A security engineer who goes by Aloria posed a blunt question on Twitter last week: “How the hell does the CISO [Chief Information Security Officer] of the FTC make less than I do..?” asked Aloria, who works for Tumblr — a place she describes as a “cat meme sharing site.”
Aloria’s tweet, included a link to a job opening at the federal consumer protection agency, which promises to pay up to $160,000 for a CISO. In response, I questioned (perhaps impolitely) whether the point was a fair one. After all, the FTC is the public sector and, for many Americans, $160K would be a very fine salary to live in Washington, DC.
But suffice to say Twitter sided with Aloria in no uncertain terms. A group of security types piped up and said, in effect, “you get what you pay for, and no CISO worth her salt is going to take a big pay cut to muck around at some agency—that’s why government IT is so crummy.”
I understand, but am still not sure I agree. First, the government is never going to compete with the private sector on wages. All it can offer is some prestige (perhaps) and a sense of public mission. And even if we agree the FTC should pay more, who among you would like to pay more tax to make it happen? I thought so. And keep in mind, this is one security officer at one agency. Any proposed pay raise would also have to be replicated for specialized jobs across the civil service.
Meanwhile, Geoff Belknap, the chief security officer of business messaging service Slack joined in to argue that crucial skills require something closer to market based compensation—and that the “more tax” argument is a false tradeoff. So there you have it. The debate remains open. We’ll see how President Trump addresses this perceived security skill shortage in government. Thanks for reading—lots more cyber tidbits below.
Jeff John Roberts
@jeffjohnroberts
jeff.roberts@fortune.com
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
THREATS
So much for that 400 pound guy sitting on his bed: Following a briefing with intelligence officials, President-elect Donald Trump finally acknowledged that a hacking campaign directed at U.S. targets, including the DNC, may have been carried out by Russia. (New York Times)
Feds give an F to D-Link over routers: The FTC filed a complaint against the Taiwanese company over a number of alleged security sins, which include hard-coding passwords and leaving user log-in credentials unprotected. The move is part of larger FTC campaign to get IOT makers to tighten up. (Network World)
When the Geek Squad guy is a G-man. In a child pornography case, the defendant points to $500 payments from the FBI to a Geek Squad tech (who found the porn) to argue the search of his computer was unconstitutional. (Fortune)
New year, same old DDoS: The closure of a popular DDoS-as-a-service forum in October should have, in theory, reduced the volume of attacks. Nope. The service is still thriving, typically through sites that offer tools to "stress test" a website. (CSO)
Oh, and if you forgot a holiday gift for your favorite hacker, how about this fine Stuxnet scarf?
Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/
Looking for previous Data Sheets? Click here.
ACCESS GRANTED
Some media outlets blew it big time by reporting the Russians had hacked the power grid and could might plunge Vermont into darkness. Fortune's Robert Hackett breaks down what really happened:
The dubious attribution to Russian hackers in the Burlington Electric incident—specifically, to Russian hackers associated with U.S. election mischief—arose because the utility had detected Internet connections that seemed to be linked to "Grizzly Steppe," per the government's report, despite the intelligence containing a range of IP addresses not exclusive to that hacking campaign.
Read more on Fortune.com.
FORTUNE RECON
Vicious New Malware Freezes Apple's Computers by Jonathan Vanian
Hear the 'Hacked' Vermont Utility Manager in his Own Words by Robert Hackett
Mobile Security Turns Into Big Business for Cyber Firms by Jeff John Roberts
Australia Leads $45M Investment in Data Security Startup by Robert Hackett
5 Hacking Stories You Have Missed Over the Holidays by Jeff John Roberts
Why Trump and Assange Are Wrong About a "14 Year Old" Hacker by Jeff John Roberts
ONE MORE THING
The real story on Snowden: Edward Jay Epstein's new book How America Lost Its Secrets: Snowden, the Man and the Theft promises to be the definitive account on the NSA contractor. Excerpts are not kind compared to Oliver Stone's recent bio-pic and punch major holes in the Snowden story so far, though Epstein also states the good that came out of his deeds. (Newsweek, Wall Street Journal)
