http://www.wired.com/news/politics/0,1283,54850,00.html By Michelle Delio 2:00 a.m. Sep. 3, 2002 PDT The carefully coiffed men wearing suspiciously shiny shoes are at every major computer security convention. They are there to remind hackers that law enforcement is always interested in their activities. They are also there to encourage security experts to become special agents. But after responding to the agency's appeals for computer security experts, aspiring G-men hackers sadly say that their names will never appear on the FBI's Most Wanted Job Applicants list. Although their technical abilities should allow them to qualify easily as agents, their ethics, age and/or physical fitness levels excluded them. Mike Sweeny, fueled by renewed patriotism after Sept. 11, wanted to offer his 20-plus years of experience in computer security to the FBI. But he was disheartened by job requirements that required him to have a college degree, be under 37 years old, morally irreproachable ... and physically fit. "They will not consider you unless you can carry your M16 through the physical fitness course without killing yourself in the process," Sweeny, maintainer of the PacketAttack website, said. "Most of the geeks I know view exercise as carrying the 80-ounce cola, pager and cell phone all at the same time." The FBI does have non-agent positions for people who are highly skilled in areas such as computer forensics (collecting evidence from computers). Those who don't qualify for agent positions can still serve as civilian employees, according to an FBI spokeswoman. But "in the FBI, if you're not an agent, you're on the bottom of the food chain," Richard Forno, an independent security consultant, said. The FBI admittedly needs help with its technical systems. The agency recently requested $76 million just to get their databases in order -- to convert some of the roughly 1 billion documents sitting in file cabinets into an electronic and easily searchable system. The agency has also requested an additional $730 million, over the $400 million originally budgeted, to implement "Project Trilogy" -- a general technology update intended to bring the FBI computer systems into the 21st century. The project was dubbed Trilogy because it's the third attempt to upgrade the FBI's technology into a system that would be truly useful. Computer security experts stress the FBI also needs to upgrade its hiring requirements if the agency really wants to attract experts. Besides the physical specimen specifications, many who are skilled enough to be able to protect a network from sophisticated attacks would probably not be ethically acceptable to the FBI. "In order to be a good computer security person, you must think like a black-hat hacker and be able to understand the tools and methods of the dark side," Sweeny said. "Right there, you are in a very gray area, in the feds' opinion." Job requirements for an agent also require an applicant to have a felony-free, just-say-no history. "One question on the application asked if you'd smoked pot more than 15 times," Sweeny recalled. "Fifteen times? What's up with that? Fifteen is the magic number?" "If the feds want the hackers bad enough, then yes, they should peel away the red tape which now prevents them from working directly for the government," security consultant Rob Rosenberger said. "But hiring practices suck in the fed's computer security arena, just like they suck in every other fed arena." Rosenberger added that even if a person were an acceptable job applicant, it would not guarantee that the person would work with computers. "You won't get a position in computer security until you've worked at least five years on the beat, preferably in physical investigations," Rosenberger said. "They'll grudgingly let you past if you just do forensics, but they feel you really should chase bad guys with a gun before you chase bad guys with a computer." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Sep 04 2002 - 02:06:49 PDT