White House's Cybersecurity Guy Proud Of His Lack Of Cybersecurity Knowledge Or Skills

from the say-what-now? dept

So we were just writing about how the White House appeared to be going with a security by obscurity tactic in denying an Associated Press FOIA request concerning the security behind Healthcare.gov. Specifically, the request was denied because the White House claimed that revealing such info might help hackers. As we noted, if revealing the basic security plan you're using will help hackers, then you're not secure and chances are you've already been hacked.

Of course, perhaps the reason why the cybersecurity is so awful is because the White House's "cybersecurity coordinator," Michael Daniel, not only isn't a cybersecurity expert but thinks that's a good thing. I wish I was joking. After spending a few minutes talking about all his training at Princeton and the Kennedy School at Harvard taught him to communicate well and "break down problems" he dismisses the need for actual technical knowledge.
You don't have to be a coder to really do well in this position. In fact, actually, I think being too down in the weeds at the technical level could actually be a little bit of a distraction..... You can get taken up and sort of enamored with the very detailed aspects of some of the technical solutions. And, particularly here at the White House... the real issue is to look at the broad, strategic picture and the impact that technology will have.
Now there is some truth to the idea that it's important to be able to look at the bigger picture, but when you're talking about cybersecurity, part of the way that you can look at the bigger picture is to actually understand the technology. That's not "a distraction" it's part of the core and necessary knowledge to then do the job of a cybersecurity coordinator. People who don't spend much time with these things view cybersecurity and technology as a kind of "magic." But it's not. Nor is technology economics, but Daniel thinks it is:
But the other issue in my mind is that at a very fundamental level, cybersecurity isn't just about the technology but it's also about the economics of cybersecurity. Why companies choose to invest the way they invest. It's about the pscyhology of cybersecurity. You know, one of my sayings is that 'expediency trumps cybersecurity every time' meaning that people will prioritize convenience over being secure many times. So you need to have the understanding of those kinds of factors: the psychology, the economics, the broad policy, the politics with a little p, in addition to the technology. So you need to be more of a generalist than having a lot of expertise particularly in the technological side.
Yes, in addition to the technology. All of those things are important, but they're mostly useless if you don't understand the underlying technology. He's then asked what are the biggest challenges and... after talking about how important it is to understand the psychology and economics (more important than the technology) he admits that he doesn't actually understand the psychology and economics. Because, apparently, he wants to make sure that he has none of the job qualifications for the job.
There are a few [challenges] that I can identify. One is that we don't actually truly understand the economics and psychology behind cybersecurity. We know that a huge number of intrusions rely on known fixable vulnerabilities... We know that intruders get in through those holes that we know about that we could fix. The question is, 'Why don't we do that?' That clearly leads me to the conclusion that we really don't understand all of those economics and psychology well enough.
So there you have it folks. The White House's cybersecurity expert doesn't have the technological expertise, but insists it's okay because he's focused on the economics and psychology of the fact that people don't patch their computers -- and then admits he has no idea why that happens.

This doesn't make me feel any safer.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 5:33am

    Par for the course with this administration. Nothing but doublespeak and no actual knowledge of the problem.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    David, Aug 22nd, 2014 @ 5:33am

    See it this way:

    You would not want to have a junkie lead the War Against Drugs.

    Actually, if you think rationally about it... No wait, the whole point of the War Against Drugs was not to think rationally about it.

    So there.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Ninja (profile), Aug 22nd, 2014 @ 5:39am

    Who would have thought, I'm also a cybersecurity expert! I shall apply to a job in the US Govt. Ahem.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 5:47am

    Spells at Princeton, Harvard, probably showed an uncanny ability as a baby to choose the right parents, maybe even has his own hair and teeth. He seems to tick all the boxes, where's the problem? Sounds like jealous nitpicking, let's see ya'll get the job then. Thought so.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    That One Guy (profile), Aug 22nd, 2014 @ 6:00am

    So I have no idea how to fly a plane, the regulations pertaining to aircraft, or the mechanics of them. On that note, anyone know if the FAA is looking for a new administrator, because is he is any indication, I'd be very qualified for the position.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Jay (profile), Aug 22nd, 2014 @ 6:09am

    Holy...

    "Ignorance is bliss" should not be a campaign slogan for ineptitude and lack of transparency.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Rich Kulawiec, Aug 22nd, 2014 @ 6:09am

    I wish you were kidding, too

    This is the kind of position where I'd like to see a Spaf, or Schneier, or Forno, or Ranum, or Appelbaum, or Kaminsky, or Halderman, or Landau, or Bellovin, or (insert additional names that should be on the short list as well).

    The challenges are enormous. The risks are numerous. The technology is complex. The scale is huge. All of those factors beg for someone with long, deep and broad security expertise, not for someone who's a self-pronounced newbie.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    That One Guy (profile), Aug 22nd, 2014 @ 6:12am

    On a more serious note, can the press and everyone else please start giving people proud of their stupidity(not ignorance mind, everyone starts out ignorant, you're only 'stupid' if you choose to stay that way) the mocking they so dearly deserve?

    Expecting them to be fired after admitting that they are clearly not qualified for the position would be nice, but probably a bit too much at this step, but public mockery and derision seems completely doable, and more certainly deserved.

    Refusal to take them seriously or give them air-time would also be nice, paying attention to morons proud of their stupidity just encourages them, and makes them feel like their opinion on the subject/field is equally valid when compared to someone who actually knows what they're talking about.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 6:29am

    There are a few [challenges] that I can identify. One is that we don't actually truly understand the economics and psychology behind cybersecurity. We know that a huge number of intrusions rely on known fixable vulnerabilities... We know that intruders get in through those holes that we know about that we could fix. The question is, 'Why don't we do that?' That clearly leads me to the conclusion that we really don't understand all of those economics and psychology well enough.
    Uh-oh. Talking about fixing vulnerabilities? Now Mr. Daniel is going to have a nasty run-in with the NSA, who will no doubt thoroughly and vigorously explain to him how important it is to them that the public remain vulnerable to being attacked, since attacking a vulnerable public is the NSA's main line of work.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 6:46am

    one of my sayings is that 'expediency trumps cybersecurity every time' meaning that people will prioritize convenience over being secure many times. So you need to have the understanding of those kinds of factors: the psychology, the economics, the broad policy
    But we know why people prioritize convenience over security - because they're not technical. Just like you.

    Jesus, talk about the blind leading the blind - to try to figure out why blind people are blind.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Roland Hesz, Aug 22nd, 2014 @ 6:47am

    Where does he dismiss the need for technical knowledge?

    "You don't have to be a coder" and " being too down in the weeds at the technical level could actually be a little bit of a distraction" doesn't actually translate to "technical knowledge is unimportant".

    It translates to what you actually admit: focusing purely on the technology is not enough.

    Can you add a quote to the article where he actually says that technical knowledge is not important?
    Because in the quote above he never said that.

    I am quite happy to believe that he did say that, but an actual quote would be great.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    New Mexico Mark, Aug 22nd, 2014 @ 6:53am

    Re:

    Part of the problem is that people with real depth of knowledge and wisdom tend to be quieter and sometimes more serious. In a reality TV culture, that makes for lousy entertainment.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 6:56am

    Dude you expect me to know this shit , I come here to collect a pay check and to soak up all the lobby money ,
    sounds like a lot of our government employees.

    This why when you make a call to government offices they put you on hold for so long , so they can google the answers to your questions.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Roland Hesz, Aug 22nd, 2014 @ 6:56am

    Re: Re:

    That is definitely true.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    houndazs (profile), Aug 22nd, 2014 @ 7:00am

    Re: Expert

    not before this one does! I hope you have a clearance..... :)

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 7:05am

    Uhm ... I wonder if I can somehow twist my ignorance into being a good thing at a job interview

    "see, all of your other employees are very knowledgeable and experienced and educated. This deters them from looking at the broad picture. My ignorance here helps me look at the broad picture because I don't let details and facts get in the way of my perspective."

    Imagine if a doctor tried to advertise his ignorance as a way to look at the broad picture of the patient's health.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 7:08am

    Re:

    See, his ignorance makes him more open minded. He's open minded to more ideas that anyone feeds him since he won't be so critical of any (bad) ideas.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 7:09am

    Mike, I think you missed another insight from his comments - and it could be a big one.

    He might be talking so much about the "economics" of cybersecurity, because he intends to get NSA/US to steal a lot of data for economic purposes.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 7:10am

    Re:

    Me too. I think I might even be more qualified than you. Perhaps if they give us a test we can see who gets the worst score.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Jason, Aug 22nd, 2014 @ 7:14am

    Re:

    I'm reminded of the general disgust I felt for the various Senators/Representatives back during... oh, I can't remember any more, maybe it was the SOPA hearings? Something like that.

    The sheer delight that so many of these people take in not knowing anything about the subject they're supposedly meant to be in charge of astonishes me.

    I don't necessarily expect a Senator, say, to know everything about the technical topic of the day, but if a hearing is coming up one would think they'd take at least a little time beforehand and get familiar with the major points. (And it would be nice if they would refrain from wearing their ignorance as a badge of honor and then laughingly request some "nerds" to come in and explain it to them.)

    But a department chief, and people in similar positions, really should have some practical knowledge of what their job entails.

    "I'm not a doctor, but I can run this hospital."
    "I'm not an engineer, but I'll manage this bridge construction project."
    "I'm not a sailor, but I can command this ship."

    I don't think anyone could get away with making any of those statements out in the real world. Why do we put up with it in government?

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    That One Guy (profile), Aug 22nd, 2014 @ 7:22am

    Re: Where does he dismiss the need for technical knowledge?

    Problem is, even if he does believe that technical knowledge is important, by being completely clueless about the field himself, he has no way of knowing if someone that works for him knows what they're talking about, or if they're just bluffing/lying/being misleading, and as such, he has no real way to chose who is right for a given job, or decide which, if any, suggestion/plan from his subordinates makes more sense, and should be put into use.

    To someone who has no experience or knowledge in a given field, a brilliant, but technical idea, and a stupid, also technical idea, both sound the same.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Roland Hesz, Aug 22nd, 2014 @ 7:32am

    Re: Re: Where does he dismiss the need for technical knowledge?

    I completely agree with what you write, but that is not the same as dismissing the need for technical knowledge - the claim of the article.

    Now all we need is a link/quote that proves that the guy is really clueless and include that in the article to give a solid foundation to the arguments made. I am pretty sure that such a quote or website can be found with no problem.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    John Fenderson (profile), Aug 22nd, 2014 @ 7:33am

    The economics of security

    I don't know why he thinks the economic aspect of security isn't well-understood. It is (as well as any economic aspect is understood, anyway). The economic principles of security don't change just because you add the horrendous prefix "cyber-" to it.

    Perfect security is literally impossible. You can throw more resources into security to require more resources to be used to subvert it, but there's a law of diminishing returns involved. Because of this, security is always subject to a cost/benefit analysis. Sometimes, that analysis indicates that the best security is relatively light, sometimes the best security is to lock everything down as tightly as possible regardless of costs.

    The economics of security, at heart, don't really differ much from the economics of safety (or anything else, really).

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 7:36am

    I mean, well, he's from the Whitehouse. Aren't they the same people who, actually, doesn't understand how democracy and, more importantly, how our Constitution work??... Just a shame that we elected most of them.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    John Fenderson (profile), Aug 22nd, 2014 @ 7:37am

    Re: Where does he dismiss the need for technical knowledge?

    What stood out to me about his "you don't have to be a coder" line is that he's confusing things a bit. You also don't have to be a coder to understand the issues around computer security and how to address them. The code just implements the concepts. You can understand the concepts without knowing how to implement them in code.

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    John Fenderson (profile), Aug 22nd, 2014 @ 7:39am

    Re:

    "see, all of your other employees are very knowledgeable and experienced and educated. This deters them from looking at the broad picture."

    I've interviewed a lot of people over the years for software engineering jobs. Would it surprise you to learn that two of the interviews I remember the most were ones where the candidate made that exact argument? They didn't get the job.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 7:51am

    Re:

    Not like the last administration was any better.

    This seems to be typical of politics, really.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Roland Hesz, Aug 22nd, 2014 @ 8:09am

    Re: Re: Where does he dismiss the need for technical knowledge?

    He gave that as an answer to a question which we don't see here.
    Was he asked about coding experience? If yes, then a "you don't have to be a coder..." answer can be appropriate.

    Especially when someone is responsible for policies and not the technology.

    Listening to the actual interview it seems his role is more selling the policies and solutions to budgeting people than actually figuring out what to code. His title "coordinator" and not "implementer" already hints at this.

    In the meantime the question was: "How much do you have to know about the technology behind information security for this position [coordinator]?"
    FULL ANSWER: "You actually have to start to develop a broad sense of the kinds of technology that's available but you don't have to be a coder"

    So we are mocking a guy who is a project/resource manager for not being a deep level coder.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 8:30am

    Typical

    Sounds like the big company I work for: the less you know and the more incompetent you are, the higher you will go.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 8:32am

    Re: Re: Re: Where does he dismiss the need for technical knowledge?

    Listening to the actual interview it seems his role is more selling the policies and solutions to budgeting people than actually figuring out what to code. His title "coordinator" and not "implementer" already hints at this.

    But if he doesn't know anything about what he's selling, how does he know he's selling the correct solutions?

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    bshock, Aug 22nd, 2014 @ 8:42am

    in first

    No one has mentioned the Dunning-Kruger Effect yet. This individual is practically the U.S. Poster Child for it: someone so ignorant of a subject that he's too ignorant to appreciate his own ignorance.

    Which makes him sound very much like every MBA I've ever known. That's practically part of their curriculum.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Roland Hesz, Aug 22nd, 2014 @ 8:44am

    Re: Re: Re: Re: Where does he dismiss the need for technical knowledge?

    Who said he doesn't know anything? I mean apart from this article.
    Or you think that one has to know everything down to the code level to know anything about something? :)

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    John Fenderson (profile), Aug 22nd, 2014 @ 9:04am

    Re: Re: Re: Where does he dismiss the need for technical knowledge?

    "we are mocking a guy who is a project/resource manager for not being a deep level coder."

    I'm not. I'm defending him on this point.

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    John Fenderson (profile), Aug 22nd, 2014 @ 9:08am

    Re:

    That's a criticism that would more properly be applied to the entire government, not just the white house. As an aside, aren't there only two jobs in the white house that we elect people into? President and Vice President? I could be wrong, but I think most of the White House positions are appointed.

    I also think that the criticism isn't apt. I think that most of the people in the federal government understand very well how democracy and the Constitution work. It's just that sometimes they ignore it.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Roland Hesz, Aug 22nd, 2014 @ 9:17am

    Re: Re: Re: Re: Where does he dismiss the need for technical knowledge?

    Sorry, I didn't mean you, that was my mistake. Sloppy phrasing on my part.

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    Chronno S. Trigger (profile), Aug 22nd, 2014 @ 9:20am

    Re: Where does he dismiss the need for technical knowledge?

    I kinda agree with Roland Hesz here. Yes, if you read between the lines it can be seen that he doesn't have any advanced knowledge of security, but he shouldn't. He's suppose to be in charge of a team of experts. Those experts are suppose to be the ones with advanced knowledge of specific areas of security.

    His team is suppose to have that advanced, specific knowledge. His job is to make sure that the person with the right knowledge is in the right place at the right time. You don't need to know the weeds, you just need to be smart enough to listen to the people who do.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Matthew A. Sawtell, Aug 22nd, 2014 @ 9:30am

    Hm...

    ... if this guy is not the most ideal rube for a social engineering hack, I do not know who is.

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    Ninja (profile), Aug 22nd, 2014 @ 9:32am

    Re: I wish you were kidding, too

    Fun fact: not all in politics are there because of their technical competence but rather because they are friend$ with someone.

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 9:50am

    any information on how this moron got the job? what about what other moron gave him the interview? both should be dismissed forthwith and replaced with a couple of idiots. at least they would admit to what they are!!

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 9:57am

    that's the whole administration in a nutshell.

    Act like they know what they are doing and intimidate anyone that exposes their cluelessness

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Case, Aug 22nd, 2014 @ 10:00am

    Cyber!

    Can we please stop using the word Cyber?!, when I have a bionic arm with razors coming out of my fingers or I need and interface jack to operate my direct to brain computer we can talk about CYBERNETIC security, sheesh life is NOT a William Gibson novel.

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 10:15am

    Re: Re: Where does he dismiss the need for technical knowledge?

    It looks like this guy values his managerial skills over his domain knowledge. One hopes he is effective in using this to get his team in position to get the job done.

    There is a reason why high ranking officers in the military are called "generals".


    However, not everyone who makes a high level position has this essential skill.

    There is a reason for the popularity of Scott Adams' Dilbert comic strip and the Peter Principle.

     

    reply to this | link to this | view in thread ]

  43.  
    icon
    Nicola (profile), Aug 22nd, 2014 @ 10:23am

    Think different

    I feel much safer.

    If there was real danger they would put someone competent in charge.

    So this is actually proof there is no danger - so you should feel safer!

     

    reply to this | link to this | view in thread ]

  44.  
    icon
    Mason Wheeler (profile), Aug 22nd, 2014 @ 10:39am

    People who don't spend much time with these things view cybersecurity and technology as a kind of "magic." But it's not.

    I dunno. As a programmer, I spend my days creating and fine-tuning arcane formulae composed of complex, often bizarre symbols, ordered according to cryptic rules and priorities that would drive a mere mortal mad to think about too deeply (or at least really, really confuse them) in order to produce incantations that, once invoked, perform effects that alter the world.

    What am I if not a modern-day mage?

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    David, Aug 22nd, 2014 @ 11:03am

    At least he is consistent...

    ... with the rest of his peers in the White House. From top to bottom, they don't know anything about the basics of their jobs either.

     

    reply to this | link to this | view in thread ]

  46.  
    icon
    Mason Wheeler (profile), Aug 22nd, 2014 @ 11:04am

    Re: Cyber!

    We're getting closer to that all the time.

    Just a few months ago, a woman with a bone growth condition that caused her skull to thicken out of control, putting horrible pressure on her brain, had her entire skull surgically removed and replaced with a 3D-printed prosthesis. The prosthesis is inert and not robotic, but... just think about that. There is a woman alive today, walking around as a functioning member of society, with an artificial skull!

    Just five years ago, that would have been considered "something from a William Gibson novel." Today it's reality.

    For decades now we've had people who are only alive because they have had an artificial heart or a cybernetic heart-control implant (pacemaker) added into their body. Now they're making pacemakers that run on software. What is a person bearing that if not a cyborg? That's reality today.

    Heeeeeeeey, welcome to the future! Somehow it went and arrived on us while we were all busy in the present.

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 11:04am

    Re: See it this way:

    Bad analogy...

    You might want someone that's an expert on real life drug effects on health and society in general running things - otherwise how do you know if what you're doing is actually effective?

    Oh...well yes, right - that's not actually necessary in the "War on drugs" - which is why we're still running this war.

     

    reply to this | link to this | view in thread ]

  48.  
    icon
    Mason Wheeler (profile), Aug 22nd, 2014 @ 11:07am

    Re: Re: Cyber!

    Argh, stupid comment system eating my links and not letting me edit things.

    https://www.youtube.com/watch?v=Y0Yg9wjctRw

     

    reply to this | link to this | view in thread ]

  49.  
    icon
    Chronno S. Trigger (profile), Aug 22nd, 2014 @ 11:33am

    Re: Re: Re: Where does he dismiss the need for technical knowledge?

    Oh, you're absolutely right. Not a lot of people can be good managers. However, the quotes given don't suggest anything ether way for Michael Daniel. It doesn't speak negatively for him, but it also doesn't speak positively ether.

    What we do know is that he's a politician. He used a lot of words to say absolutely nothing.

     

    reply to this | link to this | view in thread ]

  50.  
    identicon
    Raging Alcoholic, Aug 22nd, 2014 @ 11:34am

    Re:

    Barack Obama is undoubtedly a smart guy but his administration uses the the stupid card a lot. He wanted a government of academics so why does lack of knowldege seem to be his best defense.
    Hillary Clinton thinks she is the victim of Benghazi.
    The IRS can't find its emails.
    The attorney general is being persecuted.

    These are the kinds of excuses you would expect to hear from children in the 7th or 8th grade.

    I don't like George Bush but atleast he knew to shut up and let his generals fight a war.

     

    reply to this | link to this | view in thread ]

  51.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 11:50am

    Re: Re:

    I work for an engineering firm, and project managers aren't always engineers. So that's not a good example.

     

    reply to this | link to this | view in thread ]

  52.  
    icon
    Mason Wheeler (profile), Aug 22nd, 2014 @ 12:07pm

    Re: Re: Re:

    At my last job, the boss was an engineer. He reported directly to the CEO, who was not. Just about everything good, everything successful, that the company had ever done had my boss's fingerprints in it somewhere.

    At my current job, the boss I work for *is* the CEO. He's an engineer. Things are pretty successful here. I don't think I'd ever want to work in a technical job for a boss who's not technical.

     

    reply to this | link to this | view in thread ]

  53.  
    identicon
    Roland Hesz, Aug 22nd, 2014 @ 12:16pm

    Re: Re: Re: Re: Where does he dismiss the need for technical knowledge?

    "He used a lot of words to say absolutely nothing."

    Reminds me of people working at banks.
    "We made no progress" is four words, but they can talk for 15 minutes implying but never actually saying it.

    "One mistake and you're out" culture does that to people.

    Not holding my breath, but let's see how he will do it.
    (Although, let's admit, it will be pretty tough to assess the results properly)

     

    reply to this | link to this | view in thread ]

  54.  
    identicon
    TestPilotDummy, Aug 22nd, 2014 @ 1:20pm

    War by Deception

    I don't buy it.
    It's dis-information.
    You going to tell me the NSA doesn't do this?
    This dude is a FACE on a coverup.

    What the hell is "cyber" anyway? Did you mean computer and electronics security? why not just say that?

    If he truly doesn't have any tech under the belt, then he's condemned to a leadership roll and playing by the new socialist utopia agenda and silver bullet failures, meanwhile publicly talking about vision, or the future while using fear and rolling it out with un-accountable, un-auditable (fuck sounds like voting machines again) sub-contractors

    It's a hidden invisible disaster essentially rolling in slow and fast motion

     

    reply to this | link to this | view in thread ]

  55.  
    identicon
    TestPilotDummy, Aug 22nd, 2014 @ 1:23pm

    Re: War by Deception

    That sucker ought to be talking about protecting the GRID from el SOL / EM

    Where is that dialog? On Coast to Coast AM? give me a break....

    This war on whatever is all BS.

     

    reply to this | link to this | view in thread ]

  56.  
    identicon
    You know me, Aug 22nd, 2014 @ 2:00pm

    Clearly a product of affirmative actions. Seen these incompetent morons a lot.

     

    reply to this | link to this | view in thread ]

  57.  
    icon
    ECA (profile), Aug 22nd, 2014 @ 2:55pm

    Politician=Plumber?
    Politician=Technogeek?

    To anyone that knows much about OS's, Programming, hardware, hardware coding, Servers, and in all that, vulnerabilities and restrictions of ALL of the above..
    There are things that hardware can do, and things Programming can do, and Something that can be done on both sides..
    Being able to BUILD a computer and install an OS, is nothing to the knowledge needed for this job.

     

    reply to this | link to this | view in thread ]

  58.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 3:16pm

    Re: Re: Re: Where does he dismiss the need for technical knowledge?

    Indeed. I was looking at the quotes and thinking "Hey... I've said things like that myself!"

    And yeah, I'm a computer security analyst, and I've actually got video on the interweb recording me saying things like that, so there :)

    Everything he said was true, except the bit at the end worries me:
    "That clearly leads me to the conclusion that we really don't understand all of those economics and psychology well enough."

    If by "we" he means his department, that's a problem. The NSA and CIA should be able to help him there, as that's THEIR job.

    Plus, the economics and psychology are extremely well known in the field; there are presentations and papers on these topics at every major security conference. What we don't know is what the solutions to people being social animals are.

    I think of (in)security as being similar to the recent discovery that the ability to become cancerous is an innate part of cellular structure -- what the cybersecurity force should be focusing on is "what makes people click those links, and what processes can we put in place to stop that?" Because it's obvious the bad actors know; it comes down to statistics at some level.

    So yeah; he doesn't sound all that clueful in the selected quotes, but he also doesn't sound stupid. I'd also be interested to see what sort of people work as his advisers, as that will indicate whether he's actually clueless or not.

    But then, nobody in the computer security field prefixes anything with "cyber" -- not his fault, but "cybersecurity" ALWAYS refers to the political side of the issue, not the technical details.

     

    reply to this | link to this | view in thread ]

  59.  
    icon
    nasch (profile), Aug 22nd, 2014 @ 4:04pm

    Re: Think different

    If there was real danger they would put someone competent in charge.

    You have more faith in our government than I do.

     

    reply to this | link to this | view in thread ]

  60.  
    icon
    George Capehart (profile), Aug 22nd, 2014 @ 4:51pm

    Re: I wish you were kidding, too

    The challenges are enormous. The risks are numerous. The technology is complex. The scale is huge. All of those factors beg for someone with long, deep and broad security expertise, not for someone who's a self-pronounced newbie.

    Yea, verily. But for me, the worst part is that no one in the hiring process had enough clue to realize the guy was blowing smoke up their a**es . . .

     

    reply to this | link to this | view in thread ]

  61.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 6:53pm

    Re:

    " Sounds like jealous nitpicking"

    Well, sure, most people have to earn a living. If they want a higher paying job they need to study a more difficult field and be knowledgeable. So how do government employees get away with being idiots with nice pay? Everyone else should be jealous, even those that get paid more in the private market, because they earn their living through being knowledgeable and intelligent and going through the hard work of learning what's needed. Government employees get nice pay for being idiots.

     

    reply to this | link to this | view in thread ]

  62.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 6:57pm

    Re: Re: Re: Re:

    On civil engineering projects in particular, there is often the construction manager who is responsible for the engineering, then above him the overall manger who is also responsible for all the things like project financing, land-take, easements, compensation, regulatory affairs, pre-work decontamination, and basically everything which isn't putting up the structure. (Sometimes fit-out is managed separately from construction too, which has advantages and disadvantages.)

     

    reply to this | link to this | view in thread ]

  63.  
    identicon
    Anonymous Coward, Aug 22nd, 2014 @ 10:48pm

    Re: War by Deception

    "What the hell is 'cyber' anyway?"

    That's the term for people who punch through the firewall and hack the mainframe so that they can open a port, which lets them break the encryption of the command codes.

     

    reply to this | link to this | view in thread ]

  64.  
    icon
    Uriel-238 (profile), Aug 22nd, 2014 @ 11:23pm

    Meh, Junkies not so bad...

    While I wouldn't necessarily want an active junkie leading a (legitimate, non-WAD) anti-drug campaign, I think I'd want a few sober junkies on the board of advisors, if not the board of directors.

     

    reply to this | link to this | view in thread ]

  65.  
    identicon
    Anonymous Coward, Aug 23rd, 2014 @ 4:09am

    US Cyberguru and Canada Cyberguru - Dumb and dumber

    A brilliant choice for the head of cybersecurity... cough... cough... It seems that the skill level to lead the US cybersecurity needs only to know how to smooze around the cocktail circuit in Washington. While on the other hand, the Chinese and Russians actually have cybersecurity ( or more approporiately anti-cybersecurity ) experts. No wonder the Chinese and Russian state sponsored hackers are punching holes in all commercial and government IT infrastructures. Oh wait... the US cyber-guru-guy doesn't need to know anything computer related because his counterparts over at the CIA and NSA know the little things that make up cybersecurity defense and offensive measures. At least the US cyberguru is in good company... as his counterpart up in Canada is also a political hack appointed to the position based on who he knows on the cocktail circuit and not in the realms of cybersecurity.
    .
    Heck... even Al Qaeda and ISIS (ISIL) have people in their cyber-operations units that know more about cybersecurity then the fools allegedly trying to protect North America.

     

    reply to this | link to this | view in thread ]

  66.  
    icon
    nasch (profile), Aug 23rd, 2014 @ 6:58am

    Re: US Cyberguru and Canada Cyberguru - Dumb and dumber

    It seems that the skill level to lead the US cybersecurity needs only to know how to smooze around the cocktail circuit in Washington.

    It seems that the skill level to lead the US (anything) needs only to know how to smooze around the cocktail circuit in Washington.

     

    reply to this | link to this | view in thread ]

  67.  
    icon
    John Fenderson (profile), Aug 23rd, 2014 @ 9:09am

    Re:

    Indeed. I've been saying this for decades. But I think he meant magic in the supernatural sense, not in the strictly accurate sense (magic is the manipulation of reality through symbology)

     

    reply to this | link to this | view in thread ]

  68.  
    icon
    John Fenderson (profile), Aug 23rd, 2014 @ 9:12am

    Re: War by Deception

    "Cyber" is the hackneyed magic incantation that changes everything.

     

    reply to this | link to this | view in thread ]

  69.  
    icon
    MrTroy (profile), Aug 24th, 2014 @ 7:32pm

    Re:

    But we know why people prioritize convenience over security - because they're not technical. Just like you.

    Actually, people prioritise convenience over security because they usually need to get something done more than they need to stop someone else from doing something (undefined) that they're not supposed to be doing.

    I'm technical (coder by profession and hobby), and I try to set up systems that are as convenient as I can justify, partially because I think that anything less convenient will also end up being less secure, because people (including me) will find ways around the security out of sheer frustration.

    In that sense, there are some parallels between security/technology and economics, and Bruce Schneier regularly talks about the economics of security.

    Michael Daniel, on the other hand, sounds like someone who has read one or two of Bruce Schneier's essays without actually understanding them, but thinks he does. I mean, seriously... That clearly leads me to the conclusion that we really don't understand all of those economics and psychology well enough. ... then perhaps you should check up on some of the research (or even realise that somone else is already doing the research!), and ask someone qualified to understand the results what it means. If you're willing to do (coordinate) that, then I don't care if you personally don't know what it means.

     

    reply to this | link to this | view in thread ]

  70.  
    icon
    MrTroy (profile), Aug 24th, 2014 @ 7:43pm

    Re: Re:

    Oh heck. Just saw the pop-up for a webinar behind the "thinks that's a good thing" link:

    How to Properly Manage Identities and Secure Documents Within Government Agencies
    Within the government space, trust is essential...

    Unfortunately trust doesn't work that way within the security space - there, "trust" is another term for "vulnerability".

    You only "trust" something because you have no way to verify it. If you can verify it, there's no need to trust it. Then again, that seems like it applies just as well to governments, maybe they need a new webinar series...
    How To Properly Manage And Interact With The Public Within Government Agencies
    Within the government space, transparency and the ability to verify are essential...

     

    reply to this | link to this | view in thread ]

  71.  
    icon
    MrTroy (profile), Aug 24th, 2014 @ 8:10pm

    Re:

    I've always had a soft spot for this particular incantation, because it's a recipe for life!
    ↑1 ⍵∨.∧3 4=+/,¯1 0 1∘.⊖¯1 0 1∘.⌽⊂⍵

    Source: http://dfns.dyalog.com/c_life.htm

     

    reply to this | link to this | view in thread ]

  72.  
    icon
    Seegras (profile), Aug 25th, 2014 @ 4:05am

    Re: Cyber!

    > life is NOT a William Gibson novel.

    Well, this dystopian future we're running into sounds very much like a William Gibson novel.

     

    reply to this | link to this | view in thread ]

  73.  
    icon
    Seegras (profile), Aug 25th, 2014 @ 4:14am

    Bullshit Jobs and Clueless Lawmakers

    I think this is related:
    http://strikemag.org/bullshit-jobs/
    This here too:
    http://www.psmag.com/navigation/politics-and-law/sopa-debate-highlights-congresss-ignorance-38666/
    As are recent phenomena like "creationism".

    There's a culture developing, where knowledge, science and craft are de-valued.

     

    reply to this | link to this | view in thread ]

  74.  
    icon
    John Fenderson (profile), Aug 25th, 2014 @ 8:47am

    Re: Bullshit Jobs and Clueless Lawmakers

    "There's a culture developing, where knowledge, science and craft are de-valued."

    It's called "anti-intellectualism". It's pernicious and terrible, but it's been around in the US for a VERY long time.

     

    reply to this | link to this | view in thread ]

  75.  
    identicon
    Anonymous Coward, Aug 25th, 2014 @ 12:34pm

    Re: Re:

    I believe that that is what we call MBA disease.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.