Information Assurance Jobs

personnel security

January 23, 2014 by Bruce Brown Leave a Comment

Personnel Security is an important part of Information Assurance, risk management and information security. Its a part of the equation that happens in the background.

Personnel security is to ensure that everyone with security responsibilities at the organizations site meet the trustworthiness investigative levels for users with IA management access to defense information systems. This is as established in Section E3.4.8 of DoDI 8500.2.

Personnel security makes sure that only individuals who have a valid need-to-know that is demonstrated by assigned official government duties and who satisfy all personnel security criteria. This includes people with administration rights and those doing sensitivity background investigation requirements since they are granted access to information with special protection measures or restricted distribution as established by the information owner. All individuals requiring access to classified information are processed for access authorization in accordance with DoD personnel security policies. This includes maintenance personnel, since they also need to be cleared to the highest level of information on the system.

Personnel security is an important job for making sure that the right people are hired to handle sensitive information.

computer network defense

January 23, 2014 by Bruce Brown Leave a Comment

Computer Network Defense is listed in the DoDD 8140, Cyberspace workforce has as a task among the Protect & Defend Category.

Job Description of Computer Network Defense

The actual work of Computer Network Defense covers Protect & defend and Analyze and possibly other categories. A system security analyst doing CND work is expect to monitor, detect and respond to security incidents on the network. They need to be familiar with not only information system security tools to monitor network traffic but they must also be able to know what the actual packets look like with certain patterns emerge on the network. They must be familiar with certain patterns to detect network attacks and be familiar with incident handling.

Tools of Computer Network Defense

System security analyst performing CND work should be able to use a packet sniffer (protocol analyzer) such as wireshark and etherape. The are also expected to be knowledgeable of certain Intrusion Detection System (such as Snort). Or they can also have working experience with Intrusion Prevention Systems. Since there are so many products that do very similar work of IPS, IDS, or packet analyzer knowing one really good and having a little hands on with others is usually ok. What is important is knowing signature system attacks well enough to detect them when they occur, understanding ports, protocols and services and being intimately familiar with network packets.

Computer Network Defense Certification

GIAC Certified Intrusion Analysts (GCIAs) – The top of the food chain for security analysts doing pure analyst work. Highly, highly respect intrusion cert.

GIAC Certified Incident Handler (GCIH) – Help certification to establish yourself.

CISSP – not really relevant or specialized for incident analysis but accepted like a VISA card.

Security+…not so much.. its like bringing a knife to a gun fight.

entry level information assurance jobs

January 22, 2014 by Bruce Brown 1 Comment

There are a lot of entry level information assurance jobs for IT professionals wanting to specialize or for college students wanting to get there first year of experience or even those brand new to the Information Technology.

What ever the case, an information assurance job is a great start.

The best situation you can be in when attempting to get entry level information assurance jobs is to have some IT experience doing system security. Experience such as applying system security controls, installing patches, running vulnerability scans with tools like nexpose, retina, nessus or working with organization policy makers creating system security plans and standards for the network.

No Technical skills necessary for entry level information assurance jobs

The most appealing thing about entry level information assurance jobs is that you don’t always have to be technical because there are Information Assurance jobs that focus entirely on writing policies and creating standards. While you don’t need specific hands on technical experience, you should have a working understanding of the technology you create standards for. For example, you don’t have to know how to configure the screen saver on a RedHat system, but you should understand why its important that the automatic screen locking/screen saver mechanism be implemented or why it should not.

8140 entry level Information assurance jobs

Entry level information assurance jobs for people who don’t know ANYTHING

In some cases, you don’t even need to understand IT to start. Some positions only require that you have the appropriate security clearance and be able to work with others and all the rest you can learn as you go. Since certain security clearance levels are hard to get and maintain and expensive for a company to get for you, they have a lot of leeway for entry level information assurance jobs.. and even high level IA jobs depending on the security clearance level required.

Security Provision entry level information assurance jobs

Information Assurance Compliance requires that you know government regulations 80% and have a 20% understanding of the technology you will apply it too. Although IA compliance should only be reserved for seasoned IT veterans, managers typically allow ANYONE in these positions because most IT professionals HATE doing compliance. (see dod 8140 for more info)

Operate & Maintenance for entry level information assurance jobs

Information Assurance Officers (Information System Security Officers) is a great entry level information assurance job. It gives immediate exposure to HOW information assurance is applied. Operations & Maintenance also has Tech Support, and basic system administration that are great entry level information assurance jobs. (see dod 8140 for more info)

Certification of Entry level Information Assurance Jobs

As of this writing (2014) most entry level IA positions will require either a degree or experience with a Comptia Security+ certification. Sometimes an organization will hire you with the understanding that you will get one. But that has become rare these days.

security engineer

January 22, 2014 by Bruce Brown 1 Comment

System Security Engineer is a critical job in the cyberspace workforce. As information technology has become a centerpiece for our lives, the security of IT has been more and more in demand. A security engineer is expected to have a working understanding of IT enough to be able to strike a balance between operational functionality and application security controls.

System Security Engineer (ISSE, CSSE, SSE I/S Security Engineer) actually can mean anything.. So you actually need to read the job description. But in this post, I am referring to SSE from the perspective Risk Management and DIARMF.

DIARMF Select balance — DIARMF
blog.eircomforbusiness.com/profile/Andy (andy O’Kelly, eircomforbusiness.com)

And Risk Management SSE needs to be savvy enough with the operational needs and security needs to balance the risk. While a security engineer does not take risks of the organization they work for, they do consult the decision makers that do take risks.

Many security engineers are not hands on. Meaning they might not touch the servers or configure routers, but they must know enough to orchestrate the over all security of the organization or system they are assigned to.

System Security Engineering Tasks

I have been in system security engineer positions where I did have hands-on tasks working directly with the system administrators and I have had some where I rarely even seen the systems that I wrote system security plans for.

System Security Engineers do consultation where they are working directly with information owners, project managers, information system security managers or technical security practitioners to come up with the most cost effective strategy for applying security controls with a certain level of effort within a certain time constraint. A good security engineer understands all these factors and make sure the decision makers are well informed. As an SSE the last thing you want to do is a prima madonna and attempt to put security beyond the scope of the operational mission. And don’t be a hero, even if you really care about the mission you must ALWAYS remember the risk is not yours to bear and neither is the decision of what security controls (if any) will be applied.

Tasks of a system security engineer

System security engineers do system security related documentation such as system security plans, plan of action and milestones, security assessment reports and other supporting documentation.

A day in the life of a system security engineer might consist of attending configuration management meetings, meeting with system administrators to address new challenges, writing authorization packages, coordinating with other units to complete an authorization package, reading the latest change to a regulation or organizational standard, WRITING an organizational standard and in some cases they are actually doing security administration on some system.

CYBER System Security Engineer (CSSE)

With Dod 8140 and the cyber-ization of the every goddamn thing! I believe the new term will be CYBER System Security Engineer (CSSE) and in the past it was commonly refer to as an Information System Security Engineer (ISSE).

As stated above and SSE can be just about anything computer security related. I have been a SSE and done nothing put paperwork but also been an SSE and done mostly installations of system security controls. My former co-worker just got a position as an Information System Security Engineer (I/SE) and he will be doing all ArcSight admin stuff.

dod 8570 chart

January 21, 2014 by Bruce Brown 3 Comments

The dod 8570 chart is designed to provide guidance for government agencies (mainly in defense) to categorize and identify certification of personnel conducting Information Assurance (IA) functions.

Defense Information Assurance workforce is broken up into category, specialty, level, and function to for better protection of confidentiality, integrity and availability of DoD information, information systems, and networks.

Information Assurance Profiles DoD 8570:

IA Management Level I	IAM Level I personnel are responsible for the implementation and operation of an Information System (IS) within their CE. Personnel ensure that IA related IS are functional and secure within the CE.
IA Management Level II	IAM Level II personnel are responsible for the IA program of an IS within the NE. Personnel in these positions perform a variety of security related tasks, including the development and implementation of system information security standards and procedures. They ensure that IS are functional and secure within the NE.
IA Management Level III	IAM Level III personnel are responsible for ensuring that all enclave IS are functional and secure. They determine the enclaves’ long term IA systems needs and acquisition requirements to accomplish operational objectives. They also develop and implement information security standards and procedures through the certification and accreditation process.
IA Technical Level I	IAT Level I personnel make the CE less vulnerable by correcting flaws and implementing IAT controls in the hardware or software installed within their operational systems.
IA Technical Level II	IAT Level II personnel provide network environment (NE) and advanced level CE support. They pay special attention to intrusion detection, finding and fixing unprotected vulnerabilities, and ensuring that remote access points are well secured. These positions focus on threats and vulnerabilities and improve the security of systems. IAT Level II personnel have mastery of the functions of the IAT Level I position.
IA Technical Level III	PIAT Level III personnel focus on the enclave environment and support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the CE, NE, and enclave environments. IAT Level III personnel have mastery of the functions of both the IAT Level I and Level II positions.
CND-SP Analyst (CND-A)	CND-A personnel use data collected from a variety of CND tools (including intrusion detection system alerts, firewall and network traffic logs, and host system logs) to analyze events that occur with their environment.
CND-SP Infrastructure Support (CND-IS)	CND-IS personnel test, implement, deploy, maintain, and administer the infrastructure systems which are required to effectively manage the CND-SP network and resources. This may include, but is not limited to routers, firewalls, intrusion detection/prevention systems, and other CND tools as deployed within the NE or enclave.
CND-SP Incident Responder (CND-IR)	CND-IR personnel investigate and analyze all response activities related to cyber incidents within the NE or Enclave. These tasks include, but are not limited to: creating and maintaining incident tracking information; planning, coordinating, and directing recovery activities; and incident analysis tasks, including examining all available information and supporting evidence or artifacts related to an incident or event.
CND-SP Auditor (CND-AU)	CND-AU personnel perform assessments of systems and networks within the NE or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. CND-AUs achieve this through passive evaluations (compliance audits) and active evaluations (penetration tests and/or vulnerability assessments).
CND-SP Manager (CND-SPM)	CND-SPMs oversee the CND-SP operations within their organization. CND-SPMs are responsible for producing guidance for their NE or enclave, assisting with risk assessments and risk management for organizations within their NE or enclave, and are responsible for managing the technical classifications within their organization.
IASAE I	Applies knowledge of IA policy, procedures, and structure to design, develop, and implement CE system(s), system components, or system architectures.
IASAE II	Applies knowledge of IA policy, procedures, and workforce structure to design, develop, and implement a secure NE.
IASAE III	Responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system or system component for use within CE, NE, and enclave environments
General User	A user who is granted use of Government Information Systems (IS) and access to Government networks. This is not an IA position.
Power User	Personnel with limited administrative privileges to their PC only. This is not an IA position.

DoD 8570 Chart is being replaced soon with DoDD 8140, Cyberspace workforce which will have 7 high level categories under a National Initiative for Cybersecurity Education framework:

Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.

These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out.

information assurance awareness certificate

January 21, 2014 by Bruce Brown Leave a Comment

One of the most unavoidable rituals of getting an account on any Defense network is getting a “information assurance awareness certificate”.

Information Assurance Awareness Certificate Pages:

iase.disa.mil/index2.html
Army: ia.signal.army.mil/DoDIAA

The test is about 20 knowledge based questions that are fairly easy. Even if you are not familiar with the way Defense does things, you can just take the test a few times until you pass it.

Here are some examples of the information assurance awareness certificate: