# The Army Wants To Recruit Cyber Experts By Hiring Civilians At Rank Of Colonel



## RackMaster (Feb 20, 2017)

Don't know if this is the solution.  Pay seems to be the deciding factor, so hire more contractors.  @AWP want to wear the uniform again?  lol

The Army Wants To Recruit Cyber Experts By Hiring Civilians At Rank Of Colonel


----------



## Marauder06 (Feb 20, 2017)

Pay is not and has never been the issue.  We could hire them as contractors and pay them oodles of money; they would probably take a pay cut if they came into the service in uniform instead of as a contractor.  It's all about the prestige of being a senior field grade officer.  This is a terrible idea for the profession.


----------



## Grunt (Feb 20, 2017)

They would never be respected. They haven't earned any of that rank. Let them be contractors...but, they are not Colonels and never will be.


----------



## Ranger Psych (Feb 20, 2017)

Contractors work when you have a need for expansion but not permanent placement. This is permanent, as the cyber infrastructure isn't going anywhere.

Honestly, technical pay + a dedicated reserve unit would probably fit the bill here. Let them double time.


----------



## Marauder06 (Feb 20, 2017)

That's another reason why this is a bad idea.  We only need people with these skills until we can grow them in-house.  

Officers are seldom the "doers" in the military.  Exceptions that come to mind include doctors... who AFAIK might be the only ones who come it at field grade rank.  If they want to be in the Army so bad, let them come in as 2LTs or as company-grades and let them work their way up.  Or make them warrant officers.

This has the potential to become highly politicized as well.  Bad idea all the way around and unnecessary.


----------



## Ooh-Rah (Feb 20, 2017)

Agoge said:


> They would never be respected. They haven't earned any of that rank. Let them be contractors...but, they are not Colonels and never will be.



Wouldn't it be "honorary" rank though?  I was watching an old MASH the other day and a grunt told one of the doctors (a captain) to go F himself because his rank was only valid to other medical folks and he had no real authority over "regular Army".


----------



## CDG (Feb 20, 2017)

IDK.  The military is so far behind the civilian sector when it comes to Cyber/IT issues that it needs to do something.  Bringing in some civilian SMEs as 0-6s to help advise/assist the military on what it needs to start doing to improve doesn't seem like a bad idea.  Otherwise we stay stuck in the same loop.  We're never going to get top level talent in those fields by making them come in as 0-1s or 0-3s and treating them like some boot LT with no experience.  This is one of those times where the military needs to know what it doesn't know, swallow its ego, and fix the issue.


----------



## Grunt (Feb 20, 2017)

Ooh-Rah said:


> Wouldn't it be "honorary" rank though?  I was watching an old MASH the other day and a grunt told one of the doctors (a captain) to go F himself because his rank was only valid to other medical folks and he had no real authority over "regular Army".



Brother, you see a "Colonel" at the PX and he is a Colonel...that's all that matters. No one knows honorary from authentic. You want Colonel...earn it. If not, be a contractor or whatever they want to call you. I don't like people having things they didn't earn. But, that's just my opinion.


----------



## Ooh-Rah (Feb 20, 2017)

Agoge said:


> Brother, you see a "Colonel" at the PX and he is a Colonel...that's all that matters. No one knows honorary from authentic. You want Colonel...earn it. If not, be a contractor or whatever they want to call you. I don't like people having things they didn't earn. But, that's just my opinion.



So is that the purpose of the GS?  Gives civilians their own rank/pay rates without the unnecessary confusion of military ranks?  Example, a good friend of mine recently retired from the Corps as a Master Sgt.  She took a few weeks off and then returned to the same warehouse, doing the SAME job, just as a GS instead of an E8.


----------



## Grunt (Feb 20, 2017)

Ooh-Rah said:


> So is that the purpose of the GS?  Gives civilians their own rank/pay rates without the unnecessary confusion of military ranks?  Example, a good friend of mine recently retired from the Corps as a Master Sgt.  She took a few weeks off and then returned to the same warehouse, doing the SAME job, just as a GS instead of an E8.



Correct! We have them where I work. Many of those GS employees were never military, but it gives them the ability to come back in as a civilian worker. I have no problem given them the GS ratings they rate, but they don't need a title that they haven't earned.


----------



## Il Duce (Feb 20, 2017)

Marauder06 said:


> That's another reason why this is a bad idea.  We only need people with these skills until we can grow them in-house.
> 
> Officers are seldom the "doers" in the military.  Exceptions that come to mind include doctors... who AFAIK might be the only ones who come it at field grade rank.  If they want to be in the Army so bad, let them come in as 2LTs or as company-grades and let them work their way up.  Or make them warrant officers.
> 
> This has the potential to become highly politicized as well.  Bad idea all the way around and unnecessary.



Yeah, I've always thought we should go the way of aviation for this - a high level of technical skill and training but focused on operator skills with limited small crew/team leadership is right in the mold of aviation WOs.  Still, I guess the USAF and Navy use commissioned officers so maybe the paradigm adjustment does not fit perfectly.


----------



## SpaceshipDoorGunner (Feb 20, 2017)

I feel like there's already a process in place for this (hiring GS and contractors) and this is just the Army doing what it does best.. Muddle things. It seems to me they could just announce a contract or INSCOM could just expand it's hiring for GS for this issue.


----------



## TLDR20 (Feb 20, 2017)

We had a thread about this somewhere else in regards to something similar I think. It wasn't the same(cyber) but a while back there was talk to this end...


----------



## Red Flag 1 (Feb 20, 2017)

[Q


----------



## RackMaster (Feb 20, 2017)

CDG said:


> IDK.  The military is so far behind the civilian sector when it comes to Cyber/IT issues that it needs to do something.  *Bringing in some civilian SMEs as 0-6s to help advise/assist the military on what it needs to start doing to improve doesn't seem like a bad idea.  *Otherwise we stay stuck in the same loop.  We're never going to get top level talent in those fields by making them come in as 0-1s or 0-3s and treating them like some boot LT with no experience.  This is one of those times where the military needs to know what it doesn't know, swallow its ego, and fix the issue.



They can hire advisors to do that, they don't need a uniform.


----------



## CDG (Feb 20, 2017)

RackMaster said:


> They can hire advisors to do that, they don't need a uniform.



Working on the GS pay scale does not afford the same benefits as being a uniformed military member.  They will need those benefits to help pull in that level of talent, considering what these people can make in the private sector.


----------



## Kraut783 (Feb 20, 2017)

Not much promotion potential from there tho, COL forever?


----------



## Ranger Psych (Feb 20, 2017)

CDG said:


> Working on the GS pay scale does not afford the same benefits as being a uniformed military member.  They will need those benefits to help pull in that level of talent, considering what these people can make in the private sector.



And that's where we come full circle.

Make them O's, and they'll be operating outside the purview of what officers do, which is keep a chair warm and take credit for go/nogo of their subordinates. Not something you'd be hunting to do with these guys.
Enlisted doesn't pay them what they're worth. GS wouldn't really pay them what they're worth either, and there's nothing that makes it so people have to listen to them, either.

Contractor, AWP can handle that nut roll... just because you have technically competent if not stellar personnel as your contractors, your AD staff may very well just blow them the fuck off.

So, the only valid solution is Basic/WOCS with a technical proficiency bonus/additional pay.  After all, when the Warrant walks in with a cup of coffee and says "yeah, um, no don't do that, let's do this instead" it doesn't matter what rank you are, you listen because that guy knows his shit.


----------



## Marauder06 (Feb 20, 2017)

Ranger Psych said:


> And that's where we come full circle.
> 
> Make them O's, and they'll be operating outside the purview of *what officers do, which is keep a chair warm and take credit for go/nogo of their subordinates*. Not something you'd be hunting to do with these guys.
> Enlisted doesn't pay them what they're worth. GS wouldn't really pay them what they're worth either, and there's nothing that makes it so people have to listen to them, either.
> ...



Yep, you're right, that's all officers do.


----------



## SpaceshipDoorGunner (Feb 20, 2017)

Ranger Psych said:


> And that's where we come full circle.
> 
> Make them O's, and they'll be operating outside the purview of what officers do, which is keep a chair warm and take credit for go/nogo of their subordinates. Not something you'd be hunting to do with these guys.
> Enlisted doesn't pay them what they're worth. GS wouldn't really pay them what they're worth either, and there's nothing that makes it so people have to listen to them, either.
> ...




I feel like this is alleviated with good leadership supporting that SME. (Foreign concept to some people with rank entitlement) I've never personally disrespected GS or contractors working with us/working within the IC, because it was always clear (or made clear to me) that their GS level came with a military rank equivalent of benefits/treatment, and that they are supposed experts in their field. I can see it happening, but I don't think this will be as big of a deal that we now need direct commission O-6s to address this potential problem. The people that are going to stir up a nest of shit would probably be incredibly difficult to work with as a green suiter anyway. 

Sending these people straight to WOCS doesn't necessarily mean they have the capacity to work at the level of a WO anyway. They aren't familiar with BN/BDE/Group/Corps/whatever level of function,  and may not have the familiarity and contacts built up that your typical WO should have. (It really pays dividends to know the who's who in the IC/Cyber/INSCOM, etc) In my opinion, the solution for this is to hire contractors in the interim while they incentivize senior 35Q/17C/25D MOS and equivalents to attend their services WOCS equivalent.


----------



## AWP (Feb 20, 2017)

This is a dumb idea and while many of the suggestions/ solutions in this thread are great they will almost never happen. There's the right way and the gov't way, so guess which on will win?

- Bringing them in at any officer rank is just a bad idea
- I'd love the see the list of requirements to justify an instant O-6 (or any officer rank for that matter). The certs needed would have to be astronomical.
- Growing your own service members is a non-starter unless you cut manpower elsewhere or dump a ton of money and time on the problem. The number of contractors working cyber security is staggering. For example, AFCENT's cyber security group is a bunch of CTR's and a few officers and NCO's. I think a Captain is the chief of cyber security for the whole AOR. We'd drop a Colonel into the mix. HAHAHAHAHAHAHA!!!!!
- "Contractors" is a thread until itself. We need contractors in large numbers but we're cutting their salaries. Once you're in the system it can be difficult to fire one and worse if the company is a pile of crap like "Stockheed Bartin." Unless the military is willing to step in and fire a contractor for performance (it has every right to but rarely does) they are "blood in, blood out."
- There are almost no repercussions in uniform and out for performance failures. CTR, GS, or Mil, you can do almost anything and get away with your garbage.

Those are basics, I can address other points if anyone's interested.

(Contracting since 2004, current IA/ Network Lead for a major C2 project overseas)


----------



## 104TN (Feb 20, 2017)

AWP said:


> ...
> - I'd love the see the list of requirements to justify an instant O-6 (or any officer rank for that matter). The certs needed would have to be astronomical.
> ...



Speaking solely as a tax-payer, I'd much rather see a focus on recruiting civilian thought leaders with proven track records fostering innovation within their teams and solving rapidly evolving infrastructure challenges than looking for PHBs with oodles of paper certs. 

Given the challenges McGee was quoted as saying the Army is trying to solve, I don't know that trying something new is necessarily bad. I get there's a lot of history and ego at stake when you're talking about recruiting a field grade O off the street, but as the title of the Marshall Goldsmith book summarizes, "what got you here won't get you there." 

Having the clout of an O6 puts these potential leaders in a position where they can solve a lot of their own problems and potentially disrupt the status quo in the process. Nobody is going to tell a Direct Commission neurosurgeon to get f*cked just because they didn't spend two decades in uniform becoming an O6. Part of that is because said Doc probably spent that same amount of time in school, residency, and fellowships to become the kind of skilled subject matter expert that warranted being commissioned as a Colonel. 

I hope the folks the Army targets to bring in at this level to support the Cyber mission will be as equally impressive and just as deserving of that type of deference.


----------



## AWP (Feb 21, 2017)

rick said:


> Speaking solely as a tax-payer, I'd much rather see a focus on recruiting civilian thought leaders with proven track records fostering innovation within their teams and solving rapidly evolving infrastructure challenges than looking for PHBs with oodles of paper certs.
> 
> Given the challenges McGee was quoted as saying the Army is trying to solve, I don't know that trying something new is necessarily bad. I get there's a lot of history and ego at stake when you're talking about recruiting a field grade O off the street, but as the title of the Marshall Goldsmith book summarizes, "what got you here won't get you there."
> 
> ...



Which is a great POV, but the problem with an O-6 is one of slots. Take a major command like AFCENT. The A6 is headed by a Colonel as is his Army counterpart. Brining in an O-6 either places them at a major command like CENTCOM or permanently At the Pentagon or a cyberwarfare command. Many of those positions are currently manned by career comm officers providing most of them their only shot at O-6. We'd have two or more O-6's on staff without conflict? If we need their managerial/ technical expertise then they should be GS-15's or something like that for pay.

Something needs to change. Hard, painful changes to be honest, but I think we're back to the right way vs. the gov't way. This is ultimately a problem best solved via money and are we prepared for that battle?


----------



## Ranger Psych (Feb 21, 2017)

Marauder06 said:


> Yep, you're right, that's all officers do.



You know I am being facetious.  You guys also drink the lions share of the coffee the E's made for the CSM.



SpaceshipDoorGunner said:


> Sending these people straight to WOCS doesn't necessarily mean they have the capacity to work at the level of a WO anyway. They aren't familiar with BN/BDE/Group/Corps/whatever level of function,  and may not have the familiarity and contacts built up that your typical WO should have. (It really pays dividends to know the who's who in the IC/Cyber/INSCOM, etc) In my opinion, the solution for this is to hire contractors in the interim while they incentivize senior 35Q/17C/25D MOS and equivalents to attend their services WOCS equivalent.



Never once met a good IT dude in the army, other than our CW2. Not saying there aren't reasonable oned out there, but those that are didn't learn all they know about IT from AIT by a long shot.

Only a Warrant can blow off all the military hyperbole due to the equiv of a shiny bullshit reflector, with black ops sham cloak inserts.  Therefore, instead of having to make every stupid mandatory briefing for hours about insert whatever dumb shit other than full spectrum warfare big army dictates we need training on.... they can dissapear into the warrant warren and do fucking work snd mission related training.  I skipped so many formations and various stupid shit when I was tasked out with our Warrant due to my own level of IT knowhow, letting him work bigger picture stuff while I did less technical, but totally crucial, tasks that made shit like the TOCs be able to actually do the O and C part.

@compforce will most likely attest that as the pro tier it nerd he is, he could have made real shit happen with a half shiny compared to having to fight his fights at the level he was working, with what...3 plus paygrades below what was intended for that type of position?

We bring in people straight off the street with the credentials right now, for flight warrants, surgeon officers, etc.  Surgrons aside, Warrants don't command, they are technical masters.  Cyber defense isn't something you can just learn in a condensed AITesque evironment, let alone Cyber offense.  

Unless you just want a Battalion of script kiddies that will let the entire army get p0wned as soon as the network connection goes live because the app for defending the system that Rockheed Dynamics LTD made is sctually the primary point to attack, escalate privs off of, then pivot from, because it has over 9000 day0 exploits out the gate.

Without requisite schooling and real, real world experience, to understand the true way that you do things instead of manufacturers designed book methods that barely work in perfect deployment scenarios, and the rank to give that knowledge more push, you won't get proper solutions implemented or purchased.


----------



## Isiah6:8 (Feb 21, 2017)

This might be a dumb question so I apologize in advance:

If you bring in the quality of people you would like to and put them on the GS pay scale, why would they leave for the GS scale or Senior/Executive (would that even be an option?) when it comes to pay?  I am missing something since I see that the pay scale caps out at 168k.  If I look at the Executive pay scale it is 205k and that seems to be ~ O7-10.  IT guys in the financial industry are worth their weight in gold, so that might be skewing my perception.


----------



## ThunderHorse (Feb 21, 2017)

They could do this, but they'd have to change the Force Structure, and just because HRC has a cool idea, doesn't mean the rank and file Infantry, Armor, Artillery, and SpecOps guys who run the Army would desire this.  They'd probably be way cool with just handing out Warrants for WO4 and WO5s to bring them in.


----------



## 104TN (Feb 21, 2017)

ThunderHorse said:


> They could do this, but they'd have to change the Force Structure, and just because HRC has a cool idea, doesn't mean the rank and file Infantry, Armor, Artillery, and SpecOps guys who run the Army would desire this.  They'd probably be way cool with just handing out Warrants for WO4 and WO5s to bring them in.



Except a W5 w/20 years in makes ~$87K. I get that there will be a certain element of altruism/Patriotism at play if this program gets off the ground, but if the Army actually needs experienced technologist...that comp. would probably be an insurmountable hurdle for people that are likely hiring junior members to their teams at that same pay level.


----------



## ThunderHorse (Feb 21, 2017)

Then I foresee something along the lines of what MDs get, the 25k incentive bonus every year.


----------



## AWP (Feb 21, 2017)

Isiah6:8 said:


> This might be a dumb question so I apologize in advance:
> 
> If you bring in the quality of people you would like to and put them on the GS pay scale, why would they leave for the GS scale or Senior/Executive (would that even be an option?) when it comes to pay?  I am missing something since I see that the pay scale caps out at 168k.  If I look at the Executive pay scale it is 205k and that seems to be ~ O7-10.  IT guys in the financial industry are worth their weight in gold, so that might be skewing my perception.



It goes back to my earlier posts: what credentials are they looking for when hiring for these positions? Depending upon those requirements you can attract people to fill those slots, but you'll never have the best outside of those with a higher sense of purpose than a bank account. What you would see are contractors bailing left and right, now your rank and file are sitting on top of the pile...which goes back to my earlier point about how do you slot these people within the force structure? You can't have a bunch of GS-13+ sitting in a shop unless you want problems. If your CTR's bail for these new officer or GS positions, what talent will fill the CTR ranks...and remember that a fair number of contractors are, and I say this as one, bags of shit.

You have a finite pool of qualified people and a much smaller pool of those worth a damn. If you are to attract those from outside the existing DoD structure you'll need money and lots of it. As mentioned above, you're looking at Warrant Officers with substantial end of the year and retention bonuses.


----------



## CDG (Feb 21, 2017)

AWP said:


> It goes back to my earlier posts: what credentials are they looking for when hiring for these positions? Depending upon those requirements you can attract people to fill those slots, but you'll never have the best outside of those with a higher sense of purpose than a bank account. What you would see are contractors bailing left and right, now your rank and file are sitting on top of the pile...which goes back to my earlier point about how do you slot these people within the force structure? You can't have a bunch of GS-13+ sitting in a shop unless you want problems. If your CTR's bail for these new officer or GS positions, what talent will fill the CTR ranks...and remember that a fair number of contractors are, and I say this as one, bags of shit.
> 
> You have a finite pool of qualified people and a much smaller pool of those worth a damn. If you are to attract those from outside the existing DoD structure you'll need money and lots of it. As mentioned above, you're looking at Warrant Officers with substantial end of the year and retention bonuses.



Do they need to affect the force structure though?  The Navy has the Limited Duty Officer (LDO) program.  That may be a way to bridge the gap between the warrant pay issue that @rick mentioned, and the force structure problems you foresee.  These SMEs would still be SMEs, and limited to that field, but with the rank on the collar required to actually get things done.  O-3s or contractors are not going to cut it.


----------



## Red Flag 1 (Feb 21, 2017)

CDG said:


> Do they need to affect the force structure though?  The Navy has the Limited Duty Officer (LDO) program.  That may be a way to bridge the gap between the warrant pay issue that @rick mentioned, and the force structure problems you foresee.  These SMEs would still be SMEs, and limited to that field, but with the rank on the collar required to actually get things done.  O-3s or contractors are not going to cut it.



The rank structure/Force structure really is where things get interesting. There are only so many slots for 0-5, 0-6 and above. Who is going to give up 0-6 slots for a civilian to slide into the force structure, with no command training or authority? It will make competition for rank even tighter, costing retention issues even worse than they are right now. 

This waste of rank makes no sense at all.


----------



## Isiah6:8 (Feb 21, 2017)

AWP said:


> It goes back to my earlier posts: what credentials are they looking for when hiring for these positions? Depending upon those requirements you can attract people to fill those slots, but you'll never have the best outside of those with a higher sense of purpose than a bank account. What you would see are contractors bailing left and right, now your rank and file are sitting on top of the pile...which goes back to my earlier point about how do you slot these people within the force structure? You can't have a bunch of GS-13+ sitting in a shop unless you want problems. If your CTR's bail for these new officer or GS positions, what talent will fill the CTR ranks...and remember that a fair number of contractors are, and I say this as one, bags of shit.
> 
> You have a finite pool of qualified people and a much smaller pool of those worth a damn. If you are to attract those from outside the existing DoD structure you'll need money and lots of it. As mentioned above, you're looking at Warrant Officers with substantial end of the year and retention bonuses.



Thanks for the explanation, really appreciate it.  The sense of purpose conversation I tried to steer away from because if someone offered less pay, and different organizational structure they aren't accustomed to, that is a tough conversation to have.


----------



## CDG (Feb 21, 2017)

Red Flag 1 said:


> The rank structure/Force structure really is where things get interesting. There are only so many slots for 0-5, 0-6 and above. Who is going to give up 0-6 slots for a civilian to slide into the force structure, with no command training or authority? It will make competition for rank even tighter, costing retention issues even worse than they are right now.
> 
> This waste of rank makes no sense at all.



What I am saying, is you create a separate structure for these SMEs.  So officers from other branches are not competing against them.  It's a special position created solely for the purpose of having the expertise available, with the commensurate rank needed to actually get things accomplished.


----------



## ThunderHorse (Feb 21, 2017)

CDG said:


> What I am saying, is you create a separate structure for these SMEs.  So officers from other branches are not competing against them.  It's a special position created solely for the purpose of having the expertise available, with the commensurate rank needed to actually get things accomplished.


Within the Navy those slots occupied by LDOs are part of the Force Structure for someone within that MOS.  They would still be a part of the force structure, you either add end strength to the authorization and then create LDO type slots, but folks tend not to respect folks who haven't held a command of some kind.  It's an interesting concept to bring in Civilians and give them rank, it hasn't happened in a very long time.


----------



## Il Duce (Feb 21, 2017)

I don't mean to add a layer of gossip to this but I think it's germane to add BG(P) Frost has one of the worst reputations of any MI officer I have ever come across.  I've heard very open discussion by O-6s about how she ever got selected for GO in the first place.  I've never heard an officer who worked for or with her have a positive view of her decision-making or professional competence.

I've never worked for her but trust the people I've heard those things from.  With that context this strikes me as a terrible idea that's not going to make it off the ground.

That being said, DCGS-A is still kicking around dominating the MI world so what the fuck do I know about predicting good decisions by MI leadership.


----------



## Red Flag 1 (Feb 21, 2017)

[Q


----------



## SpaceshipDoorGunner (Feb 21, 2017)

Ranger Psych said:


> You know I am being facetious.  You guys also drink the lions share of the coffee the E's made for the CSM.
> 
> Never once met a good IT dude in the army, other than our CW2. Not saying there aren't reasonable oned out there, but those that are didn't learn all they know about IT from AIT by a long shot.
> 
> ...




That's a fair point. I guess I'm coming from my bias and understanding of how SIGINT WOs should operate. I still think that the talent could be fostered from the inside by people working the related jobs. The aforementioned MOS (s) could do very well in a Cyber/CND WO position. If they catered this position to those with the talent and passion, and made the application process as difficult (i.e. testing, previous experience, degree, certs) as they do the 17C and 35Q application process, then we could really have something here. I think the Army has a lot of the talent already in service. It just needs to do a better job of talent management. (In general, really) Doing a little of both in service "hiring", and off the street hiring for WO, is probably the way to go.


----------



## compforce (Feb 21, 2017)

Ranger Psych said:


> @compforce will most likely attest that as the pro tier it nerd he is, he could have made real shit happen with a half shiny compared to having to fight his fights at the level he was working, with what...3 plus paygrades below what was intended for that type of position?
> 
> We bring in people straight off the street with the credentials right now, for flight warrants, surgeon officers, etc.  Surgrons aside, Warrants don't command, they are technical masters.  Cyber defense isn't something you can just learn in a condensed AITesque evironment, let alone Cyber offense.



More than 3, I was an E-4 (promoted to E-5 3 months into the tour) in a CW2/3 slot with theatre level responsibilities.  There was also an E-5 Air Force reservist in the same position as I was at our higher.  The only thing that made it work for me was that I had an O-4 flying top cover for me.  Honestly, I ran out of time, I couldn't have gotten much more done in the time I was there without burning out completely regardless of how shiny my shoulders were.  Without the O-4, I would have been performing help desk functions like resetting passwords (which is where they tried to assign me initially).

AIT was crap from an IT perspective.  I wouldn't expect anyone to be able to do anything relevant with the training from AIT.  The certification courses that are required after AIT would get them to a level of basic knowledge that I would consider for an entry level position.  Certainly nothing that would make me trust them for positions around securing a network.



AWP said:


> It goes back to my earlier posts: what credentials are they looking for when hiring for these positions? Depending upon those requirements you can attract people to fill those slots, but you'll never have the best outside of those with a higher sense of purpose than a bank account. What you would see are contractors bailing left and right, now your rank and file are sitting on top of the pile...which goes back to my earlier point about how do you slot these people within the force structure? You can't have a bunch of GS-13+ sitting in a shop unless you want problems. If your CTR's bail for these new officer or GS positions, what talent will fill the CTR ranks...and remember that a fair number of contractors are, and I say this as one, bags of shit.
> 
> You have a finite pool of qualified people and a much smaller pool of those worth a damn. If you are to attract those from outside the existing DoD structure you'll need money and lots of it. As mentioned above, you're looking at Warrant Officers with substantial end of the year and retention bonuses.



I agree, they would have to be outside the force structure.



CDG said:


> Do they need to affect the force structure though?  The Navy has the Limited Duty Officer (LDO) program.  That may be a way to bridge the gap between the warrant pay issue that @rick mentioned, and the force structure problems you foresee.  These SMEs would still be SMEs, and limited to that field, but with the rank on the collar required to actually get things done.  O-3s or contractors are not going to cut it.



The Army has some of those technical fields for O's too.  The O-4 I mentioned was MOS FA-53 (Functional Area 53).  It's a technical officer that cannot hold a command position except for temporary situations such as having all the other field grade O's wiped out and holding the position until replacements can be sent in.  Our O-4 reported during the deployment to an Air Force O-3.

Functional Area (FA) / Career Fields

As far as compensation, the total compensation for an O-4/5 is roughly equivalent to the average a senior IT person can expect in the civilian sector.  There are outliers that make significantly more, but you aren't going to recruit them on the basis of cash.  There would be major prestige in the IT world as a member of a nation state's (the US) offensive cyber capabilities.  Quite a few talented geeks would work for less than they could make to have that as a part of their legitimate resume.  It would also open a huge field of very well paying jobs in IT security for those people.  They would write their own paycheck after 7-10 years experience at that level.

I don't think CWO pay would be enough, but the field grade payroll and benefits might just do it.  Hell, it's been 5 years since I got back from the last deployment and I am still paying off the loans I took to get me through the drop in pay.  I'd have stayed in and still been doing it if it wouldn't have bankrupted me (and a few other reasons, most of which were results of deployments).  Compensation is rarely the primary driver of an employee's work decisions unless it is far outside the norm in either direction.


----------



## Marauder06 (Feb 21, 2017)

CDG said:


> What I am saying, is you create a separate structure for these SMEs.  So officers from other branches are not competing against them.  It's a special position created solely for the purpose of having the expertise available, with the commensurate rank needed to actually get things accomplished.



We have that already, they're called warrant officers.  This isn't about competence, it's about prestige.


----------



## compforce (Feb 21, 2017)

Marauder06 said:


> We have that already, they're called warrant officers.  This isn't about competence, it's about prestige.



I know that in theory that is how the Warrant Officer program is supposed to work.  In the IT field, they aren't delegated enough authority to get the job done.  The CW3 that was my counterpart for the first half of the deployment sat on a help desk for at least the first year after his return to CONUS.  He wasn't allowed to even reset a password.  He was required to answer the phone and start a ticket for the contractors to change the password.  That's it, no hands on.  What a waste of training.  He was pretty solid at the network side of things.  I saw that situation quite a few times both inside SOCOM and on the conventional side.  If the Warrant Officer program worked like it was supposed to and enlisted training was up to speed, you wouldn't need all of the contractors.

Also, you are certainly correct about already having it.  It's the FA program I linked to in my earlier post.


----------



## Marauder06 (Feb 21, 2017)

compforce said:


> I know that in theory that is how the Warrant Officer program is supposed to work.  In the IT field, they aren't delegated enough authority to get the job done.  The CW3 that was my counterpart for the first half of the deployment sat on a help desk for at least the first year after his return to CONUS.  He wasn't allowed to even reset a password.  He was required to answer the phone and start a ticket for the contractors to change the password.  That's it, no hands on.  What a waste of training.  He was pretty solid at the network side of things.  I saw that situation quite a few times both inside SOCOM and on the conventional side.  If the Warrant Officer program worked like it was supposed to and enlisted training was up to speed, you wouldn't need all of the contractors.
> 
> Also, you are certainly correct about already having it.  It's the FA program I linked to in my earlier post.



If everything worked like it was supposed to, we wouldn't be talking about bringing people completely outside the profession into the ranks as full colonels.

What you just described is the polar opposite of what I saw warrant officers in aviation, intel, SF, and maintenance fields.  They were all the epitome of "hands on."  There's no reason to assume that if cyber warrants were hired for those skills, they wouldn't be put to use in the force.


----------



## compforce (Feb 21, 2017)

Marauder06 said:


> If everything worked like it was supposed to, we wouldn't be talking about bringing people completely outside the profession into the ranks as full colonels.
> 
> What you just described is the polar opposite of what I saw warrant officers in aviation, intel, SF, and maintenance fields.  They were all the epitome of "hands on."  There's no reason to assume that if cyber warrants were hired for those skills, they wouldn't be put to use in the force.



I agree with everything you just said.  It's the cyber Warrants that I'm specifically referencing. 

I think that the difference is that the military has kept up, or pioneered, in those fields you mentioned.  In IT, they've outsourced so much of the function to contractors that they have lost the institutional knowledge of how IT works in the real world.  Now most of them are reduced to following an installation checklist developed by civilians and, if it doesn't work, they have no clue how to troubleshoot.  How many times has your laptop been reimaged when something was not functioning correctly?  I know I'm painting with a broad brush here.  I very much want to emphasize that it is not the fault of the individual Warrant Officer.  The problem is systemic, DoD wide and starts at the various schoolhouses.   Over 7 years and a couple of deployments I worked with quite a few Warrant Officers from CMF 250 and other branch equivalents.  Of all the ones I worked with, I can count the ones that I would feel confident labelling as a Senior or Tech lead on my fingers.  Of those, two were AD and the others were consistently reserves/National Guard (one of the AD ones I mentioned was technically sound, but would not have been able to hold a job in the civilian world because he was constantly belittling all of the enlisted around him).  The ones from the reserves, with one exception, all held IT jobs in the civilian sector that directly aligned with their military position.  The one exception was a Reserve Warrant Officer that also served as a contractor on the same system during the week.  My point, which I discussed at length with a MACOM J6 is that, as long as the military continues to outsource all of the essential IT functions to contractors, the institutional knowledge will not be regained.  Right now the only people that I would consider hiring for truly technical positions based solely on military experience are some of the Air Force folks and those only for mid-level technical positions or pure management positions.

I also think that the entire CMF 25 is suffering from the inbreeding effect.  Basically, as knowledge has been passed down over time, some of it has been incorrectly understood by the student.  Later that student passes down their imperfect understanding to their students, who understand it imperfectly and so on...     As time passes, they are perceived to be inferior at their positions and the quick fix is to hire from outside.  As a result, the students lose the ability to gain experiential learning in their field.

If that is the problem, the only solution is to bring in people from outside that have the right skill sets, the authority to impose the proper way of doing things and the ability to help the military regain their knowledge and catch up to the pace of new technology.  I think it will take at least a decade for an organization like the Army to begin to internalize the skills required for enterprise level IT.  It will take another decade to actually get back to the point where the military services are capable of self sustainment without the need for contract labor.  So how do you do it?  Exactly the way that was proposed.  Bring in some of the known big guns to teach and give them, perhaps initially too much, authority that will ease the political process of effecting change.  The lack of technical knowledge is a symptom of a flawed system.  Effecting actual organizational change in a bureaucracy like the military, especially one as massive as the Signal Corp (and other branch equivalents) will take true leadership that cannot be effected at the Warrant Officer level due to the political pressure that will be placed on them to just "get it done".  Without a true understanding of the longer term effects of their decisions, the balance between "right" and "right now" will always swing too far to the side of "right now" to actually be effective for more than the duration of an OER cycle.


----------



## SpitfireV (Feb 21, 2017)

Considering all that then, what about just handing off all cyber warfare functions to NSA? They have the people, the institutional knowledge and the resources to do such things.


----------



## compforce (Feb 21, 2017)

SpitfireV said:


> Considering all that then, what about just handing off all cyber warfare functions to NSA? They have the people, the institutional knowledge and the resources to do such things.



That's what they tried to do with Cyber Command.  It was/is owned by DoD, but run by the director of the NSA and shares both location and network assets with the NSA.  The issue is the staffing of it is military and falls subject to the same problem that I described above.


----------



## SpitfireV (Feb 21, 2017)

Ah roger thanks.


----------



## CDG (Feb 21, 2017)

Marauder06 said:


> We have that already, they're called warrant officers.  This isn't about competence, it's about prestige.



Does the Army currently have WOs, in the required fields, that can match the competence of civilians?  If the answer is no, then the Army will never get there on its own.  It will need to bring in outside talent, with the rank to get things accomplished, in order to actually fix the issue.  I, personally, don't care if someone is doing it for the prestige of having it on a resume, or picking up chicks at a bar.  The military appears to lack the organic capability to handle the growing gap, so it needs to bring in help.


----------



## compforce (Feb 21, 2017)

I should mention as well that they have an entirely different CMF (17) in cyber command from the standard 25 series that I was describing.  I haven't directly interfaced with any of them, which is unusual given my position when I was in Afghanistan.  I can't speak to their competence level, just that within the 25/250 series.

edit for clarity


----------



## Marauder06 (Feb 21, 2017)

CDG said:


> Does the Army currently have WOs, in the required fields, that can match the competence of civilians?  If the answer is no, then the Army will never get there on its own.  It will need to bring in outside talent, with the rank to get things accomplished, in order to actually fix the issue.  I, personally, don't care if someone is doing it for the prestige of having it on a resume, or picking up chicks at a bar.  The military appears to lack the organic capability to handle the growing gap, so it needs to bring in help.



I don't understand the question.  Of course the Army doesn't have enough qualified WOs with the skills that can match the competence of civilians in the cyber field right now, that's the whole point of this conversation.

And if the Army just allows people to walk in off the street to fill critical gaps, they'll never develop the capacity on their own.

Your feelings about the prestige of the Officers Corps is noted.  However, the very thing that attracts people to it, namely the well-earned prestige that comes from the professionalism of the military, is going to be eroded and undermined if we allow more and more people to simply walk on to very senior ranks.


----------



## AWP (Feb 21, 2017)

CDG said:


> Do they need to affect the force structure though?  These SMEs would still be SMEs, and limited to that field, but with the rank on the collar required to actually get things done.  O-3s or contractors are not going to cut it.



We are kidding ourselves if we think some of these SMEs won't "flex nuts." I know of CTRs who speak for O-6's by virtue of the O-6 abrogating their authority and oversight; they rubber stamp whatever's handed to them by the CTR.



compforce said:


> If that is the problem, the only solution is to bring in people from outside that have the right skill sets, the authority to impose the proper way of doing things and the ability to help the military regain their knowledge and catch up to the pace of new technology.  I think it will take at least a decade for an organization like the Army to begin to internalize the skills required for enterprise level IT.  It will take another decade to actually get back to the point where the military services are capable of self sustainment without the need for contract labor.



The problem though is retaining those service members. By the time the SM is competent they are now eligible for one of the newly created O/CWO positions. If you can't retain the personnel you'll never improve over the long term. I'm preaching to the choir and 100% agree this is a systemic failure, but my naturally pessimistic side doesn't see this proposal ending well if it ever became reality.


----------



## Il Duce (Feb 21, 2017)

I just don't see how bringing people in as senior officers gets you any of the gaps in capability filled.

In the medical service corps, JAG, Chaplain Corps, and functional areas they have clear delineations on what skills they want those personnel to have, what experience they need from civilian certifications or military training (in the case of functional areas), and clearly defined duties in terms of what they can and can't do (they have very specific criteria to lead others, command, and be promoted different from the rest of the Army).

That's an enormous undertaking for the cyber world - without any correlation to the civilian sector.  Does a hot-shit 25 year old hacker have the requisite experience to be brought in - or is it only PhD candidates from MIT?  Once commissioned what's the structure they fall into?  

The whole point of having Soldiers do something vs civilians is the ability they bring to work under combat conditions, operate in a chain of command, and employ skills in a wide-array of areas - rifleman first gets after the principle.  I work in intelligence.  There are shit-tons of civilians and contractors sitting in TOPIs at NSA across from our Soldiers with more experience and technical skill at that one function - but none of them are ready to deploy tomorrow, travel in a convoy, lead a team of other Soldiers, or fit into a task-organized command structure.  That's why NSA can never get enough military folks - even though the most 'skilled' analysts will always be on the civilian side for depth of experience (if not breadth).  I think the same thing holds true across the IC with some exceptions (DoS, CIA, DoE, FBI). 

Other than the pay, I don't see what an O-6 off the street gets you in cyber.  'Hi, I'm COL Duce.  I have no promotion potential, no experience or knowledge about the military or IC, no contacts with other servicemembers from the last 25 years of service, no leadership experience, but I really know computers.  Does my rank impress you enough to do shit for me?'  I just don't see it.  If the goal is money and prestige to bring them in why not just give all of them a bonus and a Special Forces or Ranger tab - those always impress the shit out of people, and we've already established we don't want them to go through the same shit as other people to earn rank - why stop there.

There's a reason we don't make the smartest 2LT in the Army the battalion commander or the most strack PFC the 1SG.  Experience counts right alongside knowledge and skill.  I find it hard to believe there's any technical skills, even in the cyber world, that can bridge that deficit sufficiently.


----------



## 104TN (Feb 22, 2017)

Il Duce said:


> ...'Hi, I'm COL Duce.  I have no promotion potential, no experience or knowledge about the military or IC, no contacts with other servicemembers from the last 25 years of service, no leadership experience, but I really know computers...





Il Duce said:


> ...'There's a reason we don't make the smartest 2LT in the Army the battalion commander or the most strack PFC the 1SG. Experience counts right alongside knowledge and skill. I find it hard to believe there's any technical skills, even in the cyber world, that can bridge that deficit sufficiently...



Based on what I've read, experience is exactly what the Army is looking to recruit.

I'd hazard that the average CISO or network security lead at just about any web-scale company is going to have both a greater breadth and depth of knowledge surrounding how to deliver and secure mission critical infrastructure and experience building and leading high performing technical teams than exists in the officer corps currently (even within the FAs @compforce previously referenced). 

While I agree civilian imports won't have the benefit of the tribal knowledge that comes with being raised within the establishment, they'll also probably be less likely to be constrained by a desire to maintain the status quo because of it.


----------



## Ranger Psych (Feb 22, 2017)

compforce said:


> There would be major prestige in the IT world as a member of a nation state's (the US) offensive cyber capabilities.  Quite a few talented geeks would work for less than they could make to have that as a part of their legitimate resume.  It would also open a huge field of very well paying jobs in IT security for those people.  They would write their own paycheck after 7-10 years experience at that level.



Being able to point at a BS, JSCOM, or something with a citation effectively stating you p0wned another nation?  Pfft.  Nevermind having the level of assets for offensive work, getting to red team against our own for pen testing, etc.

Sign me the hell up for weekend CQ, the barracks would be a huge lan party on the weekends with games and hacking CTFs..


----------



## CDG (Feb 22, 2017)

Marauder06 said:


> I don't understand the question.  Of course the Army doesn't have enough qualified WOs with the skills that can match the competence of civilians in the cyber field right now, that's the whole point of this conversation.
> 
> And if the Army just allows people to walk in off the street to fill critical gaps, they'll never develop the capacity on their own.
> 
> *Your feelings about the prestige of the Officers Corps is noted.*  However, the very thing that attracts people to it, namely the well-earned prestige that comes from the professionalism of the military, is going to be eroded and undermined if we allow more and more people to simply walk on to very senior ranks.



My intent was not to disparage the Officer Corps.  My point was that the feelings of these civilians not having earned the right to be officers by virtue of being SMEs is misguided in this one small area.  I am not denigrating the Officer Corps as a whole, or saying Army Officers do not deserve to take pride in that accomplishment.

The Army has to have outside assistance to develop the capacity.  They are currently incapable of doing it organically.  Contractors are not going to have the requisite pull to make meaningful change.  My entire point for this idea is that the Army is so rank conscious, that nothing short of Eagles or Stars will get the Cyber ship turned around and headed on the right track. 

I have been thinking on this more, and I don't even think it needs to be a permanent commission.  Bring these guys/girls in with the understanding that it will be re-evaluated in 5 years.  Their job in the meantime is to identify deficiencies in training, equipment, procurement, and operational capability, followed by an outline of how to fix the issue and sustain the change.  At the 5 year mark, evaluate whether some, or all, need to stay on, or whether some, or all, can be returned to the civilian sector.  It's a win for both sides.


----------



## CDG (Feb 22, 2017)

AWP said:


> We are kidding ourselves if we think some of these SMEs won't "flex nuts." I know of CTRs who speak for O-6's by virtue of the O-6 abrogating their authority and oversight; they rubber stamp whatever's handed to them by the CTR.



Of course some of them will.  So what?  The military creates its own leaders who do the same thing already.  It's nothing new under the sun, and there are no perfect fixes.


----------



## Il Duce (Feb 22, 2017)

104TN said:


> Based on what I've read, experience is exactly what the Army is looking to recruit.
> 
> I'd hazard that the average CISO or network security lead at just about any web-scale company is going to have both a greater breadth and depth of knowledge surrounding how to deliver and secure mission critical infrastructure and experience building and leading high performing technical teams than exists in the officer corps currently (even within the FAs @compforce previously referenced).
> 
> While I agree civilian imports won't have the benefit of the tribal knowledge that comes with being raised within the establishment, they'll also probably be less likely to be constrained by a desire to maintain the status quo because of it.



I'm sure there are competitive marksmen who are in great shape - doesn't mean they should walk on as an E-7 sniper.  A great mechanic who runs a number of car repair shops is not ready to walk on and command an ordnance battalion.  A stunt pilot likely has incredible reflexes, understanding of handling an aircraft, and tons of flying hours - doesn't mean he's ready to fly a fighter, much less lead a squadron of them.

It may seem like senior officers in the cyber world don't do shit - or maybe just officers in general - but that's a mistaken assumption.  If you think they do things - but those things are worthless - that's an opinion you're certainly entitled.

The 780th MI BDE (Army Cyber BDE) is about 50/50 17 and 35 series officers and enlisted.  The work embedded in the SIGINT community.  There is a significant amount of parallel between what cyber leaders have to do and what strategic MI leaders have to do.


----------



## 104TN (Feb 22, 2017)

Il Duce said:


> I'm sure there are competitive marksmen who are in great shape - doesn't mean they should walk on as an E-7 sniper.  A great mechanic who runs a number of car repair shops is not ready to walk on and command an ordnance battalion.  A stunt pilot likely has incredible reflexes, understanding of handling an aircraft, and tons of flying hours - doesn't mean he's ready to fly a fighter, much less lead a squadron of them.
> 
> It may not seem like senior officers in the cyber world don't do shit - or maybe just officers in general - but that's a mistaken assumption.  If you think they do things - but those things are worthless - that's an opinion you're certainly entitled.
> 
> The 780th MI BDE (Army Cyber BDE) is about 50/50 17 and 35 series officers and enlisted.  The work embedded in the SIGINT community.  There is a significant amount of parallel between why cyber leaders have to do and what strategic MI leaders have to do.



My post wasn't a condemnation of the officer corps. That a program like this is on the table after several years of the Army sharing press about a lack of capability is a solid indicator that there are critical skills germane to the Cyber mission that the existing officer corps lacks and can't develop in-house.

Comparing senior technology leaders from the civilian sector (many with experience meeting insane SLAs while protecting infrastructure from the same state sponsored threats the DoD is dealing with) to individual contributors and small business owners is pretty far off base and doesn't bolster your argument IMO.

When it comes to InfoSec, IA, and network operations there's certainly some "stuff" you can take a kid out of high school and train and them to do, or even send an officer off to a course to learn. However, when you start talking about true architect-level technologists or industry thought leaders working at the CXO level, the knowledge, skills and abilities these people possess are as comparable to someone working at the level you've described above as a medical assistant's are to an experienced MD's.

We're not talking about shoehorning someone with roughly related functional skills into a completely dissimilar role. What's being proposed is recruiting civilians with a proven talent for solving the exact challenges the Army is facing, and putting them into positions where their expertise and experiences can fill gaps and catalyze change.

Building on the Medical Corps analogy as there's a corollary there, would you take umbrage with the idea of a department head from a major medical center joining the service at an advanced pay grade? Is none of that Doc's civilian experience transferable to the military? That's basically what we're talking about.

That said, we're arguing theory here as I don't think this program would be able to attract the kind of talent that'd actually make a difference. I just wholly disagree with the idea there aren't civilians that could join the military at a senior level and have an incredibly positive impact if attracted to the offer.


----------



## Il Duce (Feb 22, 2017)

I guess ultimately it's an un-verifiable hypothesis until folks are recruited for doing these jobs - but I don't think the skills are as applicable as you imagine.

Decisions on architecture, implementation, design, and training pipelines are made by commanders and leaders - not technical experts brought in.  All of those decisions are structural in nature - meaning they are going to impact significantly on infrastructure, contracting, and budget - all of which require more buy-in than a single leader.  One of the benefits of the business world is being able to structure authority and organizations to meet business goals.  Market competition helps to weed out failure as measured by profit margins.  Government and especially the military and IC don't have the same structure - for good and for ill.  If the NSA does a shitty job at SIGINT they don't go out of business in favor of a start-up SIGINT section at the FBI.  Similarly, the head of the NSA doesn't get to re-organize against EO 12333 because SIGINT coverage is spotty in a target area.

Medical professionals are brought in at a high rank to execute their specialty - not to run hospitals.  An O-6 thoracic surgeon is brought in to be a surgeon - and they do that under very clear guidelines of professional medical standards (that are the same as the civilian world), in a clear structure (the hospital setting).  None of those are present in cyber, where authorities to operate are even more important frequently than the technical skills to operate themselves.

I've met a number of doctors who were fine leaders - though always having been an Army doctor for more than a few years, and choosing to pursue leadership training and opportunities.  I don't think there's a character or intelligence deficiency in the civilian sector - but an experience one.


----------



## ThunderHorse (May 10, 2017)

So the continuation of this seems to be that we'll just get rid of bootcamp for CYBER: The US military might let its IT warriors skip boot camp


----------



## Gunz (May 10, 2017)

ThunderHorse said:


> So the continuation of this seems to be that we'll just get rid of bootcamp for CYBER: The US military might let its IT warriors skip boot camp




Similar to the Marine Corps thread on lateral moves from the private sector to instant officer. It ain't palatable but it's probably inevitable. But in addition to the uniform and the authority and all the cool bling they're gonna have to come up with some serious bonus money to attract techno nerds to military service.


----------



## DA SWO (May 10, 2017)

They'll do a 10 day salute school like we do for some medical professionals.
Bring them in as a Sr O-3, and use bonuses to make up the pay difference.  Seems to work for Medical Professionals.
FWIW- There were a ton of instant officers in WW II, they seem to heave gotten it sorted out quickly.

What I haven't seen is where all those O-6 slots are coming from, I can not imagine Congress quadrupling the O-6 billets.


----------



## AWP (May 10, 2017)

Having recently worked with an Army Cyber Protection Team, they need all of the help they can get. You're going to "defend" a network and don't know the difference between UDP and TCP?

Cyber, please....


----------



## ThunderHorse (May 10, 2017)

It's really not the Officer piece I'm worried about at all.  We've been doing that for awhile.  But on the enlisted side I don't think the Army has ever done a two-week orientation thing like the Navy previously did for reservists.


----------



## 104TN (May 11, 2017)

AWP said:


> ...You're going to "defend" a network and don't know the difference between UDP and TCP?


I don't get your message...


----------



## compforce (May 11, 2017)

AWP said:


> Having recently worked with an Army Cyber Protection Team, they need all of the help they can get. You're going to "defend" a network and don't know the difference between UDP and TCP?
> 
> Cyber, please....



There's _NO_ excuse for that one...

@104TN - I see what you did there.

For others that may not know, those are the two basic (standard) protocols used in computer networking.  They're taught on day 1 of the networking phase of 25B school.   It would be like an infantryman that doesn't know the difference between 5.56 and 7.62.  If a cyber team doesn't understand the building blocks, how will they protect the whole?  Unforgivable IMO.


----------



## compforce (May 11, 2017)

I think the observations in your post are strengthening the argument for outside experience rather than opposing it.



Il Duce said:


> Decisions on architecture, implementation, design, and training pipelines are made by commanders and leaders - not technical experts brought in.  All of those decisions are structural in nature - meaning they are going to impact significantly on infrastructure, contracting, and budget - all of which require more buy-in than a single leader.



In the civilian world it's not the techs that make those decisions either.  IT is a support function in the private sector also.  We advise on the proper infrastructure and budget required to execute a strategy or vision.  The business ultimately makes the decision on whether or not to fund the project.  The civilian experience at the higher level is EXACTLY what the military is missing.  I don't think anyone, including myself, @104TN , @AWP or the Army is advocating just giving officer rank to the wiz kid from the local startup.  The issue that needs to be addressed is the systemic and cultural issues within the military that are driving the lack of competency in the cyber fields.  The technical "how-to" can be taught.  The strategic mindset has to be learned via experience.



Il Duce said:


> One of the benefits of the business world is being able to structure authority and organizations to meet business goals.  Market competition helps to weed out failure as measured by profit margins.  Government and especially the military and IC don't have the same structure - for good and for ill.  If the NSA does a shitty job at SIGINT they don't go out of business in favor of a start-up SIGINT section at the FBI.  Similarly, the head of the NSA doesn't get to re-organize against EO 12333 because SIGINT coverage is spotty in a target area.



The approach used in business is the same as should be used in the military.  At the macro level the military is all about mission alignment, budgets, resource allocation, strategic use of assets and project management of time sensitive projects.  ALL of the same things that senior IT leaders (CIO/CTO/CISO)  are focused on in the private sector.  The biggest differences are in how success is measured and the impact of a failure.  In the business world, if you fail (as an individual) you simply start over at another company.  In the world of Cyber Defense, you only get to fail once.



Il Duce said:


> Medical professionals are brought in at a high rank to execute their specialty - not to run hospitals.  An O-6 thoracic surgeon is brought in to be a surgeon - and they do that under very clear guidelines of professional medical standards (that are the same as the civilian world), in a clear structure (the hospital setting).  None of those are present in cyber, where authorities to operate are even more important frequently than the technical skills to operate themselves.


There's a reason ATO is so hard to get.  It's because the people who wrote the processes for gaining ATO didn't understand the real world of IT.  They went out and did a bunch of research on best practices and then took every single one of them and stuffed them into a series of regulations without any regard to the mission.  It's the difference between theoretical and practical knowledge.  Then you add in the military's insane need to put everything in a process to the smallest detail and you end up with a set of criteria that is nearly impossible to meet in any type of short time frame.  Institutionally that results in a culture where finding ways around the regulations is a path to success rather than having a culture where working within the framework allows for success while still maintaining control.  It's a cultural issue, not a technical one.  The military will NEVER solve that issue without bringing in outside perspective.  Its own institutional practices will hamstring any effort to do so.  Sometimes you just need a fresh set of eyes that have dealt with similar issues in other organizations that have a similar scale.

The biggest problem with the whole effort of bringing in civilian IT folk at the flag officer level is that it will never be funded in a way that will attract the level of talent that they should.  The people that need to be recruited make more money than the Executive branch of government.  Hell, I make more than the SC schedule allows and I don't have a college degree.  Throwing O-6 rank and pay out there won't attract an experienced CIO from a company in the $1B+ range.  What they need are Fortune 1000 CIO's and they're not even close to the compensation levels.CIO Compensation: Top Information Technology Executives Make Millions of Dollars  O-6 compensation will attract the people who WANT to be CIO's in those companies and the people who couldn't make it in those companies.  The military doesn't have the knowledge to tell the difference.  If they simply judge by a person's resume, things will get worse, not better without some luck.  That said, I think they have to try because, as it stands now, the military IT effort isn't self-sustaining and it will have to become so to remain relevant in the future.


----------



## AWP (May 11, 2017)

compforce said:


> There's _NO_ excuse for that one....



In three days' time we had:
- UDP vs TCP
- A CW3 ask for a commercial drop into our server room. "Well, can we get Wi-Fi in here? We need to download some drivers." (I thought he was testing us but....)
- The same CW3 then asked where he could plug his Army laptop into an Air Force network. I actually laughed at this point and told him if they can't provide us with their requirements then they should expect limited to no support. (Which leads me to...)
- No hardware requirements except for "a server with 32GB of memory and enough disk space to run xxxxx and store log files." That's too easy to source. Then they arrived and couldn't believe that we "didn't have" what they asked for. The CPT's have so much clout and visibility we had to pull one of our warm spares to give to them and their tests until new equipment could be purchased.

It was pure cluster, especially when they couldn't read the log files from their software. "I think this is..." does not inspire confidence.

As an aside, we're going through our DIACAP (now called RMF) package to press for an extension to our ATO. Our ATO has about a year left and the GS' running the show started our RMF three weeks ago.

You can't make up this stuff. Assuming we have guys with the right tech knowledge, management isn't there. If we have the proper managers I question if the tech knowledge is there. I might be new to DoD security/ IA work, but damn....8570 reads like a fairy tale when compared to the real world.


----------



## Devildoc (May 11, 2017)

That there can be successful lateral entry is not an issue.  That argument was put to bed decades ago, and has been successful ever since.

_How_ they would be integrated and what kind of scope and leadership roles they are given are the questions.


----------



## Il Duce (May 12, 2017)

@compforce I disagree, but I don't think I can add much more to the points I've already made.

The way I see senior officers operate, influence, and lead in the national intelligence community doesn't match up with what I see as these civilians' bringing to the fight.  I think I'm in a good position to have an experienced take on what COL's and GO's do in the IC.  However, my knowledge of what senior industry IT leaders bring to the table comes almost exclusively from HBR podcasts and the HBO show Silicon Valley.  So, probably not so much expertise there.  If I were in a decision room where this came up I would argue against it.

Also, I have to acknowledge knowing how 'things are done' and understanding how they SHOULD be done or COULD be done is always tough.  I don't want to be like the douchebags who criticized COL Youngling's article about generalship by saying 'you're not a general so you can't criticize generals.'  That kind of intellectual cowardice should have no place in a professional discussion.

I think if CYBERCOM is committed this kind of idea they should try brining over an SES from industry first - see what works and what doesn't - before a pilot on officer billets.  But, ultimately we'll have to see how this works if they try it.


----------



## Brill (Jan 14, 2020)

@Teufel

The focus on information operations will require soldiers to sift through a massive amount of information in cyberspace, determining the enemy’s deceptive tactics just like they would on the real battlefield. The transformation will also be a physical one, with information-related operations moved from Fort Belvoir, Virginia, to Fort Gordon, Georgia, as early as this spring. The rest of the transformation is expected to take place by 2028.

'We want to win the next war': US Army will revamp cyber operations to counter Russia and China


----------



## Teufel (Jan 16, 2020)

I will add a few things here as a non technical commander in the cyber field. The biggest things I bring to the fight for my team is how I interface with the rest of the DOD and IC. I translate my commander's intent down to my people, which sounds super obvious but I don't always see my peers do this effectively. Senior commanders should be able to turn intent into campaign plans and operational design. Intent can also be challenging as things become less clear and directive at the senior levels and C2 gets more complex. Right now I have an ADCON boss, OPCON boss, frequently answer directly to my COCOM CDR, and directly support three four star commands whose priorities don't always align. I do my best to interact with all these commands, weigh all their priorities and come up with a plan to address them, which ultimately my OPCON boss signs off on. He takes the heat if I mess that prioritization up or come short in any line of effort. We've done pretty well so far. The second translation, which is often more important, is how I translate what my people can do and advocate for them. I see many of my peers fail miserably at this because they drift into technical details that force GOs to drift to sleep and ultimately non-concur with otherwise sound plans. I've seen this time and time again. I've actually won resource battles with other units because they hit the J3 with a bunch of unorganized techno babble with one COA while I put things into succinct options, with projected timelines for accomplishment, that weigh risk to mission against risk to force and infrastructure. This has also helped me win intel gain/loss arguments by weighing operational gain/loss.

Leadership is leadership. It would be great to develop technical leaders and I think one day we will do a better job of this as people grow up in cyber. I replaced a technical "leader" who never visited his troops and didn't submit a single award for any of his subordinates throughout his three year tour. I think we benefit more from putting strong commanders and leaders in cyber and surround them with sharp technical advisors, than thrust technicians into senior leadership billets without strong leadership and planning skills. I already see a lot of field grade officers who can't get anything done in my building because cyber is still a performance sport and you need more than technical skills to be a good cyber Colonel. Keep in mind that senior field grade officers frequently interact with their peers outside of cyber command and need to speak the same language as they do. Just make these super technicians GS15s and call it a day. That will give them the pay and authorities the DOD wants them to have, without any of the military expectations associated with field grade ranks.


----------



## Brill (Jan 16, 2020)

@Teufel , I need to get back up there for a chat. I’ll send you stuff related to the shit show I’m going through:

@AWP will enjoy this

unit: ”We need a X!”
feds: “mmm, I dunno. Why?”
bigger unit: “Cute, when can we expect a fed to arrive at the unit?”
feds: “We have a highly qualified candidate who arrives soon.”
unit: happy dance
me @ unit: “I’m here to fuck shit up. Feds, I need all this stuff.”
feds : “mmm, I dunno. Why do you want that? What do you do for the unit there?”
me: “counterparts @bigger unit say it need it. Wait, what? You’re asking what I do here?”
feds: “Yes, why do you need it? what mission does that unit have?”
me: “ You phuxers didn’t think to ask that shit and figure it out before I arrived?”
feds: “relax. You won’t get promoted talking like that. Let’s VTC to discuss.”
me: “You phuxing rocket surgeons didn’t allocate VTC equipment for our network. So we can’t VTC.”
feds: “hmmm. Ok, let’s polycom.”
me: “same rocket surgeons didn’t allocate a phone for our net.”
feds: “submit a request.”
me to SAME Fed supe: “I need a phone & VTC to commo.”

I shit you not the reply went along lines of...

feds: “Yes, why do you need it? I honestly don’t think this will be approved. what mission does that unit have?”


----------



## ThunderHorse (Jan 16, 2020)

lindy said:


> @Teufel , I need to get back up there for a chat. I’ll send you stuff related to the shit show I’m going through:
> 
> @AWP will enjoy this
> 
> ...


Zoom or Skype for Business?


----------



## GOTWA (Jan 17, 2020)

lindy said:


> @Teufel , I need to get back up there for a chat. I’ll send you stuff related to the shit show I’m going through:
> 
> @AWP will enjoy this
> 
> ...


Such a diva.


----------



## CQB (Jan 17, 2020)

Bazinga! Double tapped a post  . You have my sympathy @lindy those Feds sound like they came from private security.


----------



## Brill (Jan 17, 2020)

CQB said:


> Bazinga! Double tapped a post  . You have my sympathy @lindy those Feds sound like they came from private security.



My idiots never pass up an opportunity to demonstrate how little they know about SOF. Good times for sure!


----------



## BloodStripe (Jan 19, 2020)

lindy said:


> @Teufel , I need to get back up there for a chat. I’ll send you stuff related to the shit show I’m going through:
> 
> @AWP will enjoy this
> 
> ...



Me as a KO: But first you must fill out this brand name justification for X and then tell me your requirement.


----------



## Devildoc (Jan 19, 2020)

As @Teufel said, the best model is just to give these people a GS position with all the benny's. Otherwise you're bringing them in at O4/5/6 and giving them instant authority but little understanding of the culture. I admit my attitude has changed a little bit on this since I've been out and thought about it a little more. Direct commission works for a lot of fields, but even direct commission in the medical and nursing fields have to go through a lot of the standard Navy leadership courses, they're just not given the rank and authority without a strong support network. But it's been that way for how many hundred years now? 

Can it work? Sure but with a metric shit-ton of growing pains.  I don't know if you can take the medical model or the JAG model or new the others and just apply it to the field.

I suppose another idea is to bring them in as a warrant with big buck contracts and incentives and keep them out of the leadership structure and let them do the voodoo they do so well.


----------



## AWP (Jan 20, 2020)

I just (this week) had a run in with an O-5. Tomorrow when I'm sober I'll explain why this cyber stuff us a bad idea...


----------



## Teufel (Jan 20, 2020)

Devildoc said:


> As @Teufel said, the best model is just to give these people a GS position with all the benny's. Otherwise you're bringing them in at O4/5/6 and giving them instant authority but little understanding of the culture. I admit my attitude has changed a little bit on this since I've been out and thought about it a little more. Direct commission works for a lot of fields, but even direct commission in the medical and nursing fields have to go through a lot of the standard Navy leadership courses, they're just not given the rank and authority without a strong support network. But it's been that way for how many hundred years now?
> 
> Can it work? Sure but with a metric shit-ton of growing pains.  I don't know if you can take the medical model or the JAG model or new the others and just apply it to the field.
> 
> I suppose another idea is to bring them in as a warrant with big buck contracts and incentives and keep them out of the leadership structure and let them do the voodoo they do so well.


I'm also a huge fan of using the warrant officer program to recruit cyber talent. We could easily use the 160th warrant officer pilot model and apply it to this field. It takes almost two years to train and certify some of the more technical work roles. Some people can jump right in and make it through the assessment and training programs. Some need more time. I would propose to make the cyber analysis work roles in the enlisted ranks and offer the warrant officer program as an ascension program or direct entry.


----------



## Marauder06 (Jan 20, 2020)

AWP said:


> I just (this week) had a run in with an O-5. Tomorrow when I'm sober I'll explain why this cyber stuff us a bad idea...



O5s are inherently sketchy and are not to be trusted.


----------



## Gunz (Jan 20, 2020)




----------



## Marauder06 (Jan 20, 2020)

Devildoc said:


> As @Teufel said, the best model is just to give these people a GS position with all the benny's. Otherwise you're bringing them in at O4/5/6 and giving them instant authority but little understanding of the culture. I admit my attitude has changed a little bit on this since I've been out and thought about it a little more. Direct commission works for a lot of fields, but even direct commission in the medical and nursing fields have to go through a lot of the standard Navy leadership courses, they're just not given the rank and authority without a strong support network. But it's been that way for how many hundred years now?
> 
> Can it work? Sure but with a metric shit-ton of growing pains.  I don't know if you can take the medical model or the JAG model or new the others and just apply it to the field.
> 
> I suppose another idea is to bring them in as a warrant with big buck contracts and incentives and keep them out of the leadership structure and let them do the voodoo they do so well.



Yep. I don't think we should be giving field grade rank to anyone, no matter how "qualified" they are. Start them off as senior company grades and let them work their way up like the rest of us.

The problem with the warrant officer option, which I support, is that most people have no idea what a warrant officer is. And despite the sheer awesomeness that we all recognize is inherent in the senior Warrant ranks, it's not considered as prestigious as being a full-bird colonel. 

People want the trimmings and prestige of being a senior field grade, without the competence and commitment required to earn it.


----------



## Centermass (Jan 20, 2020)

Marauder06 said:


> The problem with the warrant officer option, which I support, is that most people have no idea what a warrant officer is.



and they quite happily like it like that.....


----------



## AWP (Jan 20, 2020)

I'm a cybersecurity guy and I hate cybersecurity. Specifically, what the DoD does to an end user and especially to a SysAdmin. Despite being a former Signal Officer, I hate the power we've given to Signal/ Comm guys throughout the DoD. We've created a monster.

Last week's PKI flaw is a big deal, especially in the DoD. Some O-5 from CYBERCOM called me directly (how he obtained my number is anyone's guess, but...creepy) telling me I had to patch our systems. He sent an email to my leadership telling them the same thing. Patch the systems immediately...

...except the update wasn't even listed in SCCM (the server/ software that handles Windows updates at an enterprise level). When I pointed this out we were told to go "download it from Microsoft."

Yeah, no. That's not how any of this works. I had to stonewall an O-5 who sounded like he was snorting coke over a Microsoft update. This is what happens when you can't go infantry and aren't smart enough for medical or law school.

Now back to NIST 800-37...


----------



## Kheenbish (Jan 21, 2020)

From what I've seen, most leadership will treat a CVE/RCE as classified information or be so behind the power curve when a damaging RCE happens in the wild to react.

If the DoD can't even stay up to date with what's happening in the wild, then we need to develop a proper plan for that first. 

OSINT needs a better integration into our cyber programs.


----------



## RackMaster (Jan 21, 2020)

AWP said:


> I'm a cybersecurity guy and I hate cybersecurity. Specifically, what the DoD does to an end user and especially to a SysAdmin. Despite being a former Signal Officer, I hate the power we've given to Signal/ Comm guys throughout the DoD. We've created a monster.
> 
> Last week's PKI flaw is a big deal, especially in the DoD. Some O-5 from CYBERCOM called me directly (how he obtained my number is anyone's guess, but...creepy) telling me I had to patch our systems. He sent an email to my leadership telling them the same thing. Patch the systems immediately...
> 
> ...



Every once in a while, I see a job posting and think about updating my certs and getting back in the game.   Then I read one of your post's and I remember that I enjoy what little sanity I have left.


----------



## Brill (Jan 21, 2020)

AWP said:


> I'm a cybersecurity guy and I hate cybersecurity. Specifically, what the DoD does to an end user and especially to a SysAdmin. Despite being a former Signal Officer, I hate the power we've given to Signal/ Comm guys throughout the DoD. We've created a monster.
> 
> Last week's PKI flaw is a big deal, especially in the DoD. Some O-5 from CYBERCOM called me directly (how he obtained my number is anyone's guess, but...creepy) telling me I had to patch our systems. He sent an email to my leadership telling them the same thing. Patch the systems immediately...
> 
> ...



This is all I have to say about ARCYBER.

https://www.7sigcmd.army.mil/

The owner of *www.7sigcmd.army.mil* has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.


----------



## RackMaster (Jan 21, 2020)

lindy said:


> This is all I have to say about ARCYBER.
> 
> https://www.7sigcmd.army.mil/
> 
> The owner of *www.7sigcmd.army.mil* has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.



Every government site is configured around Microsoft and anything else is an after thought.


----------



## compforce (Jan 21, 2020)

RackMaster said:


> Every government site is configured around Microsoft and anything else is an after thought.


Yeah, that's not the problem.  Here it is in Edge.



It's actually because the authorization chain leads to a self-signed DOD certificate that civilian computers don't recognize as authoritative.


----------



## Brill (Jan 22, 2020)

compforce said:


> Yeah, that's not the problem.  Here it is in Edge.
> 
> View attachment 31682
> 
> It's actually because the authorization chain leads to a self-signed DOD certificate that civilian computers don't recognize as authoritative.



World vs USCC:


----------



## GOTWA (Jan 22, 2020)

lindy said:


> This is all I have to say about ARCYBER.
> 
> https://www.7sigcmd.army.mil/
> 
> The owner of *www.7sigcmd.army.mil* has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.



I can't even get on webmail because the "access policy" is incorrect.


----------

