• Thanks for stopping by. Logging in to a registered account will remove all generic ads. Please reach out with any questions or concerns.

Cyber Operator trade Mega Thread

The IDF goes a different route, their Cyber-Commandos are actually real commandos. No armchair warriors there:

https://strategypage.com/htmw/htiw/20170712.aspx

Information Warfare: Israel Plays Rough

July 12, 2017: The Israeli domestic intelligence service (Shin Bet, similar to the British MI5) recently confirmed what was already widely known among hackers; trying to hack Israeli networks will often trigger instant counter-hacks that will at least halt the hackers with unexpected error messages or, worse, generate a powerful counter-hack directed against the attackers system. The worst result is that, as several thousand foreign hackers have already discovered, the Israelis will identify who you are and where you are operating from. If the hacker is in a nation that has extradition or similar arrangements with Israel the hacker can start worrying about getting arrested or, at the very least, being placed under investigation and added to a list of the usual suspects.

Shin Bet could not hide the fact that it was expanding its Cyber War operations and recruiting additional personnel. So announcements like this are considered part PR and part recruiting. Since 2010 various Israeli government and military organizations have been seeking additional staff for new Cyber War efforts that can detect and thwart enemy hackers. This included seeking expert hackers willing to train to operate in the field with Israeli commando units. That new Cyber War unit was actually part of military intelligence and sought recruits from those already in the military as well as civilians.

Israel had long had troops dedicated to Cyber War activities, but in 2010 they introduced a new twist to this. Israel used the same screening and recruiting techniques they had developed for commando units to find suitable recruits for an elite Cyber War unit. Thus the Israelis were not just seeking men (or women) with the right technical skills, but also with the mental toughness characteristic of the regular commandos. The new Cyber War unit handled the most difficult and dangerous Cyber War situations. An example would be a Cyber War attack using an unknown and seemingly devastating new technique. For that you needed a Cyber War commando unit available to send against the problem. Same with an enemy Cyber War target that has to be disrupted, or simply investigated. You needed a unit to do the job because this unit had already been recruited and trained to be the best of the best. Similarly, if you were sending in regular commandos on a raid, to steal technology (something Israel has already done several times), several of the Cyber War commandos would go along. Already known to be tough minded, but possessing high technical skills, the Cyber War guys could keep up with the regular commandos, and quickly sort out the enemy technology, and take, or destroy, the right items.

But in the meantime Israeli Cyber War organizations had been ordered to be more aggressive in dealing with hackers and hacking attempts. There was a certain urgency to this because Islamic terrorists were developing better hacking skills, often because many recruits came from Western countries where young Moslem men have more access to computers and college level training in computer science and security. Groups like ISIL (Islamic State in Iraq and the Levant) and al Qaeda found that they could use many of these Western recruits who had skills, but were not willing to carry out suicide attacks or engage in armed combat. Apparently many of these Islamic cyber terrorists were first detected and identified when they tried to hack Israeli systems. Israel now has Cyber War intelligence sharing arrangements (official or unofficial) with most Western nations containing Moslem minorities.

By going public about some of this counter-hacker activity Shin Bet may also cause some of the less disciplined Islamic cyber terrorists to get angry enough to make an attack and get caught. Whatever works.
 
This is a very long and detailed blog post. It technically debunks the claim of Russian hacking (essentially the author proves the "DNS logs" given to the media were fabricated). This is important in two respects, in that this is the sort of thing a CF Cyber unit may have to do in order to protect the integrity of the GoC, and if you can follow this, it shows the true level of detail that Cyber warriors will need to master in order to actually carry out their task. I'll just leave the link:

https://weaponizedautism.wordpress.com/2017/04/09/trump-dns-logs-fabricated/
 
Journeyman said:
Since this cyber chat isn't going over to the Cyber Operator trade Mega Thread, I'll continue the derail.

Ok, we're talking about the CAF. No one really knows where we're going with this (except apparently one poster who is amazingly prescient, or hooked up to the Matrix).  One thing we do  know, is how the Force's tribal elders deal with retention issues, whether SOF or this Sheldon Cooper Command.....


...uniforms & badges.

I predict that we'll see Cyber Commando uniforms combining the 'best' elements of Starship Troopers and Transformers and whatever else the little geek darlings are into these days.... such that they'll be the envy of COMICONs everywhere.

    :nod:

Worst Case, they could got the whole Borg route and try adopting a "You are about to be assimilated, Resistance is Futile" type of approach...
 
Very good detailed analysis by Bill Robinson at his essential Lux Ex Umbra blog--note definitions, cyber work with CAF (should MND still be the minister?), covert human
help abroad, exploitation of social media:

CSE and Bill C-59 overview

My first two posts on the contents of Bill C-59 covered the proposal to give CSE a new foreign cyber operations mandate [ https://luxexumbra.blogspot.ca/2017/06/cse-to-get-foreign-cyber-operations.html ] and the proposal to replace CSE's current watchdog [ https://luxexumbra.blogspot.ca/2017/07/bill-c-59-new-dogs-for-new-tricks.html ], the CSE Commissioner, with two new institutions, the National Security and Intelligence Review Agency (NSIRA) and the Intelligence Commissioner. These are the most important changes proposed for CSE, but the bill also contains a number of other important measures that deserve comment. I'll try to cover the key remaining points in this post...

Establishment established

establishment%2Bestablished.png

...
https://luxexumbra.blogspot.ca/2017/08/cse-and-bill-c-59-overview.html

Well worth the read.

Mark
Ottawa
 
CANFORGEN 162/17 CFD 004/17 281416Z SEP 17
CYBER OPERATOR (CYBER OP) MOSID 00378 - APPLICANT SOLICITATION
UNCLASSIFIED
REFS: A. CFD: CYBER FORCE DEVELOPMENT PROGRAM, 22 MAY 2014 B. MES IP CYBER OPERATOR OCCUPATION C. NDHQ MIL PERS GEN OTTAWA//DPGR 131617Z JAN 17 CYBER OPERATOR (CYBER OP) MILITARY EMPLOYMENT STRUCTURE IMPLEMENTATION PLAN (MES IP) D. CBI 204.03 (2) - RATE OF PAY - COMPULSORY OCCUPATIONAL TRANSFER E. CDS ORDER 028/17 DATED 28 AUG 17
AT REF A, THE DIRECTOR CYBER FORCE DEVELOPMENT (D CYBER FD) WAS TASKED TO ESTABLISH A SPECIALIZED AND DEDICATED DND/CAF WORKFORCE TO COUNTER THE GROWING CYBER THREAT. FOLLOWING A COMPREHENSIVE STUDY AND UPON APPROVAL AND PROMULGATION OF THE MES IP AT REFS B AND C, A NEW CYBER OPERATOR OCCUPATION (CYBER OP) MOSID 00378 FOR REGULAR FORCE (REG F) NON-COMMISSIONED MEMBERS (NCMS) WAS ESTABLISHED EFFECTIVE 31 JANUARY 2017.
THE PRIMARY FUNCTION OF A CYBER OP WILL BE TO COLLECT AND ANALYZE DATA FROM DND/CAF COMPUTER NETWORK SYSTEMS IN ORDER TO SUPPORT A FULL RANGE OF CYBER OPERATIONS. THEY WILL BE RESPONSIBLE TO MONITOR NETWORKS FOR POTENTIAL INTRUSION AND ABNORMALITIES, EXAMINE NETWORKS FOR VULNERABILITIES IN DEFENSIVE AND OFFENSIVE POSTURES, CONDUCT FORENSIC INVESTIGATION OF CYBER INCIDENTS, MAINTAIN SPECIALIZE CYBER UNIQUE TOOLSETS, AND WHEN REQUIRED AND WHERE FEASIBLE, CONDUCT OFFENSIVE CYBER OPERATIONS.
CYBER OP IS A JOINT REG F OCCUPATION FROM PTE/OS TO CWO/CPO1. IT WILL INITIALLY BE OPEN TO SERVING CAF NCMS OF THE REG F THROUGH OCCUPATION TRANSFER AND TO PRIMARY RESERVE NCMS (P RES) THROUGH COMPONENT TRANSFER UNTIL 31 DECEMBER 2019. AS SOON AS PRACTICAL, SEMI-SKILLED AND UNSKILLED CIVILIANS WILL BE RECRUITED VIA DIRECT ENTRY. AFTER 31 DECEMBER 2019, THE REG F OCCUPATION WILL SHIFT TO DIRECT ENTRY, VOLUNTARY OCCUPATION TRANSFER, AND COMPONENT TRANSFER. WORK IS ALSO UNDERWAY TO ESTABLISH A P RES COMPONENT TO THE OCCUPATION. DETAILS WILL BE COMMUNICATED ONCE THE P RES OCCUPATION IS APPROVED IN FALL 2017.
EFFECTIVE IMMEDIATELY, D CYBER FD IS READY TO ACCEPT APPLICATIONS FROM SERVING CAF NCMS WITH CURRENT OR PREVIOUS MILITARY CYBER-RELATED OPERATIONS EXPERIENCE OR WITH STRONG IM/IT RELATED SKILLS. APPLICATIONS FOR THIS ROUND OF SELECTION WILL BE ACCEPTED UNTIL 03 NOVEMBER 2017.
APPLICANTS WILL SUBSEQUENTLY COMPLETE A MULTI STEP ASSESSMENT PROCESS. NCMS WHO MEET THE OCCUPATION ENTRY STANDARDS AND HAVE BEEN COMPETITIVELY ASSESSED AS HAVING THE APPROPRIATE APTITUDE AND SKILLS TO WORK IN THE CYBER DOMAIN WILL RECEIVE A COMPULSORY OCCUPATION TRANSFER (COT) OFFER INDICATING THE CONDITIONS UNDER WHICH THEY WILL BE ACCEPTED INTO THE OCCUPATION. APPLICANTS NOT SELECTED DURING THIS ROUND OF SELECTION MAY BE ASKED TO RE-APPLY IN SUBSEQUENT ROUNDS.
INTERESTED PERSONNEL WHO MEET THE OCCUPATION ENTRY STANDARDS AND BELIEVE THAT THEY HAVE RELEVANT EXPERIENCE MUST COMPLETE AND EMAIL A NOTICE OF INTENT (NOI) FORM TO THE POSITIONAL MAILBOX AT P- OTG.DCYBERFD(UNDERSCORE)CYBOP(AT SIGN)INTERN.MIL.CA BY 13 OCT 17.
ONCE THE NOI HAS BEEN SUBMITTED, THE APPLICATION FORM AND SUPPORTING DOCUMENTATION ARE TO BE SENT VIA ENCRYPTED E-MAIL TO CPO2 WILLIAM R. NORMAN AT WILLIAM.NORMAN(AT SIGN)FORCES.GC.CA, CARBON COPY CWO MICHEL BOISLARD AT MICHEL.BOISLARD(AT SIGN)FORCES.GC.CA. OCCUPATION ENTRY STANDARDS, APPLICATION INSTRUCTIONS, FORMS, AND OTHER INFORMATION SUCH AS JOB DESCRIPTIONS AND OCCUPATION STRUCTURE CAN BE FOUND ON THE CYBER OP OCCUPATION SHAREPOINT SITE: HTTP://COLLABORATION- VCDS.FORCES.MIL.CA/SITES/DG(UNDERSCORE)CYBER/D(UNDERSCORE)CYBER (UNDERSCORE)FD/CYBER(UNDERSCORE)OPERATOR/SITEPAGES /HOME.ASPX.
REF D STIPULATES THE RATE OF PAY FOR NCMS WHO ARE COT TO ANOTHER OCCUPATION. REF E, THE CDS APPROVED TRADE GROUP SPECIALIST 1 PAY FOR SUBSTANTIVE CPL/LS WHO HAVE REACHED THE OCCUPATION FUNCTIONAL POINT, THAT IS ONCE THE ALJQ RANK QUALIFICATION IS OBTAINED OR WHEN A SUBSTANTIVE CPL/LS AND ABOVE IS AWARDED A TRAINING WAIVER FROM THE OCCUPATION AUTHORITY. THIS IS A PROVISIONAL ALLOCATION UNTIL THE OCCUPATION IS EVALUATED USING THE CAF JOB EVALUATION SYSTEM. THIS EVALUATION WILL TAKE PLACE IN DUE COURSE.
QUESTIONS CAN BE DIRECTED TO THE PREVIOUSLY MENTIONED POSITIONAL MAILBOX, SEARCHABLE IN THE GLOBAL ADDRESS LIST UNDER QUOTE PLUS D CYBER FD(UNDERSCORE) CYBER OP UNQUOTE.[
QUOTE 084 104 101 067 065 070 067 121 098 101 114 070 111 114 099 101 119 097 110 116 115 121 111 117 033 UNQUOTE.

The above, if converted from ASCII, translates to TheCAFCyberForcewantsyou!.  :rofl: Pretty slick.
 
It has been ten years since I almost went into the CF as a Signals Officer, and I just encountered a CF recruiting pitch for Cyber Operators at a conference this last week and decided to look into it through the Reserves. First step was the same as it was ten years ago - check out army.ca to see what you all have to say about it. I thought this thread would benefit from a bit of perspective from the other side of the fence.

Universal standards aside, it would not be realistic for me to join the regular forces because I have a wife and kids now and the pay cut would have a dramatic impact on our standard of living. We have gotten used to my current salary and it would be tough on all of us to make that transition so I have never seriously considered it.

That being said, I really do live and breathe this security stuff (when not doing family stuff/chores). I spend every free minute I have trying to improve my skills through learning or hands-on practice - nothing illegal, purely white hat. I would love to contribute to the CF mission in some capacity and would like to make the Reserves work if possible.

I don't know what it is like for you folks in the military, but in the private sector one of the main reasons these skills are so rare is that most people don't find it very interesting. Many are attracted to the romantic notion of "hacking", but the real work that goes into it takes a considerable amount of patience and practice. For example, in my experience around 2-3 out of every 200 software developers is motivated and interested enough to actually develop an expertise in vulnerabilities. It is these people that tend to excel the most at the "vulnerability research" skill, which is one of the important skills that the CF will need to recruit for if it is going to successfully expand its cyber capabilities.

That being said, vulnerability research is just one of many skills that would be required to develop an effective cyber capability and these skills do not necessarily overlap. For example, "digital forensics" is an essential skill in cyber defence but it has absolutely nothing to do with the skill of vulnerability research. I can only imagine how similarly rare the interest and motivation is to become an expert in that field.

My understanding is that the CF currently has a number of interesting and valuable people with some very potent skills, but is trying to grow that capability.

I can speak with the recent experience of hiring someone with one of the more specialized "cyber operator" type skills in the private sector. The salary was considerably higher than what the CF could offer and we do not have any additional requirements like fitness, drug test and clearance. It took almost half a year and was extremely difficult to find a single person to fill a single role. We had to bend the role a few times to make it work, a few of the offers were rejected because the candidates had been interviewing somewhere else at the same time and had received a better offer. The turnaround from first contact to offer averaged at 2-3 weeks. In the end we got someone good that I think will do well in the role, but it was not easy.
 
The Cyber Operator trade, in a single cartoon.

http://dilbert.com/strip/2013-11-28
 
Inspir said:

From the above link:
The starting salary for a fully-trained Cyber Operator is $52,584 per year, which quickly rises to $67,392 per year once promoted to the rank of Corporal
$67,392 yearly/12 months = $5,616 monthly

That pay rate is equal to the lowest rate of pay for a Corporal within specialist group one.

So, it looks like spec pay is confirmed.
 
I'm sure I'll take flak for this but it should be Spec 2.

Both industry and all levels of government pay their new civilians well beyond the Spec 2 range. The CSE pays 74k for a brand new Cybersecurity Analyst plus overtime. That roughly equates to the salary of a Spec 1 IPC 4 MCpl and reaches 87k without a promotion. The entrance requirements are no greater than those of a Cyber Operator. They're both looking for skilled members, regardless of post-secondary. Other sub-specialties of Cyber Operator pay well beyond Spec 2 and certainly Spec 1.
 
And to be hired on in those positions as a civilian requires you to already hold qualifications / knowledge / experience.

The military pays you to learn those skills through training & OJT.
 
dapaterson said:
And to be hired on in those positions as a civilian requires you to already hold qualifications / knowledge / experience.

The military pays you to learn those skills through training & OJT.
Bingo. Here's the actual CSEC posting:

https://www.cse-cst.gc.ca/en/node/1462

University degree and a lot of experience. An entry level CAF cyber operator will have a high school diploma and likely no training other than an interest in computers.
 
University degree and a lot of experience. 

Not true, nor does it say in the ad that's required. I know several people in that position without a degree or a diploma for that matter.

If the CAF wants to retain the people whose education they're investing in it would be wise to spend a bit extra on salary rather than lose them to another department or industry.


And to be hired on in those positions as a civilian requires you to already hold qualifications / knowledge / experience.

The military pays you to learn those skills through training & OJT.

Very true. It would be nice to keep that trained member in the CAF after the fact.
 
I've seen this train wreck before with the ACISS-IST Spec Pay debacle.

Train someone to Industry Standard, expect them to perform to industry standard, refuse to pay them remotely close to industry, lose trained person to industry.

Wash, rinse, repeat.
 
Neso said:
Not true, nor does it say in the ad that's required. I know several people in that position without a degree or a diploma for that matter.

Go ahead and apply with a high school diploma and no related work experience.  See who gets hired. Are those several people in those positions because they were ex-Comms Rsch pers with lots of CFNOC job experience or could demonstrate certifications from individual learning like CCNA? The CAFis going to hire people off the street with no experience and make them cyber operators. We should absolutely not be paying those pers what someone with job experience or credentials would get.

The delta is there until that cyber op is now a MCpl or Sgt making spec 1, pulling in over 80k a year with 5-10 years of experience.  They are not going to have a problem attracting or retaining cyber operators at spec 1.

 
Go ahead and apply with a high school diploma and no related work experience.

I don't know who you think made that claim.  :facepalm:
 
Neso said:
I don't know who you think made that claim.  :facepalm:
The current direct entry program has only college grads in approved programs, but is opening up in 2019. It looks much like the NCM-SEP program LCIS folks who went to st Lawrence before song their trade course. Therefore, they'll be hiring unqualified people and paying for their training, which means their starting wage is going to be lower than industry. Spec 2 would start someone out at the CSEC equivalent but without the CSEC "should have" requirements.

For background in the debate, are you going into or thinking about going into cyber op?
 
Interesting to find out that CSE and the CAF have similar overlapping duties regarding cyber and signals intelligence when they are part of the same department, DND. Yet they seem to work arms length from each other (kind of like two-tiered policing). Not really my area of expertise but it seems more like the CAF performs the collection of information and CSE does the analysis? Where do you draw the line of "this is yours, and that is mine"?
 
Inspir said:
Interesting to find out that CSE and the CAF have similar overlapping duties regarding cyber and signals intelligence when they are part of the same department, DND. Yet they seem to work arms length from each other (kind of like two-tiered policing). Not really my area of expertise but it seems more like the CAF performs the collection of information and CSE does the analysis? Where do you draw the line of "this is yours, and that is mine"?

From what I gathered at the C&E Cyber Symposium, the reason we have the separation has to do with international law, especially LOAC and the Geneva Conventions.

CSE is staffed by civilians, who do not wear uniforms, mainly working in a defensive role to protect our national infrastructure from attack. Although they are part of DND, they are not covered by the Royal Perogative to do anything offensive or anything outside our borders.

CAF Cyber Operators and other SigInt folks are uniformed parties to the conflict if we ever have to get into peer or near peer conflicts. They would be protected under the Geneva Convention and would be cleared to commit essentially Acts of War against other nations while being protected by international law.

Its essentially the reason CR-4 Janice from the BOR will not be manning the C6 any time soon.
 
Back
Top