US Government jobs? InfoSec

ScytheX10 · June 2011

Hi. I'm currently in college at the moment, with my major being IT security. I have my sights set on a job at some government agency in information security, but I'm not entirely sure on how to go about it. I've been doing a lot of research on internship programs such as the one from DHS as well as DISA, and some others, and I think that is the best path to have my sights set on, but I want some hints from some of you guys

.

Currently, I hold a Net+ and am about to get my Security+ in a couple of weeks. I was wondering what is suggested I shoot for if I want to get this type of job. I assume it would be a Cisco path with certs such as C|EH, CISSP/CCSP and the like. Am I right in that assumption?

Also, the main question.. is what I'm shooting for harder than it seems? My thinking is that I would be able to apply for the internship, assuming I have the proper certs and degree(s), relocate to DC or wherever necessary, then go from there. My fall-back plan has always been air-force, and opt for some sort of OPSEC position.

I just mainly wanted to seek the opinions/advice of you guys. To be completely honest, money is not necessarily an issue with me. The field of security in IT interests me beyond anything. I've been 'penetration testing' and developing MetaSploit and python exploits for as long as I can remember. I've always wanted to do some good with it.. Working for a government agency in InfoSec seems like the right path to me.

More info on me that may be relevant: My current job is as a consultant with a municipal for my city. I've done penetration testing for them and mitigated or completely fixed some vulnerabilities. So experience isn't completely nill

Thanks for reading the big wall of text, and thanks for your input

instant000 · June 2011

http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html

http://www.techexams.net/forums/security-certifications/24759-need-helping-chosing-security-certification.html

Read those two threads.

Not too long, and might be right up your alley.

higherho · June 2011

Just so you know its mainly the contractors that do a lot of the hands on work. Most of the government / civilian people are management / IT leads unless you work for the main HQ of the agency.

Security + is a must in DOD. IF you want to go on the security route than the Cisco security certs will help you a-lot. Considering that over 70% of the DOD is cisco.

Also get your CISSP or at least start for it.

the_Grinch · June 2011

Government agencies tend to want experience for the information security positions. That doesn't mean you can't get a job with them. My advice is as follows:

1. Look for agencies that are having entry level career fairs (NGA, NSA are two that I know of who have them).

2. Look at what certifications fit into the government standards (CEH, Security+, CISSP - there is a post on this somewhere)

3. Have a clear background (you will be looking at a clearance from Secret to Top Secret with an SSBI and Full Scope Polygraph depending on where you are looking at)

4. Military is always a good option, remember you'll have to do your time unless they have a direct security related job (Look at the Navy CTN)

Good luck!

Everyone · June 2011

You do not want an OPSEC position in the Air Force. It wouldn't have anything to do with INFOSEC.

What you'd want is the new 3D0X3 "Cyber Surety" career field.

If you have a job and don't want to commit 4 years to Active Duty, see if the Air National Guard for the state you live in (or would like to live in) has any 3D0X3 slots. If they do, they'll send you to tech school with it, give you the training for Security+ (required cert), pay for the cert, and you'll get your security clearnce (huge help obviously). You'll just spent 1 weekend a month, and a minimum of 2 weeks a year (could end up being more depending on the unit) working for them. The rest of your time can be spent at a job of your choosing.

If you do decided to go Active Duty Air Force, make sure you get 3D0X3 as your guaranteed career field before you sign anything. Use the Delayed Enlistment Program if you have to. I waited 6 months before a spot opened up for me to be a 3C0X1 (which is now split into the 3D0XX career fields, I'm eligible to perform any 3D0XX designation).

higherho · June 2011

If you are in the North East / Virginia region you can easily get a contractor position with the government. Northrop grumman, HP, and many others hire a ton of people and they hire a lot of entry level people too / college graduates.

Kunkel · June 2011

You will NEED a security clearance. I second the 3D0X3 "Cyber Surety" career field.

I did 4 years in the new defunct 3C2X3 career field and got out.

ScytheX10 · June 2011

Thanks for the advice guys, I really appreciate it. I've been looking into the Air Reserve path, but just looking. Nothing will really happen for 6 months at least, but I just wanted some hints/advice. Thanks!

wastedtime · June 2011

Just an additional note, keep your mind open. There might be some more jobs being created in the military in the next 6 months.

joneno · June 2011

instant000 wrote: »

http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html

http://www.techexams.net/forums/security-certifications/24759-need-helping-chosing-security-certification.html

Read those two threads.

Not too long, and might be right up your alley.

These are actually my #1 & #2 threads on techexams. Seems like keatron was talking to me. I have keatron's post printed, bookmarked and posted on my white board as a reminder. I really dont ask questions anymore, I think almost all my questions is somewhere on this site, so I just search.
Thanks keatron, jdmurray, unixguy and spoonroom for the great contribution.

afcyung · June 2011

<

AD 3D0X3. If you have questions you can ask away. I will try to answer them. Some I may not be able to though.

instant000 · June 2011

Everyone wrote: »

You do not want an OPSEC position in the Air Force. It wouldn't have anything to do with INFOSEC.

I thought that OPSEC was EVERYONE's responsibility? At least, that's what I was taught back in the Army.

What type of position would be an OPSEC position? Are you referring to something like a security manager type of role?

afcyung · June 2011

OPSEC would have little to do with IT security as that seems to be the OP desired job. Plus its usually an additional duty to be an OPSEC person. Usually falls in with a security manager.

Everyone · June 2011

instant000 wrote: »

I thought that OPSEC was EVERYONE's responsibility? At least, that's what I was taught back in the Army.

What type of position would be an OPSEC position? Are you referring to something like a security manager type of role?

LOL yeah they teach you that in every branch. Although you typically have an OPSEC person at least at every base, sometimes in every unit. Like afcyung said, typically an additional duty. Usually it involves just running the OPSEC program and making sure people are properly trained on OPSEC, etc.

OPSEC = Operations Security.

INFOSEC and COMSEC both have an impact on OPSEC, but trying to get a role that focuses on OPSEC will not help you get an INFOSEC job.

COMSEC won't help you much either. I found COMSEC to be really boring, and tried to avoid it. You're dealing mostly with crypto there, TACLANEs, etc.

INFOSEC is where it's at if you want to do IT Security work for the government.

afcyung · June 2011

COMSEC won't help you much either. I found COMSEC to be really boring.

While I agree its boring. the processes for it can teach you alot about security and how to apply to other areas. I think if someone from RSA had comsec experience they probably would have handled the situation differently.

perez316 · December 2014

afcyung wrote: »

<
AD 3D0X3. If you have questions you can ask away. I will try to answer them. Some I may not be able to though.

what kind of polygraph do you have to undergo?

SephStorm · December 2014

I thought Cyber Surety was focused on install/maintain/configure security related devices on air force networks (such as IDS/IPS, firewalls, etc), and maintain security policies and access lists for said devices? I suppose it is infosec, but lets just clarify the gob duties. What I do not know is what AFSC staffs 24th AF.

Army: 35Q/25D/255S
Navy: CTN
Marines: 0689

what kind of polygraph do you have to undergo?

The MOS does not have a poly requirement that I am aware of, but requires a TS clearance. Polygraphs would vary based on unit and mission.

Cyberscum · December 2014

3D0x3 will equate to processing paperwork likw 2875's, 4394, token requests etc...unless ur unfortunately tasked at a COMSEC org where life is sooooo boring. Chances of you actually touching hardware are slim to none. You will hopefully get rights to do vulnerability scans, c&a work, site visits etc, but with the migrations to AFNET most units are now glorified paper pushers. U would require a TS/no poly in most places and SCI in some.

Cyberscum · December 2014

Easiest way to start a career in INFOSEC in my opinion

ArabianKnight · December 2014

Wow, really old thread back from the dead. Check out this website, all is revealed....CommGuys.net • View forum - Cyber AFSC's

SephStorm · December 2014

looks like it is down.

ArabianKnight · December 2014

Just checked....it's good. Or you can go to commguys.net

colemic · December 2014

woo, that's a blast from the past. Used to be 3c0x1.net, guess they changed names when the career field was split apart.

US Government jobs? InfoSec

Comments