Anyone else do C&A?

CrapMasterZeroCrapMasterZero Member Posts: 29 ■□□□□□□□□□
I work in the federal government and do C&A work. I love the field I am in (it's called IA apparently) but am overwhelmed by the documentation the C&A process entails (the project I am supporting, not by myself obviously, is a $billion+ with a lot of technical details).

Anyone else do C&A? Is this a good path to take if I want to do INFOSEC work? Reading this forum it seems that most people start out as Network admins, but from my experience, in the govt these jobs are usually given to contractors and not civilians icon_wink.gif Apparently, as a civilian it is up to us to manage the contractors.

Frankly, I sometimes find it kinda boring. I am only 24 and just graduated out of college last June with a BS in EE and want to go for a masters in CS focusing on Networking in the future. I guess I should give myself more time.

Sometimes I also feel that I am not utilizing my degree to the fullest extent. Seems my job is mostly about managing contractors, writing tech documents, studying policy (boy, there's a lot of them!) and it is the contractors who end up doing all the nitty gritty technical stuff. As I am fairly new to the INFOSEC world, I am still kinda undecided on what I ultimately want to pursue but I do want to get into the technical side of things, especially CND or Information Warfare, but I guess no one here wants to give a newbie any opportunities.

I need ideas on what type of books I should be studying. I guess I am covered by the DoD 8570 and have to ultimately get a CISSP in a few years, but for now I want to self-study. I recently ordered this book:

http://www.amazon.com/Network-Security-Private-Communication-Public/dp/0130460192/ref=dp_ob_title_bk

I hope it will give me the fundamentals of network security. Anyway, sorry about the rantish nature of this post...it's almost 1AM icon_sad.gif

Comments

  • SrSysAdminSrSysAdmin Member Posts: 259
    I work in the federal government and do C&A work. I love the field I am in (it's called IA apparently) but am overwhelmed by the documentation the C&A process entails (the project I am supporting, not by myself obviously, is a $billion+ with a lot of technical details).

    Anyone else do C&A? Is this a good path to take if I want to do INFOSEC work? Reading this forum it seems that most people start out as Network admins, but from my experience, in the govt these jobs are usually given to contractors and not civilians icon_wink.gif Apparently, as a civilian it is up to us to manage the contractors.

    Frankly, I sometimes find it kinda boring. I am only 24 and just graduated out of college last June with a BS in EE and want to go for a masters in CS focusing on Networking in the future. I guess I should give myself more time.

    Sometimes I also feel that I am not utilizing my degree to the fullest extent. Seems my job is mostly about managing contractors, writing tech documents, studying policy (boy, there's a lot of them!) and it is the contractors who end up doing all the nitty gritty technical stuff. As I am fairly new to the INFOSEC world, I am still kinda undecided on what I ultimately want to pursue but I do want to get into the technical side of things, especially CND or Information Warfare, but I guess no one here wants to give a newbie any opportunities.

    I need ideas on what type of books I should be studying. I guess I am covered by the DoD 8570 and have to ultimately get a CISSP in a few years, but for now I want to self-study. I recently ordered this book:

    http://www.amazon.com/Network-Security-Private-Communication-Public/dp/0130460192/ref=dp_ob_title_bk

    I hope it will give me the fundamentals of network security. Anyway, sorry about the rantish nature of this post...it's almost 1AM icon_sad.gif


    I guess I'm one of the contractors you're referring to but I am pretty sure I'm a civilian too.

    We have people who do C&A from our company on contract and those of us working on the technical side of things. I can't imagine the people we have doing C&A crossing over to doing the sort of work I am. I would suggest voicing this to your employer if you want to work on the technical side or else you may wind up being stuck doing documentation for far longer than you'd like.

    I've seen the work C&A has to do and although I'm fully capable of doing it, I can't imagine working with stigging docs and what not all day. I'd much rather be hands on...best of luck!
    Current Certifications:

    * B.S. in Business Management
    * Sec+ 2008
    * MCSA

    Currently Studying for:
    * 70-293 Maintaining a Server 2003 Network

    Future Plans:

    * 70-294 Planning a Server 2003 AD
    * 70-297 Designing a Server 2003 AD
    * 70-647 Server 2008
    * 70-649 MCSE to MCITP:EA
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    I do alot of CA work. It can definately be boring but I get to do all kinds of other things. ISC2 has the CAP cert which you're probably looking for. It's 2 years experience then CISSP and lastly ISSEP i'd say if that was your end goal.

    IA is infosec. The words are inter-changeable there is the technical side and the non-technical. This is one path to becoming an architect. The higher you go the more control you get and the less boring it becomes. If you want network security then this isn't going to help. You have to go through the ranks to get there there is no magic shortcut.
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    I do C&A work a lot more at my last job though.
Sign In or Register to comment.