Military (Army) IT/Networking/Cyber career questions.

Hello, I am Cider. I have several questions on the topics of IT certifications, general IT, and military cyber operations. They are listed at the bottom in bold. Following this introduction is a background of my knowledge and reasoning behind the questions, to possibly help you with your answers.

I am a 35P (Cryptologic Linguist) and I work in the military intelligence field. What I want to work in, however, is the Cyber Warfare / Cyber Security field as an eventual warrant officer. Recently, a new series(17C /17A) dedicated to Cyber Warfare and Security was announced for enlisted and officer, it is en-route to begin by the end of the year.

Cited from one of the many similar articles found by a Google search:
Army's new Cyber branch looking to recruit talent -- Defense Systems

My goal is to reenlist into this field, or go straight to warrant officer.

I grew up using computers. Everything to do with networking and security became something I enjoyed reading about. But in all honesty I cannot say that in the grand, or even lesser scope of IT knowledge and application I am in any way proficient. I will have A+, Network+ and Security+ certification shortly, I have a good understanding and experience in programming with C++ and Python, I have military training and experience with cryptologic theories and applications, and I have a little more than 2 years into a materials science and engineering undergraduate degree (subject to change).

There is a lot that goes into Cyber Warfare and I hardly understand any of the physical and technical parts of it.
I'm finding it very hard to explain what I mean. Perhaps it is best to use an example.

#1: In programming with c++, while I learned to use the language to make programs, I never learned how the program I used to make c++ programs ran. How the compiler compiled things, how the OS ran the compiler, how the physical computer ran the OS. I learned enough to make my programs work.

#2 When it came to viruses, I just ran removal software. It worked, the end. I never bothered to find out how the viruses worked (in literal application, not in theory) or how the removal software removed it.

I just find that, in my experience, every field has its half-ass path. Every field has people that do things without really knowing what is going on, from the top-down perspective. There are also those few people who work on both the high and low level that evolve the field, and evolve with the field.

I am trying to avoid that half assed path. I am wanting to know what I am doing, and having the knowledge to defend my country from people that are even younger than me, yet have still invested far more time and are heavily familiar with the actual goings-on of the current technological state of the world. In my experience with the military so far, they are not going to give me said knowledge. The expected training for 17C is three years. The longest of any series to my knowledge, and I know that it will not be enough, the training I've seen usually takes the half-ass knowledge path too.

I have a few years before I can re-enlist to get a solid foundation, and many years to really invest in this. I will likely join the NSA at some point.

So my questions are:

For the detailed, low and top level understanding, which certifications would you recommend?

How would you prioritize certifications?

What path/material would you recommend when self studying for knowledge aside from studying to be certified?

Any recommendations on books relating to solid knowledge on any topic I've mentioned?

What brands of routers are used where? How popular is say, Cisco, nationally and internationally?

What types of OS's are used? Again, nationally and internationally? Which ones are falling behind in popularity and which ones are increasing?

Are there any government routers/OS's? Is information on them easily accessible?

What is the future of computers and networking in your view? Are memristors a likely thing? What will they change? How about quantum computers and encryption?

If anyone here has military experience working with this field, what are your thoughts on the current state of military IT/Cyber warfare?

If you can answer any of these questions, please do. If you have an opinion, please share.

Many thanks, Cider.

Find more posts tagged with

Comments

rcsoar4fun

Let me see if I can help.

First, are you sure you want to stay in the Army? Lots of contractor jobs in the DoD.

Second, the single best thing you can do is keep your background/finances clean so the TS is easy to obtain.

Hardware/Software/Network. Same as most of the rest of the commercial world, just a few years behind everyone else. It largely depends on how well the different agencies are funded. For a more complete answer look for the DISA Approved Products List. Network gear tends to be Cisco, Juniper and some poor, poor souls stuck with Foundry.

As to the future of networking/IT I think the next 5-10 years will be more virtualization and integration. Your old desktop is going away and a zero client is taking it's place. Network gear is behind the virtualization ball, but they will get there and become integrated into the server farms, a good example is the Cisco Nexus V1000.

As to which certifications I am biased. If it isn't for the network than servers just expensive heaters.

But in reality many attacks occur over a network, so I would look towards network certifications. CCNA, CCNP, CCIE, etc. Then there is the security side, CISSP. For more hands on attack related material, look at the CEH. Security+ isn't a bad start, but don't bother with the Network+.

One book I think is very good on the network side is TCP/IP Illustrated by Stevens. It is old and some material dated. It is boring, but it does a great job of explaining the nuts and bolts of how things work.

the_Grinch

The poster is a 35P so he already has the TS/SCI. I would definitely begin with the networking route starting from the bottom up. CCNA is definitely a good area to start in, but make sure you go beyond it by understanding everything at the packet level. OS wise, begin reviewing Linux and aim for the Linux+ certification as most tools will be Linux based. From there I would work on some scripting languages. Below is a great post that should help you:

http://www.infiltrated.net/pentesting101.html

GForce75

Your doing the right thing. I'm currently an IT Officer and it's great if you go the right routes. I started as a Paralegal, Communications and now IT... and yes... the military is paying for all of these certs (CISSP, CEH and etc, heck even my MBA and GI Bill for the Doctorate). You have to look at the requirements to get in. Check the Army Cyber site. If you get the military to pay for your stuff and get your job training... basically, you'll even be better off. Send me an IM with your .mil address and I can help you more. Don't follow people's advice and getting out. That can lead to shaky grounds because things change and plus the retirement is always great.

JockVSJock

I like your goal.

However if you want to go Warrent and I'm not sure what rank you are currently. However when I tried to go Warrent, I was told that I needed 3 good NCOERs in order to even start the packet to be considered. That was back in the summer of 2012. Things may have changed since then or depending on the need of the career field.

And you get one NCOER once a year.

2cndchance wrote: »

I am a 35P (Cryptologic Linguist) and I work in the military intelligence field. What I want to work in, however, is the Cyber Warfare / Cyber Security field as an eventual warrant officer. Recently, a new series(17C /17A) dedicated to Cyber Warfare and Security was announced for enlisted and officer, it is en-route to begin by the end of the year.

OfWolfAndMan

2cndchance wrote: »

For the detailed, low and top level understanding, which certifications would you recommend?What path/material would you recommend when self studying for knowledge aside from studying to be certified?

What brands of routers are used where? How popular is say, Cisco, nationally and internationally?

What types of OS's are used? Again, nationally and internationally? Which ones are falling behind in popularity and which ones are increasing?

Are there any government routers/OS's? Is information on them easily accessible?

What is the future of computers and networking in your view? Are memristors a likely thing? What will they change? How about quantum computers and encryption?

If anyone here has military experience working with this field, what are your thoughts on the current state of military IT/Cyber warfare?

1. Typically Sec+ is a good start. You'll need to meet 8570 requirements when coming into this field. If you're going the networking route, this is likely a requirement.

2. "Cyber" is a broad range of fields. The biggest I see coming forward is server guys, network guys, and pentesters.

3. Depends on where you're at. Cisco, Juniper and Brocade are most common

4. Windows and linux most commonly

5. Routers or OSes not so much. Other special network devices? Yeah, but no documentation you can get your hands on.

6. A transition to a more software-based, automated approach

7. Only somewhat impressive when you don't have an idiot running it.

mistabrumley89

So, you want to go cyber?
Right now they are pulling 25D's into the 17C field.
There are two 25D schools, each are different, and they randomly place you unless you know someone, or your scores are high enough.
The first path is the 25D w/ the Y2 SQI. You will be a glorified COMSEC custodian because the Y2 SQI is just the COMSEC course.
The second path, I don't remember the SQI (if there even is one), gives you a computer forensic portion in place of the COMSEC route.
From this forensics path, they will select people who are the best in their class to reclass again and go to the 17C school.
So, right off the bat you have a 50% chance in even going down the right path by selection. Then you have an even smaller chance to be selected after you graduate the 25D course.

As far as being a cyber warrant, I do believe you have to reclass into that after you have been picked up for 255A/N. They won't place you directly as a 255S without previous experience as a warrant officer. Someone correct me if I'm wrong. And yes, you still need 3 good NCOERs.
As far as becoming a 170A, I don't know what the requirements will be.

MTciscoguy

Are you currently serving? Or are you currently working for a contractor?

I might be able to help some, I retired from the Army in 2009, my last command was at the Pentagon in IT security, my information is going to be out of date, but I might be able to suggest a path to get you the correct information from a few of my friends who still work in the Pentagon and other locations around the world. I retired as an O6 after close to 30 years in, I would attained a bit higher, but was wounded in 1991 and had to take a back seat for healing and rehabilitation for a few years, then I had to fight to stay in to get my time. As I said, much of my information will be out of date, other than perhaps being able to guide you the correct officers to try and contact to get the correct information.

SaSkiller

For the detailed, low and top level understanding, which certifications would you recommend?

If you want to go cyber, like you said, Security+, CEH are your first goals. After that you need to find out how you want to specialize. CND, CNA/E, or CNO.

How would you prioritize certifications?

Your 8570 certs first, then CNDSP Qualifying certs, then something that will allow you to specialize, in general currently the GCIA and GCIH are certs that are in 8570 that will assist, after you max 8570 relevant certs, go for hands on exams, depending on your area of concentration. So exams such as OSCP or ELS certs.

What path/material would you recommend when self studying for knowledge aside from studying to be certified?

Make a lab and practice whatever you are studying, also keep up with security related blogs. Try to figure out how they learend what they are doing.

Any recommendations on books relating to solid knowledge on any topic I've mentioned?

Will depend on the above.

What brands of routers are used where? How popular is say, Cisco, nationally and internationally?

Cisco is useful everywhere, however some organizations may move to other vendors. The good news is that the cisco knowledge is very useful and easy to transfer to other vendors.

What types of OS's are used? Again, nationally and internationally? Which ones are falling behind in popularity and which ones are increasing?

Windows and Linux. Also consider learning about mobile OS'

Are there any government routers/OS's? Is information on them easily accessible?

Military uses commercially available devices. I don't see anything specific so i'll say look on milsuite and lean cisco.

What is the future of computers and networking in your view? Are memristors a likely thing? What will they change? How about quantum computers and encryption?

Don't know anything about it.

If anyone here has military experience working with this field, what are your thoughts on the current state of military IT/Cyber warfare?

Current state is in flux. 25D's aren't doing much. No idea how 35Q's are being used. I don't see them being used out of the NSA/CSS AO for a few years. I wonder if the field is too crowded for there to be effective use, I wonder if there are 35Q's who aren't doing the job.

Despite what GForce75 says, I think getting out is the best option. There is no doubt that the WO's I know are VERY knowledgable, that being said, there are the most opportunities to do what YOU want when YOU want to do them on the outside. You can GUARUNTEE that if you want to do something new, learn something new, you can do that. I don't have to listen to someone tell me that I don't have the right rank to do something, I also don't have to worry about my rank forcing additional duties outside of my career area. If there is an awesome opportunity in another state, guess what, you can pack up and go. Want to go work for [insert agency]? You can do it. And you don't have to jump through hoops or wait until you get to the right unit to get your opportunities.

I can't comment on the retirement bit, honestly i'd rather save up on the outside doing what I love than spend so much time doing hand receipts, counseling, and standing in formation when I could be working.

If you can answer any of these questions, please do. If you have an opinion, please share.

MTciscoguy

SaSkiller wrote: »

I can't comment on the retirement bit, honestly i'd rather save up on the outside doing what I love than spend so much time doing hand receipts, counseling, and standing in formation when I could be working.

Interesting take on things, now again, I take a different perspective on it, but I did spend my 30 in service, and do know for a fact, what the upside can be, as well as the down side.

That said, if the guy is interested, he should be able to at least look at his options, a Military career, can be very rewarding. In cyber, you often times see things come along and solve it before the majority of the industry has even heard about it. Another thing, you will get subjected to the best of the best trying to crack your systems, which many companies never ever have to deal with. As I have said, I retired in 2009 and was working on attacks when I retired, that many of you have never even heard of to this day.

Now there are downsides as well, being deployed is one of them, but now a days, deployment to an actual hot zone for guys that are in cyber is not as common as when I was deployed in 91, of course, I was not working in computers in the Military in 91, I was actually a field command officer, teaching urban war fare tactics.

Like I said, there are plenty of great things going into the military, one of the greatest, is you know for a fact, they are never going out of business and being in any type of IT, you are going to see nothing but growth, there will be a day, that our wars will be fought in cyber space and not on the ground.

EDIT: I guess, I was called out, so I will add, when I talk about cyber space, I am not talking about things we have had for a while, there is a whole bunch of new games in the very near future. Using the term "Cyber Space" was only for a lack of a better more descriptive terminology.

JockVSJock

MTciscoguy wrote: »

there will be a day, that our wars will be fought in cyber space and not on the ground.

Um...those days have been around for some time.

PLA publishes Unrestricted Warfare in 1999

https://en.wikipedia.org/wiki/Unrestricted_Warfare

MTciscoguy

JockVSJock wrote: »

Um...those days have been around for some time.

PLA publishes Unrestricted Warfare in 1999

https://en.wikipedia.org/wiki/Unrestricted_Warfare

Not in the manner I am talking about, I spent 30 years watching this stuff develop and a lot of those years figuring out how to combat it, when I worked in the Pentagon, there are things coming, that you can't imagine.

As I still hold my Top Secret Clearance as well as my access to many restricted systems and areas in the country, there is so much I can't disclose, but at times I wish I could, I decided a long time ago, I don't like living in 3rd world countries with a price on my head. The wiki articles on this stuff are pretty much way off base.

ArabianKnight

As a 35P, (I am a 35N) going warrant you will never do cyber stuff, so reclass to 35Q/17C Cyber Warfare Spec and then go warrant. As far as certs go get: Network+, Security+, Linux+, CEH, CCNA, CISSP. Hold off on any Sans stuff until you start to get real serious! Getting Net+ first will help you for the CCNA. Learn packet analysis, (and Kali Linux too!)then you should be good. Your several years experience as a cyber warfare guy you can get most of the certs and experience done. Get a degree in infosec as I see many job postings now require it.

BlackBeret

For Warrant- Right now the Warrant for 35P/N/Q is 352N for all and as with anything else in the Army your duty assignment will dictate your work. You could end up strategic or tactical, in a motor pool or a SCIF. What I will say is as of right now, if you graduate the 35Q course (previously JCAC) you will be put to good use and end up working for who you want to work for, doing what you want to do. If you can reclass to 35Q now, do it. Put in the 4187 not matter what your company tells you. If they officially deny it, then pursue other options, but the last time I checked in/out calls they're pulling in to 35Q. Once you get that MOS you should be able to go warrant if you have 4 years total time as a 35P/N/Q since they have the same feeder MOS. When it changes to 17 series, the 35Q MOS will be reassigned and if they introduce a 17 series Warrant MOS you may not be able to apply until you hit the time in 35Q/17C. Just remember to get 35Q FIRST, the go warrant. If you do warrant now you may end up a 352N in a cruddy MI CO of some cruddy Inf BDE, hate work, get out, and be a contractor... cough cough...

The short version is, if you want to move in to Cyber reclass to 25D for CND, 35Q for CNO/CNA/CNE/DNI. The 25 series MOS's gets commercial certs, the 35 series MOS's don't bother with commercial certs, they use NSA certs. At one point you had to qualify for JCAC/35Q, the test was basically a combination of Net+ and CEH, so if you want to study something I would start there.

2cndchance

Wow! I'm impressed at the response I received in such a short time. Thank you all for your information.
I'm going to reply to everyone's responses/questions and then add up repeat recommendations.

rcsoar4fun:

I do intend to stay in the Army(or another branch if it comes to that) for as long as I can actively progress toward Cyber or until my 20 years are met and I am tired of what I do.

Thank you very much for your opinion, certifications and book recommendations!

the_Grinch:

This is true, I do have the Top Secret/Sensitive Compartmented Information clearance already, in case anyone else was wondering and didn't know/look-up the acronym.

Thank you for your opinion, certfications and website recommendations!

GForce75

I'm glad to hear a career in IT is going well for you, being in the military. Is there something you need to send specifically on a .mil address? I cannot send PMs yet.

JockVSJock:

I have plenty of time to gather years to become warrant. I plan to re-enlist into an approriate area in an effort to become a warrant officer in a Cyber or IT field.

OfWolfAndMan:

Thank you very much for your answers and various recommendations!

mistabrumley89:

Thank you greatly for this information on Army career paths, I will look into what you have mentioned.

MTciscoguy:

I am currently serving. I would love to have such names on who to contact. I cannot send PMs yet, I shall when I can. Also, your background is very interesting.

SaSkiller:

You had an answer for nearly every question, I very much appreciate the information and recommendations. I will consider your opinions, too.

ArabianKnight/BlackBeret

Thank you both for your military MOS qualification insight and certification recommendations.
This info is definitely changing my plan of action. Although I'm not sure what to expect after 3-4 years when I can begin re-enlisting

(Network+, Security+, Linux+, CEH, CCNA, CISSP)
(Sec+, CEH, Specialize, 8570->CNSP qualifiers-> OSCP or ELS certs.)
(Sec+ 8570 requirements, Cisco/Juniper/Brocade, Windows/Linux)
(CCNA(and beyond), Linux+, Scripting)
(CCNA, CCNP, CCIE, CISSP, CEH,)
(Net+, CEH)

Top: CEH, SEC+, CCNA, 8570 requirements, Linux+

Notes:
I have 3-4 more years of my current MOS.

Could someone explain or point me to someone who can explain the inside scoop on 25D and 35Qs, what they really do as opposed to a summary?

Also, could someone go over this chart DoD Approved 8570 Baseline Certifications
I feel as though it requires a small amount of previous knowledge of positions and associated categories in the field to be useful.

Again, thank you all for your speedy and very informative replies!

ArabianKnight

Your best bet would be to go here https://ikn.army.mil/apps/IKNWMS/IKN_Websites/USAICoE/OCMI/35Qcss.html and explore from there. You need a CAC to log in. The career map is a good tool for planning.

rcsoar4fun

2cndchance wrote: »

Also, could someone go over this chart DoD Approved 8570 Baseline Certifications
I feel as though it requires a small amount of previous knowledge of positions and associated categories in the field to be useful.

What is your question? IAT1 is basic tech level. Basically if you are in an IT position you need to have the Security+ and a "computing environment" cert at most places. So a network guy would need to have Sec+ and CCNA. Anyone IAT3 would have significantly more access and would need CISSP + something. Now you can always get a higher level cert to cover a lower one. For instance I have a CISSP, so no need to take the Sec+. Or in my case I took it but never did the CE so it is expired.