Over Arching Issues
Lately I have been thinking a lot about the state of our military and the nation in its entirety when it comes to protecting information that is personal, private, or puts our country at risk.
One of the biggest problems I see is untrained personnel being put in to positions which they are not ready for. When dealing with Cyber Security it has to become who you are. I do not mean that you can't have a family or even a life, but you have to be able to keep up with an ever changing field.
Within the military, service members so often get sent to school and then put on the back burner with no further training until they can't find a civilian willing to do the job. I have nothing against civilian workforce to supplement the military and a lot of times their companies are willing to train them to do the job and become the SME in that particular job. However, a lot of times the service members are held back from doing the jobs they were trained to do as to make availability for the civilian workforce. In my opinion this is one of the biggest problems our military faces. When these service members then get deployed or have to actually perform the job they can't or need help since they haven't been given the opportunity to perform job specific functions that they have trained for.
This is why I say you have to become the job or rather let cyber become you. If you spend at least an hour or two practicing and perfecting that which you are expected to know or want to know in your off time it will help. I know I myself have found it very easy to learn just about anything when taught as I take the time to teach myself many aspects of the IT/Cyber realm. Yes it has taken time away from my family, but I do it not just because I love it but because I know that one day I will be in that position to make a difference. The time may be a day from now or years from now, but I will be ready.
So I challenge every service member out there who thinks they are an expert in their field to take the hardest certification available for that perspective field. No, I don't mean go pay for it, but take a practice test and if you aren't passing with at least a 90% then you are not an expert at all. I know for a fact that at one time I thought of myself as an expert in all things computer related and have been humbled on many of occasions. There is always someone that knows more than you, and always something more you can learn. I know I will continue to pursue the art of being a White Hat and learning the ins and outs of ethical hacking and penetration testing so one day I can help the military or any US based company better prepare themselves for what is destined to come.
In the civilian world I see quite a few problems as well. Many companies are not willing to put forth the money that is required to properly protect their networks. It is not always hardware that is required to defend a network but sometimes just having the right people to review the log files or configure the existing equipment. The problem is that many companies either don't know what type of person to hire, or are only willing to hire those with degrees to do the job.
Again, it is my opinion that some of the most intelligent people don't have degrees, or certifications. Some live and die by the keyboard and as long as you are willing to pay them, they can secure your network better than any college graduate out there. I wish I had known some of these people growing up as they would have taught me programming, networking, and exploitation long before now. I was turned down from many jobs prior to enlisting in the Army simply because I didn't have my degree yet, or when I did get it, my GPA wasn't high enough. This I believe is the wrong answer as you shouldn't need a degree to prove your aptitude with technology.
These are just some of the problems I see and I know I will continue to grow and learn as the days go on. If you have any suggestions, material, or things that can help me to grow in cyber security please let me know.