true CEO (Score:5, Interesting)
The assertion that this is a 'blame taking' job is unfounded, that it doesn't have statutory or budget authority is peripheral to what the role should be, and frankly somewhat insulting that the umbrage taken with it by 'the experts' is that it's a role that has no teeth.
It's a job where the President consults you for your opinion and takes action based on your advice. Boo hoo you don't have any authority or a budget. Any consultant that is hired on to a tech firm is in the same boat.
Also, yeah, I can understand why many security people have turned this job down. Because they're more interested in money than civil service -- how the hell is that a surprise?
Re:Spoken like a true CEO (Score:5, Informative)
Wrong. In 2008 Candidate Obama said he would create a postion reporting directly to him. This year, President Obama created a position of "Cybersecurity Coordinator" which is a low level position reporting to OMB (Office of Management and Budget) and NEC (National Economic Council). In other words, the person in this new position will spend their time writing reports which will then go to the bureaucrats in OMB and NEC who will stamp the reports as "too expensive in these tough economic times".
Little or no information will ever reach the president. And even if it does, so what. It will be up to congress to allocate resources. Good luck with that.
Re: (Score:2)
Little or no information will ever reach the president. And even if it does, so what. It will be up to congress to allocate resources. Good luck with that.
And even if it did get so far, with all the big ticket items on the agenda you'd be screwed anyway. How is cyber security going divert money and effort away from healthcare reform, the war in Afghanistan, the war in Iraq, and the yet-to-be-released war in Iran? Now maybe if we put our war mongering away and rattled e-sabers instead this would be a good job to have. Short end of that is, though, that this absolutely will not happen in the next 2 years. And after that there's the election cycle where it s
Re: (Score:2)
Re: (Score:3, Interesting)
It's a job where the President consults you for your opinion and takes action based on your advice.
I suspect only the first part of that statement is really true, which is why this isn't a good job for those who want to actually solve the problems, not just pontificate on how one could solve the problems. I say this because:
1. Fundamentally cyber is not a Presidential priority at this time. Jobs, health care, global warming, education - those are the things the President will be judged on, and thus what he is going to prioritize. Your advice will likely be heard, but it is unlikely the power of the pr
Re: (Score:2)
As a rebuttal, when was the last time a "czar" position appeared with no statutory or budget authority attached?
However, the idea of a Cybersecurity Czar seems ineffective to begin with (remember DHS). A Cybersecurity Committee with mandatory quarterly/biannual face-to-face meetings with the POTUS seems more useful. The committee can concentrate on giving status updates and a high-level cost-benefit analysis that the POTUS could understand, while the POTUS would simply decide for or against.
It'd be cheaper
Re: (Score:2)
You're not too familiar with what a "Blame taking job" really is, are you?
This is basically a rehash of the old "intelligence Czar" fiasco. The position was supposed to bring all the various intelligence agencies in America together to prevent another intelligence failure like 9/11, but since the Czar didn't have any statutotry or budgetary authority, his decisions and recommendations could simply be ignored by anyone beneath him.
Since the various intelligence agencies would have already taken any advice t
New Military Branch Needed. (Score:1)
If we're serious... and I mean really serious... we need a branch of the military to do the heavy lifting. We don't need to start this in a big way, but we need the securi
I'm tellin' ya... (Score:3, Interesting)
Welcome to the government (Score:2, Informative)
Czar logic (Score:5, Funny)
But the drug czars have failed to stop drugs, so therefore a cybersecurity czar would improve cybersecurity!
I finally understand government logic!
Re: (Score:2)
Good. (Score:2)
Good - The last thing we need is for this or any similar position to have some real authority; it's likely only going to be a matter of time before anonymity and freedom online are ruined in the name of "security" anyways.
I don't hate to say it... (Score:2)
But a lot of us saw this a mile and a-half away. There are a lot of people involved close-up with POTUS' CyberSecurity initiative, and I had the honor of meeting one of the top brass in October. As excited as the people on the advisement staff seem or seemed to be, I could not shake the perception of trepidation in the voice and comments of the presenter. I even queried him about the "CyberSecurity Czar" (or "Director," as it is preferred to be called) and received a fairly vague answer with little notio
Spafford Is Useless, Says Cybersecurity Czar (Score:2)
... and many others, come to think of it.
The position type is better known as (Score:1)
an "organizational attenuator".
Someone has to dampen energy that might elsewise get into the mechanisms that matter to the the alphas.