Cyber security specialist...


Book Reviewer
"The Defence Secretary will also announce new specialist roles for the reserves including cyber security, intelligence, linguistic and medical duties. The regenerated forces will also play a part in homeland security and policing roles."

Defence shake-up means our smallest Army since the Boer War - Telegraph

Will be interesting to see what this entails..

The spooks have been complaining for some time that they can't keep hold of cyber types due to the salaries offered in the civvy realm.

Can't honestly say that I hold out too much hope for the breadth of the role ( by the numbers, left button click!) though if it is reasonably meaty it might tempt me out of retirement...
A couple of potential problems:

1. The government can't get proper 'cyber' security on the cheap, or as a commodity. It might even involve scrapping a lot of expensive kit and building almost from scratch.

2. A lot of the high-level decision making has to be done by the security experts themselves, not by politicians, to avoid the kind of cock up we saw with JPA. It probably means a lot more commissioned officers than the MoD wants.


Book Reviewer
I can't see much but problems to be honest!

I suspect the role will be more along the lines of making sure no-one puts anything rude on facebook than it's name suggests.
I can't see much but problems to be honest!

I suspect the role will be more along the lines of making sure no-one puts anything rude on facebook than it's name suggests.
That troop already exists, as anyone who has done OPTAG recently will know. The real int these days is on twitter anyway.
Makes sense. If Flight's read that correctly, it's going to be like LIAG on a larger scale, assuming the reserves can recruit a decent number from information security. Not sure how it's going to work out in practice, though.
Listed on the Army's public site under Land Information Assurance Group:

  • Penetration testing
  • Web Application Testing
  • Database Security Testing
  • Vulnerability Assessment
  • Network Traffic Analysis
  • Computer Forensics
  • Compliance Checking
  • Incident Handling
  • Firewall Testing
  • Wireless Network Scanning
  • Intrusion Detection
In civvy street, it's a massively comprehensive area known as information assurance, and involves checking for every conceivable vulnerability in a network, computer systems, software and sometimes physical security, and then fixing whatever weaknesses they find. It's especially important in the case of commercial systems used by high-profile organisations, since the updates and patches you get from Microsoft, et. al. are typically released a couple of months after someone discovered the vulnerability.

The forensics side is essentially about pulling data off a system and going through it meticulously to establish the most accurate possible reconstruction of events leading up to something. The procedures vary depending on whether evidence needs preserving, and there are several very different types of analysis that might be used.

'Right, I read that, but how does that work in practice? Do they sit in tents pen testing webapps?'
Forensics work mostly involves sitting in a lab eating pasties :)
ok, before this all gets really mega :)

In my day job, one of my hats is IA. I am a "Security Champion" (yes, we're trying to come up with a better name because this is shite)

I do,
# Penetration testing
# Web Application Testing
# Database Security Testing
# Vulnerability Assessment
# Network Traffic Analysis
# Incident Handling

So, what sort of applications do they test?
Should have checked. Stupid me :)

I should imagine they test most the commercial equipment and software the Army's using, without naming anything. Can't tell you much more beyond what's published on the Army's site.
'blue sky and new horizons????'

Could be. I've missed the Signals a bit over the past couple of years.

'Ooops.... from last year, the LICSG requirement can be shortened to computer forensics and virtualisation'

As server virtualisation and forensics, or in the sense of live analysis? If it's the latter, it's a novel way of diagnosing OS problems.

Any luck?


Book Reviewer
Cyber security or IA is very specialised. There are a few degree courses knocking about which deal with it but realistically employers would be looking for certifications ( ethical hacker etc). Most of the time you'd be looking at a CompSci who has taken the trouble to do one of the certs so the total educational time is going to be in the order of 6 years (2 yrs college, 3 uni plus cert). I'm not sure about the IA certs but some vendor specific certs are so far above degree level that it isn't funny. The sort of things that high class nerds actually have to work at to pass.

With all due respect to the regs this isn't a skill which is readily transferable to recruits, nor is it one you would wish to in many cases. Hence why the LIAG appears to offer commissions along with great flexibility. I think their arsepedia page mentioned that if you see one of them firing their rifle then be very, very afraid!

If cyber security was to become a more mainstream cadre then I think you can forget about the Army training peeps up in pen testing etc. There is already strong rumours of FRU bods selling their services to tabloids. I'd imagine it would limbo under the requirements for SC hence I'm thinking very basic.

TA coys don't, to the best of my knowledge, have int officers or anything similar on the scale required to keep squaddies safe from themselves. I'm sure all of us see many of our friends on facebook discussing details of training weekends and posting pictures of themselves posing with weapons, no doubt also accepting friend requests from any bit of skirt with a nice photo. I do recall talking to a chap who said that three bomb disposal chappies in his unit had all received friend requests from the same female so the threat is certainly real.

I'll be interested to see what they come up with but recruiting good CompScis would have to be done despite the threat of exercise. Maybe recruiting more skirt with particularly low self esteem would be a good start, or offering paid midweek dungeons and dragons sessions.....

New Posts

Latest Threads