Cyber Soldiers

A2_Matelot

LE
Book Reviewer
#3
There is a fair smattering of trades, of all Services - but clearly for a Soldier magazine article they focussed on the RSigs, who are the majority of the Army contribution.

I wouldn't stretch it as far as Counter-Intelligence, despite what many think a fair proportion of what they do is plain old ICS Service Management, admittedly with some very new and very useful capabilities that industry has developed that assist proactive and reactive CND.
 
#4
I wouldn't stretch it as far as Counter-Intelligence, despite what many think a fair proportion of what they do is plain old ICS Service Management, admittedly with some very new and very useful capabilities that industry has developed that assist proactive and reactive CND.

So is there a distinction between a Cyber Soldier and a Cyber Security Soldier in CND,or does one size fit all ?
 
#5
So is there a distinction between a Cyber Soldier and a Cyber Security Soldier in CND,or does one size fit all ?
No-one knows. Just remember, there are £650 million reasons everybody is claiming to be "cyber" nowadays.

There are other roles outside of Corsham. Some of them much more interesting than those.
 
#7
It's good for the soldiers there, as the training and experience will net them a £40K starting salary in civvie street. I'm not sure how they ended up in GOSCC, though.
 
#8
I think it's fair to say there is a fair bit of artistic licence in that article. If the Watchtower application they are using is the one by Cittio, they'd have more chance of monitoring any potential intrusions using the Jehovas witness magazine of the same name.
 
#10
err, they work in 'cyber' and their sticking their names all over the internet ?!!? A LOT of artistic licence and no understanding of CI/CE it seems........
'Cyber' is like 'Int' a routine boring job carried out by people who can be replaced at the drop of a hat in the majority of cases.

This role is nothing more than application support. Routine tasks with common tools, many of which can be obtained for free.

Why does everyone think that everybody has to hide their ID just because they do a job?
 
#11
'Cyber' the latest buzz word thrown around as 'sexy' by those normally attempting to sell something which was either supplied at a reasonable rate or in response to some alarmist clap-trap before HMG found a pot of money marked 'Cyber - Security'.

Had a meeting today with a guy I last met 3 months ago. Then he was an Information Security Consultant on his business cards, today he is magically a Cyber Security consultant still doing the same job. Once the pot runs dry I expect he will be printing another set of cards up with some new title and will still be doing exactly the same job as me.

Only another 15 years till I retire............ :)
 
#12
I generally agree, and detest the word 'cyber', especially when it's suffixed by some military-sounding word. There really is no 'cyber war'.

In civvie street the proper Information Security work is done at the executive level by people who know their organisation's network inside-out and where the vulnerabilities are. In fact, some of them pen-test every bit of hardware and software in a network, making damn sure nobody outside it can get past the security. They have to be skilled in networking, programming, cryptography, pen-testing, etc. and be directly involved in the design, procurement and implementation. This is what stops criminals emptying your bank account, basically.

Anyone working in that role for a high-profile organisation is better off not revealing their name or who they're working for, as a matter of personal and operational security. Social engineering and blackmail does happen.
 
#13
I generally agree, and detest the word 'cyber', especially when it's suffixed by some military-sounding word. There really is no 'cyber war'.

In civvie street the proper Information Security work is done at the executive level by people who know their organisation's network inside-out and where the vulnerabilities are. In fact, some of them pen-test every bit of hardware and software in a network, making damn sure nobody outside it can get past the security. They have to be skilled in networking, programming, cryptography, pen-testing, etc. and be directly involved in the design, procurement and implementation. This is what stops criminals emptying your bank account, basically.

Anyone working in that role for a high-profile organisation is better off not revealing their name or who they're working for, as a matter of personal and operational security. Social engineering and blackmail does happen.
I beg to differ, at Executive level there are good risk specialists. Technical security is delivered by an army of monkeys and the biggest risks are with people not PCs.
 

A2_Matelot

LE
Book Reviewer
#14
'carried out by people who can be replaced at the drop of a hat in the majority of cases.

This role is nothing more than application support. Routine tasks with common tools, many of which can be obtained for free.
So utterly wrong.

Whilst the guys in Corsham are in CND their skillsets are heavily developed and hence they are not so easily replaced which is why they are on longer posting cycles and their toolsets are quite unique.
 

A2_Matelot

LE
Book Reviewer
#15
I think it's fair to say there is a fair bit of artistic licence in that article. If the Watchtower application they are using is the one by Cittio, they'd have more chance of monitoring any potential intrusions using the Jehovas witness magazine of the same name.
There isn't, it's not..
 
#16
So utterly wrong.

Whilst the guys in Corsham are in CND their skillsets are heavily developed and hence they are not so easily replaced which is why they are on longer posting cycles and their toolsets are quite unique.
Not in the least wrong these skills are ten a penny in the real world.
 
#17
I beg to differ, at Executive level there are good risk specialists. Technical security is delivered by an army of monkeys and the biggest risks are with people not PCs.
The biggest risks are indeed with the people using the system, and security has to minimise that as much as possible. In fact, almost all malware relies on some method of social engineering to work.
The infosec people are technical staff who often report to the directors/presidents and have the highest security clearance. You really couldn't have an 'army of monkeys' doing that, because they'd have middle management constantly over-riding them.

'Not in the least wrong these skills are ten a penny in the real world.'

Again, it depends what those skills are. Cryptography? Assembler programming?
 
#18
Not in the least wrong these skills are ten a penny in the real world.
Not entirely true Western, A2 has alluded to the fact that they stay in place longer for a reason.

There are a lot of people out here in 'the real world' with the tools and think they have the skills. The experience to actually interpret what is a threat and what is background noise is another matter.
 
#19
Not entirely true Western, A2 has alluded to the fact that they stay in place longer for a reason.

There are a lot of people out here in 'the real world' with the tools and think they have the skills. The experience to actually interpret what is a threat and what is background noise is another matter.
I see I am attracting a lot of cliches.

Network security is a pretty much bottom feeding part of Information Security.

A lot of people in the real world have skills far superior to the tiny number of uniformed service personnel.

Saying that most IT security types are those who can not make it in mainstream IT. The 'interpretation' argument is mainly myth.

If it is that great why is everyone in the article an OR?
 
#20
I see I am attracting a lot of cliches.

Network security is a pretty much bottom feeding part of Information Security.

A lot of people in the real world have skills far superior to the tiny number of uniformed service personnel.

Saying that most IT security types are those who can not make it in mainstream IT. The 'interpretation' argument is mainly myth.

If it is that great why is everyone in the article an OR?
Very good question. The guys in the article currently have more limited roles and skill sets than their civvy counterparts, but that's likely because the GOSCC have a very large team handling the security. Each person there would only see one aspect of the security, unlike the real world, where the same roles could be handled by one person or a very small team.

I see the GOSCC as a training ground for developing the personnel from IT staff into full infosec professionals. It takes time.
 

Similar threads

Latest Threads

Top