From WGU to NSA/XXX? Or do I even want that?

Cold Titanium

Good evening folks,

I have a few questions that I hope someone can help set me straight on. (Warning. This is kind of a brain ****. I just thought I'd post all this and maybe someone else in my same basic position could benefit...)

Background:

I am currently employed as a Network Analyst at a state college, and have been for 1 year. I have an Associates in Net/Sys Admin. I have several semesters of Computer Science classes (data structures, discrete math, etc) so I'm not completely ignorant of what CS people do. Currently I am enrolled in WGU and am majoring in IT-Security. I have about 44ish CU's left to complete.

My Questions (upon graduation from WGU):

1. Could someone with my sort of background find a place doing pen testing/surveillance/cyber warfare (<-I hate that term) work with the NSA/CIA/XXX? I know I need to buff up my programming skills and plan too. I really don't want to keep doing things like just monitoring switches, pulling cables, pbx phone systems, basic sys admin stuff. I'm not really grooving in the support roles. I'd really like to get more involved with stuff like hunting down cyber-crooks/installing bugs etc...I just love all those little spy gadgets. Big bonus if I get to carry a boom boom stick

2. Are agencies like this a decent place to work? Or are they stiffs with no room for transferring around, bad pay, etc? I've heard many varying opinions on this, so I'm not really expecting a definite answer. I know that every vocation has its fair share of politics and red tape, but government is infamous for it.

3. Related to #2. Are these agencies family friendly? Suppose in the future I do the seemingly impossible and actually manage to find a missus and we manufacture some mini-me's. Are these places known for pulling you away from home for extended periods of time? I'm ok with that occasionally, but I like to still lead a life of my own. Plus I need time for shredding on my sweet sweet Stratocaster \M/ xoxoxox \M/


Or would I be better off just pushing ahead and try to find the highest paying IT job I can? So that I can afford to run around play James Bond whenever I feel like it.

I've also considered maybe going into cryptography or physics...

If I wasn't so ambitious, I'd probably just start a cheesy rock band and roll with it...

Anyways, thanks for wading though all this! SO MANY THOUGHTS

Oh hey, this looks like a good thread: http://www.techexams.net/forums/jobs-degrees/84227-penetration-testing-companies.html

pram

The NSA is highly doubtful, I'm pretty sure their primary source of recruitment are PhDs from ivies since their role is more advanced cryptography rather than router janitoring.

I'd say employment with the Air Force or another branch is much more likely, in their respective 'cyber warfare' commands.

ptilsen

TLA agencies still use infrastructure professionals. PhDs can make more money in academics or private industry, usually. You'll see people from lots of backgrounds in information security roles at these agencies.

I'm not intimately familiar with the details, but from what I've seen they tend to have limited pay scales like most of the federal government agencies. There are certainly enough opportunities to do well, but over the long term it's a lot of money to turn down when compared to the private sector.

Iristheangel

1) Absolutely. I know people without degrees working in pen testing for the federal government. I would suggest getting the CISSP (not for pen testing skills but it's considered the security "gold standard" for the DOD) and then working through the Offensive-Security certification track if you want to get your foot in the door. Since you can still get a job for the government without a degree, I couldn't imagine having a degree in something security-specific hurting you but the above certifications will help you more and you'll learn something along the way. Backtrack Linux should become your best friend in the upcoming months

2) Depends on the agency and how deep you are. The NSA and CIA don't even like you discussing it with anyone if you have an interview but other agencies don't mind as much. If you need to get security clearance, be prepared for a drug test, a polygraph test, and your family members and former employers being called whether you give them that information or not so if you have any family members with bad blood towards you, it's time to mend fences depending on the the clearance.

3) From my understanding of government work, it depends but I'd say yes in most cases.

Also... another thing you can decide: Instead of being a direct employee of the government and being limited by their payscale (which isn't bad to begin with), you can consult for them if you build up your reputation and get the right networking in. That would bypass the whole "limited payscale" bit.

Edit: Check out internships as well. I put in my application for a few before I got this job and I just recently started getting some calls back. I have no desire to leave my current position but they definitely respond to our degree

Raisin

The NSA are a bunch of elitist assholes. Without a degree or an existing clearance your resume is just going into a black hole. About the only chance you have is with the internship route. Government contracting positions are probably easier to get into but you'll run into problems with them if you don't have a 4 year degree. If you hurry up and finish your degree there's a good chance a company will sponsor you for a clearance.

If you want to get into pen testing for the fun factor I'd suggest staying away from any government position. Your hands will be tied by an impossible layer of different rules, regulations, and laws.

MrAgent

If you want more info on NSA careers check their website.
Career Fields at the National Security Agency (NSA)

Cold Titanium

Thanks for all the replies...hmm...sounds like I may want to stay in the public sector, or as Iris said, do contract work.

The NSA are a bunch of elitist assholes

I wonder if they're partnered with Apple? Heh, thanks for the frank opinion Raisin.

Hey, I just had another thought. What about IT Security stuff for places like Casinos or High-end resorts? Lots of money involved. I like being around flashy stuff. Sounds exciting. Thoughts?

ptilsen

I still wouldn't rule out the three-letters, but there are plenty of other high-security industries where you can make good money. Financial Services, Defense Contractors, and Casinos are definitely big ones. Another big one is actually software and hardware engineering -- Apple, for example, actually has some pretty intense security, and a lot of other big, high-profile do as well (Blizzard, Google, Microsoft, etc).

Consulting or consulting firms are another obvious pick. There are security companies where they get to do some pretty fun stuff, and they definitely get paid well enough.

dt3k

For NSA it may not hurt to look into this: Cyber Summer Program for Graduates at the National Security Agency (NSA)

dmoore44

If you want to apply to NSA or CIA, be prepared for a long haul. For most people fresh on the federal job market (i.e. no previous security clearance), be prepared to spend at least one (1) year (yes, you read that correctly, 1 year) in their recruiting pipeline. Also, be prepared to not have much communication with them. You'll be assigned a POC, but you won't really get to talk with them unless they want something form you. And as Iris has mentioned, be prepared to have your life examined by the Hubble Telescope.

But in general:
1) To work at NSA/CIA, you'll absolutely need a degree or something that will mitigate your lack of a degree (i.e. a decade's worth of experience) that is directly applicable for the job you're applying to. It's going to be hard as hell for anyone to walk in off the street and get a job as a network warfare operator if you weren't already doing it in the military or have a ton experience that demonstrates that you're proficient at it. Those two agencies take the attitude that they shouldn't have to train someone to do the job - the person should be able to step in and perform from day one.

2) NSA/CIA are primarily based out of the DC metro area. So if you're wanting something specialized like network warfare, you'll need to move there. And as far as I can tell, there isn't much room to move around (i.e. they don't perform that mission from various locales). If you get a more generalized IT position (INFOSEC, sysadmin, etc...), I'm sure they have other facilities that you could transfer to. If you're concerned about pay, take a look at the federal pay scales on OPM.gov. They have base pay rates, and rates broken out by locale.

3) Federal agencies are by and large family friendly. But the mission you're tasked with may not be. And when you're dealing with intel or national defense, mission trumps all. So... take that for what it's worth.

the_Grinch

I have some experience in this arena so I can definitely help you out.

1. If "cyber warfare" is your game, you'll want to go with NSA. CIA is ramping up their teams, but they don't have the programs in place that NSA does. Of course you won't be hunting cyber crooks at NSA, but you'll definitely do some interesting work. Definitely start taking some programming courses, but NSA is very good with new graduates. See below for some jobs you might want to look into:

Our nation has entered a new era that brings profound changes to the way the National Security Agency conducts its mission. The explosion of the World Wide Web has created a need for the Computer Network Operations (CNO) mission. This very important mission is comprised of three major parts: network defense, network attack, and computer network exploitation. In order to carry out these functions NSA is looking for people who are highly skilled and impassioned about winning the war in cyberspace. These are NOT your average Computer Science or Engineering jobs!

As a Global Network Analyst you will evaluate target opportunities and strategize activities against particular networks. Use all source data to understand and map target networks. You may assist in developing detailed Exploitation and Operations Plans to be executed by cyber operators.
.
Qualifications

B.S. in Computer Science, Networking & Telecommunications, or Engineering preferred.
In-depth knowledge of modern telecommunications and information systems technologies
Knowledge of target analysis, target development, and computer network analysis.
Knowledge of computer network attack/security. Ability to recognize potential collection opportunities.
.

These are the other ones you'd want to look at:

NSA/CSS Threat Operations Center (NTOC) Cyber Development
Computer Network Operations Development Program <---This program has a direct route to the exploitation team
Intrusion Analyst Skill Development Program

You can go to their website and apply to those programs. Most revolve around a four year program building up your skills slowly under mentors and through courses (some in house, some vendor/certification related).

2. You'll be required to remain in your position for at least a year, usually two. Also, if in a development program you'll be expected to complete that and at that point you better love what you do because that is what you will be doing. That being said, like any government agency once you meet your time requirements you can apply where ever you like. CIA/NSA will have overseas assignments if that is something you would be interested in. Also, once you have the clearance, it makes life easier going to other agencies (DHS, FBI, Secret Service, State Department, DEA, ATF, ICE, etc). As far as politics go, that doesn't usually come into play until you reach your journeymen level. Usually you will hit a new grade level each year until you reach that journeymen level. Any gain in grade after that would be related to competing with others to get. That would be when you would hit some politics, but usually at that point they are supervisory or management position that you might not want.

3. Most agencies are fairly family friendly providing leave with the birth of a child or family crisis. That being said, if you are aiming for CIA/NSA you could be on a TDY somewhere with no chance of coming back before you were scheduled too. You'll have to weigh this before taking the job and obviously if given an interview you can ask about the chances of being TDY'd somewhere.

As far as backgrounds go, the TS/SCI with full scope polygraph is the gold standard and the biggest pain known to man. Anyone who has been through one will tell you they are not fun. Every aspect of your life will be probed and questioned. They will visit every place you lived in the past ten years. They will talk to neighbors, friends, family, professors, employers, and people you lived with at some point. They'll pull up all your finances and go over them in fine detail. The process can be as quick as three months, but as long as two years. A lot of things get factored into it, with the biggest being how many places you have lived and how spread out geographically they were. Once it's done, you get to look forward to being re-investigated every five years for the duration of your employment. Obviously, those will be quicker because they'll just be looking at new information.

But once you get a degree I believe you stand as good a chance as anyone else. Just know that they pay isn't going to be outstanding. Expect in the range of $45k to $60k. The area is very expensive to live in so be ready for that as well.

tpatt100

One thing I noticed that might help get recruited/noticed is making yourself known. Work on your personal brand online by starting a security blog, writing papers, doing projects that get attention, etc. The Internet is a great way to make a name for yourself part time from your home.

Way back Orin Thomas was a regular posted on a certification forum like this one that I used to hang out on all the time, become a moderator and eventually a bunch of books for Microsoft. sheesh I don't even remember the name of the forums not even sure it exists anymore.

theanimal

Despite what has been said in this thread, I have two buddies I went to high school with who in the last 1-2 years have been hired by the NSA. They were fresh out of college with a bachelors and geek squad being their only experience, and no security clearance prior. They're both jr. security analyst, and make probably 2-3x what anyone else with similar credentials makes. They're also very open about where they work. They never mention what they actually do besides "security", but it doesn't seem to secretive about actually working there.

Edit: Both of these guys are absolute idiots though, and from what I understand they basically sit around all day and do nothing.

Mike-Mike

interesting thread

the_Grinch

As we discussed previously, a lot of times government positions amount to just supervising contractors. Just make sure you get full disclosure and ask if you'll be doing the job or just supervising those that do it? The government likes to have one of their own to make sure the work that is suppose to be done is actually getting done.