The Department of Homeland Security (DHS) said this week it will hire up to 1,000 cybersecurity experts over the next three years to help protect U.S. computer networks. This was part of National Cybersecurity Awareness Month and the announcement was made by DHS Secretary Janet Napolitano, who also said they probably won’t need to hire all 1,000 experts, which is good because I am pretty sure THERE AREN’T ONE THOUSAND CIVILIAN CYBERSECURITY EXPERTS IN THE ENTIRE FRIGGIN’ WORLD!!!!
So I polled six old friends who ARE cybersecurity experts and they kinda-sorta agreed with me. More on this below.
But first I have to marvel that I even know six cybersecurity experts and — even more amazing — I’m pretty sure they don’t know each other. They seem to be like badgers, solitary creatures who only come out to mate.
They are cynics, too. One questioned the term “cybersecurity” as being inappropriate.
“(It) depends on your definition of expert,” said expert number one, who works deep in the military-industrial complex. “If you mean someone who can spell ‘cyber’ then sure (there are 1,000). If you mean those who know that ‘cyber’ is short for ‘cybernetics’ and has little to do with computers then probably not. I still occasionally use the title ‘Cybernetic Psychophysicist.'”
Sure enough, there’s a very detailed definition of cybernetics here and it doesn’t intrinsically have very much to do with computers or networks, though don’t tell that to the DHS without first taking off your shoes and placing the definition in a one quart plastic bag.
“Duh!” said expert number two who has spent his career at telcos and cable companies. “Of course. You got it right. I doubt there are 1000 in the world. There are a lot of wannabees, or folks who think they are…”
“Define ‘expert,’ said another friend from behind Door Number Three, who comes from the security software business. “(An expert is) a person with a high degree of skill in or knowledge of a certain subject. Great, but the question is all about scope. I may be an expert cook – but can I run a kitchen? Same thing with security there are tons of experts – in specific areas. I was an expert in AV, IDS, and other areas. But I was not the all knowing security guru. (even though my knowledge base was very broad). This is where we run into unintended actuated consequences. An expert will make a choice and take an action. The end result may not be what they had anticipated because of other factors beyond the realm of their expertise caused an unanticipated consequence.
“Example: I am forced to use low sulfur gas because the experts say it produces 20 percent less harmful emissions. Too bad they did not notice it has a lower power quotient then a normal gas blend. As a result I use 30 percent more gas that is 30 percent more expensive (and puts four percent more sulfur into the air).
“So I believe there to be less then 30 real experts in security, but there may be well over 500 subject matter experts and perhaps another 1000 sous-security people.”
Now I brought in the big gun — expert number four, an independent security consultant to foreign governments:
“My bet is that they are going to just pull the bodies from the Department of Defense and Department of Energy,” he said. “DoD has established a number of credentials required to be classified as a security specialist like CompTIA Security+, CISSP, etc. None of this stuff has any practical application because it is hardware/software neutral.
“Even if a government agency, (over 550 or them) allows you to sniff their network, are they going to let you evaluate the applications for bugs? I don’t think so. Without scrubbing the software with products like Ounce Labs (owned by IBM), what is the point of evaluating the network?
“Another item of great importance is a security clearance to do the work. This is where you will get only one brand of thinking; DoD or DoE clearance. This will prohibit the security “black hat” types from ever being involved in the project without coming from the DoD or Energy.
“So you will end up with 1,000 Security Managers in the government with Sec+, and CISSP certifications, talking to cisco, Juniper, CheckPoint, Tipping Point, Microsoft, Oracle, Ounce Labs, etc. security professionals at $300 an hour doing the actual work. That’s 1,000 jobs for window dressing, releasing reports that end up on Drudge Report listing the number of breaches in Federal Government Agencies.
“When you look at the private sector protection of data standards for items like credit cards you have real teeth in your regulations. You don’t have to take credit cards, but if you do then you need to be PCI compliant. Don’t want to be PCI? No problem we won’t allow you to use our credit cards. Where will that type of enforcement be with the wall of 2,000 eyes protecting the USA?”
No there won’t be (this is Bob again) because governments are required to provide services to their citizens. Even the DHS can’t shut down the government to cure a security breach, though I am beginning to believe they haven’t yet figured that part out.
“I’m not sure there are even a handful (of experts) with any sort of broad experience,” said expert number five, who is usually associated with security hardware. “There probably are pockets of them, with specialized narrow experience, e.g. in banking, virus or DOS attacks, military networks, etc.. And even if there were 1,000, what would they be doing on behalf of Uncle Sam?”
That’s a great question given that we as a nation can’t seem to hire and keep a national cybersecurity czar. So what are we doing hiring 1,000 experts given there is no boss?
While it is great to have a Cybersecurity Awareness Month, whatever that is, and it might be great to add a thousand “experts” to protect our nation, if you look deeper into this story it is for the most part BS or HS and, I fear, CS to boot.
Look, the number of CCIE’s with security as a certification is 2,300 for the entire world. Subtract the 50 percent who work for cisco, then 50 percent again for those not working in the field any longer, and you get 500 cisco CCIE Security Experts worldwide. The only way to get another thousand in three years is by training them. But in the last four months with 800 available seats to sit for the cisco CCIE Security exam only one person has passed!
The DHS is extremely unlikely to be able to find and train 1,000 cybersecurity experts in three years. Maybe they’ll come up with 100 (more likely 5-10), but the DHS environment will make it unlikely — very unlikely — that all of those 100 will stick around.
Secretary Napolitano says she might not need all 1,000, which to me says she is really looking for 3-5 people. And frankly that ought to be enough if they are truly experts and are both properly led and supported (which they probably won’t be).
So this is the wrong approach entirely. It won’t work, the DHS probably knows it won’t work (if they don’t know that, well God help us all) but they see it as better than nothing. That doesn’t worry me so much, though. What really worries me is the point brought up by cybersecurity expert number six, who himself came in from the cold:
“Sure there are 1,000 (cybersecurity experts),” he said, ” but they are already employed… as hackers.”
So this column is about the definition of “expert” and “cyber”. Oh well, at least it will start some interesting comments, this one excluded of course.
…and it made some great points. What is your point?
This article is a complete waste of time. To a non tech Civvy, an expert is someone who can program a VCR. Gov just needs savvy, exp. people to mind security, Jesus!!
This post is right on the money Bob . . . right on the money!
I realize my first post was too brief to be helpful or communicative. The point is, this is all an exercise in making the public feel safer, feel like their government is doing something etc.. Call it the “Big Placebo Pill” – kind of like the Aztecs sacrificing a few captives so everyone else can feel good about planting seed for next year’s crops . . .
For a $3K per diem, I volunteer to be sacrificed as a security expert. . . pick me, oh pick me, pick me . . .
Point should be made though that while in some cases a placebo can be a good thing, in this case it is just the opposite. the last thing the world needs is a feeling of security when in fact some of these systems (particularly those based on PCs) were designed so as to make security impossible to achieve.
Put an OS on an IC that can only be upgraded with a soldering iron. Let the core applications follow.
Sounds silly, but so was the notion that applications could update themselves without you even knowing it. I’m quite sure all the “experts” at DHS and elsewhere are so awash in the nonsense that is Windows that they will never be able to think objectively about the topic.
AH… the great CS versus EE/CE debate… which is better software or hardware… now we’ll drop security on it.
Who’s going to audit the code that will be programmed on that IC… if you need to update it, what method.. FPGA or some other firmware? Oh, you allow write access… hmmm, wasn’t there a recent BIOS exploit or two out there?
There’s never bulletproof security, there’s “close enough” – but you’ve got a lot of variables even in your simplest solutions.
Have some fun, read about the Princeton “cold boot” exploits… while it’s not exactly the same, it’s a hardware attack at a software problem. Also, how about data loss prevention (the actual goal of phishing) – are you tagging and classifying your data… are you using a software program that secures data at rest… oh, you say it’s secured via a TPM (trusted platform module) – there’s a hardware exploit for it… low voltage pin reset…
Seriously… the problem is, everybody is either macro or micro here… think of it, as I dare say, the security ecosystem. There’s a lot living in it… the goal of it is to be situationally aware of what is alive.
Ask your local company… something with a few hundred employees… does their IT team (let alone security) know what’s on their network.. hardware, software… others…
I’ve done vuln assessments on networks with nodes numbering in the tens of thousands… the most interesting find… a networked diabetes glucose meter in the health services network.. which, oddly enough was plugged into the regular corporate network… wouldn’t you want medical equipment somewhere else? Maybe a private hard line outbound…
eye opening!
Read-only is pretty damn secure against alteration and infection.
Too bad it’s so terrible when it comes to fixing exploitable errors in the hardwired code.
And if we step back and say “Hey a CD-R or DVD-R is read-only, cheap and easy to update, how about we put the BIOS on a CD?” Then we’re stuck with guaranteeing the cleanliness of the systems used to transmit the updated CD images and burn the image to disk.
And none of these solutions address the possibility that your Chinese chip fab has put spyware code into the silicon as part of their ongoing espionage.
The real reason engineers are paid the big bucks is we’re supposed to be able to make informed decisions about trade-offs like this, even in an environment like security where the goals and risks are moving around too fast to see. I’ve come to the conclusion that we need a technology analog to organic farming. This would be a scenario where you sacrifice some of the benefits of technology like cheap offshore manufacturing and internet and WAN communications for a more isolated systems environment that dramatically reduces your security footprint. Obviously this won’t be for everyone, but the concept should have wider application than just high security arenas like the military.
Expert at what?
I was once billed as “one of the nation’s leading malware experts” because I kill it the old fashioned way, booting to Linux or Windows PE CDs and finding rootkits by eye.
I’m still better at it than most people, but I’m out here fixing home PCs. (I thought I’d lose my edge when I “retired” five years ago, but it turns out that my customers collect the latest & meanest malware on God’s gray Earth).
My point is: what the hell good does removal do? Sure, I know as much or more about infested PCs than anyone else… but, in the corporate and government world, they can re-image PCs in twenty minutes. I don’t claim any huge expertise in preventing infections, just at removing them… and that’s no better than forcing folks to remove their shoes before boarding the plane.
When I first saw this, I thought, “Maybe I can get a government job!” Then, I realized what a colossal waste of time and money hiring me would be. (That doesn’t mean I’d turn it down…)
I think the skill is in knowing when malware is present so that something can be done whether it’s removal, a reimage, or preventing the same exploit in the future.
Well, that’s a skill I have.
Question is, why would the government care?
(My wife’s question is, to whom should I apply)?
Tom,
https://www.cert.org/jobs/6047.html
https://www.cert.org/jobs/5876.html
Bob, I think your column is a waste of breath: You clearly overestimate the meaning of Ms Napolitano’s word “expert”. In my five (admittedly limited) years of Government service, I’ve met a lot of “experts” and they were generally not considered as such because of their knowledge or experience, but rather because of their job title. If the Government wants you to focus all your energy on something, they simply call you an expert at it!
It is all of government that works this way (and NO that is not an over generalization). The government recognizes a problem – defined as a large number of people with know expertise and little knowlege are writing to Congress. They solve said problem by employing experts who identify their value by visability. Strip searching a 4 year old is not making you safer – it is making grandma, who travels 1 a year, “FEEL” safer because she sees something being done. Meanwhile, those of us who travel every week, now spend 1 full day (4 hours going and 4 hours returning – on a good day) waiting in lines and being search – so grandma feels better.
Same case here, its just cyber security instead.
Look up Bruce Schneier’s treatises on “security theatre”:
against…and for…
http://en.wikipedia.org/wiki/Security_theater
…at times, he’s not afraid to admit mistakes…
…and of course to make you feel better about him… there’s the alteration of the Chuck Norris Facts:
https://www.schneierfacts.com/
I see most people say this is all about “feeling” safer rather than “being” safer. Pare for the course for government activity, this is what Bruce Schneier calls “security theater.” Do a search on that phrase for some (amusement/scariness).
Bob,
Usually I agree with you 100% on most things, but gotta tell ya friend, this one is more bunk/BS than truth.
First, expert #1 blew himself out of the water with the silly answer about cyber being cybernetics, which you correctly point out has nothing to do with security. Whilst I also agree, the widely held view regardless of where the word came from for cybersecurity is ‘measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack’ and has been since 1994 according to Merriem Webster online. Thanks expert #1, we have some lovely parting gifts for you.
Expert #2 and his telco business is great, but if I only had to worry about the long haul routing and infrastructure, I too could be smug about the last ‘tactical’ mile and the clients application woes…. Sorry, don’t buy it. Off goes expert #2.
Expert #3 might be on to something…. except you Bob live in town that OWNS the security accredidation and policy group for the largest Navy in the world… tsk tsk. Expert #3 busted.
Expert #4, your big gun, is also full of bunk. As a guy who has worked with foriegn governments myself, most of them can’t even SPELL security let alone understand what it means. Physical access control? That’s a guy with a gun. Logical access control? What’s that? Role based access control? You gotta be kidding me right? Hell, most of the world doesn’t even take the time to encrypt their government transactions.
The whole sniffing networks and software bugs just tells me that he’s never been through a US government security accredidation for anything. As for the whole ‘you’ll just end up hiring $300 an hour contractors’… gee, did you think hard to figure that one out? She didn’t say she was going to hire them INTO THE government… just hire. What did you expect? Pllleeeezzz.
Likewise, there isn’t a standard employed in the DoE or DoD for that matter that isn’t WIDELY available to anybody that wants to use it on the FREE internet. Go to NIST, NSA, or look up the DISA STIG’s. The only reason you need a clearance is to ACCESS the networks and computer systems in question, NOT to know what the security policies and procedures are.
Sorry #4, you might be an ‘expert consultant’ at $450 a hour to your foreign governments, but either Bob grossly misquoted you or a security EXPERT you ain’t either….
As for your point about CCIEs, I refer you to Telco expert #2… routers (Cisco’s bread and butter) ARE sometimes compromised, but lets be real here… it’s the software and the USER at the end that are the biggest security problems. Don’t see how CCIE’s apply (even security ones), since security is only 1 part of an otherwise overpriced and expensive certification that nobody has been able to figure out how to bill enough for to recover the investment. That’s the reason people aren’t getting CCIEs in my opinion (just like their aren’t a lot of ITIL masters running around either… at $2500 a class plus a test for no less than 10 exams, your talking an investment of over $20k for something that MAYBE lets a contractor charge $25-50 an hour more for.) Bunk, bunk and bunk.
So, could she have stated it a little differently, sure. ‘We at DHS realize that security is important, and so under my watch over the next 3 years we hope to significantly bolster our security expertise.’ or some such. But your experts ain’t much here, or you took a little too much creative license with your questions and answers. 😉
I’m having a hard time seeing your point here, other than it possibly being “I’m so much smarter than these so-called ‘experts.” My main point here is that there really aren’t very many true experts in this area, so either they are corrupting the term or it is all simply for show. Either way we, as an intelligent public, deserve better. THAT’S my point and on re-reading your comment for a third time I still don’t see where you disagree. Please enlighten me.
Cyber security expert is sorta’ like saying a medical expert or a science expert.
Why couldn’t DHS have said they’re creating a cyber-security team or department, like the Air Force did a few years ago? Oh yeah, that doesn’t seem to be working out either.
Looks like no one can really define cyber security. Maybe it’s like pornography?
Is the mp3 version meant to be an intro or the full thing? I’d love a full length podcast, but as an intro it seems to me that it is kind of pointless…
I recorded the entire column. It was 8:14 long.
This download problem has been happening more often, especially on this website. The first download attempt gets the first few bytes, but it takes 2 or 3 attempts to get it all. Fortunately Bob’s mp3s are very short so re-downloading takes little time. I always display and check Windows Explorer’s final file size to see that it agrees with the initial notification of the file size.
If someone uses the appellation ‘cyber-‘ in a non-ironic way, it’s a pretty reliable indicator that he doesn’t know what he’s talking about, in my experience.
Also, the CCIE Security certification is largely centered around the two most overhyped ‘security’ technologies of all time – firewalls and ‘IPS’. While firewalls do have some use in front of client access networks (they’ve no place in front of servers at all), so-called ‘IPS’ is snake-oil, and has been since the first predecessor IDSes were invented around 15 years ago.
CISSP is a joke, of course; another pretty reliable indicator of cluelessness is someone listing his CISSP as a valid credential, rather than with some sort of self-deprecatory humorous remarks about how he was forced to waste time on getting the cert due to some inane job requirement.
Roland, do you have a chip on your shoulder or what. I’m sure you thought the professors were idiots and had nothing to give you when you dropped out of college.
Umm… speaking as someone with a cissp, yes, it is a joke. I know a few cissps who treat it as a holy grail (*omg* it was so hard, I had to use the full 6 or 8 hours, and I was sweating it blah blah blah) – but these guys are generally out of work, or are too full of themselves.
OTOH, per my ex-boss – it’s not about what is the right answer, but what was the answer given in the official book.
And it has mistakes. Go look up the definition for ROM in the official CISSP text book, and tell me that’s not wrong.
I’ve been interested in computer security for years. Lost my job a few years back, so I took a CISSP course, and passed the test. Made no difference in finding a new job, so I have since let it lapse. However, I learned some surprising things during the certification process.
First, CISSP is not particularly computer-oriented. The year after I was certified, they came out with sub-specialties, so I can’t speak about those; however, the general CISSP is mostly focused on “Security” in the broad sense, and specifically from the Corporate viewpoint. In that regard, it was actually quite an interesting education in broad business/corporate security concepts. It would probably be a pretty good thing for administrative and operational executives to have, as it mostly involves knowing the jargon, the broad concepts, and understanding the relationships of the many domains.
Second, the actual computer-related stuff is mostly outdated, and often flat wrong. Paraphrasing one of the other commentators, “…the correct test answer is whatever we said it is, not what actually works in the real world…” There were a number of actual test questions where this was the case (my prep instructor was computer-oriented too, and specifically warned us about several areas where this would probably happen). We were specifically taught outdated and incorrect information in some areas where I actually am a subject “expert”.
Finally, while I have found the CISSP itself to be a worthless cert, the broadened outlook on security in general has changed how I view many computer-related security issues. An interesting example is the “official” purposed for Database Views. To me, this was previously a coding convenience and (mostly read-only) data-organization tool. To the CISSP, a View is a security mechanism designed to restrict access not only to certain type of data, but also to the metadata about what tables and internal integrity-checks exist. A fascinating concept, which incidentally shows that MS-SQL Server is “broken” when it comes to Views (at least, from a CISSP security standpoint): changing the structure of underlying tables requires rebuilding a View, which causes some degree of information-leakage about the schema. Ideally, the end-users and low-permission programmers would never notice a change to the underlying structure when accessing a View. Not that this is a big deal per se, but it is an example of how the broader perspective changes the evaluation of available tools.
Like I said, probably more useful for CIO’s and senior management, than for actual computer security developers and administrators in non-DOD environments.
Well, if you hold the CISSP and you are willing to state that
it’s “a joke”, you have violated the code of ethics you agreed
to when you accepted it. So in all good faith you should contact
the ISC2 now and let them revoke your cert.
WOW! I never knew that having a CISSP was such a scarlet letter! I wear mine fairly proudly and wear my 35 other certifications when needed. Are you telling me that the 4 years of working in security and then taking the test, and then renewing it twice was all a waste?!? OMG!~ I can’t believe I wasted all that time…Now…obviously I was being sarcastic there. I would be willing to bet that Mr. Dobbins don’t have a CISSP and probably failed the test several times in order to develop his nasty attitude about it.
Um. Yeah. Having to actually point out that you’re using sarcasm. Perhaps you WERE wasting your time.
“But first I have to marvel that I even know six cybersecurity experts…” That was my initial reaction too. 🙂
My employer has embarked on a fancy security plan that seems to keep them very confused pretty much all the time. I’m not sure they’ll ever get through it. There seems to be as many opinions on how to go about it as there are “experts”.
I don’t remember where I read it many years ago but I love this line: “An expert is someone from out of town.”
[…] US DHS call for 1,000 cyber-security experts…are there 1,000? We caught an interesting blog post by Bob Cringely of “I, Cringely” discussing the Department of Homeland Security’s recent announcement that they would be hiring 1,000 civilian security experts to help protect the nation’s vital information infrastructure. Security is complicated business and Cringely points out that there may not even be 1,000 true civilian “experts.” […]
I agree that there may be an issue with the definition of expert, but I also doubt that we’re supposed to read into the claim of planning to hire “up to 1,000 cybersecurity experts” as anything more than “we’re going to dedicate a lot of people to the task of trying to secure remote access to resources critical to national security.” (Which isn’t really saying anything, because hasn’t the DHS been doing this all along?)
Besides, I wouldn’t expect the government to reveal meaningful information about the cybersecurity strategy they intend to employ to counter cyberattacks from malicious parties. The hiring plan announcement is clearly all about appearing to be vigilant and proactive to the public.
Great post Bob. This is the kind of analysis the news media never do when reporting a story like this. Perhaps showing the need to get some experts in to help them, if there are any left!
Good article Bob.
Some commentators are a bit trusting.
The US VP is a member for Hollywood.
Look at one of the IP bills he proposed.
Cyber-security, whatever the definitions, now means public networks to general public and their represententives.
Expect the hired “experts” to be tracking BitTorrent for movie downloads while the pollies babble about national security and SQL injection and bad server configurations continue.
Wouldn’t a better approach be to hire a real expert to analyze the situation before jumping in willy nilly? This sounds like the mythical man/month applied to security!
Network and application vulnerabilities are indeed big problems, but they are only some of the trees in the forest. I’d prefer for somebody who has a large-field gaze, like Schneier, to lead this, but then again, he’s probably the first one to realize what a Potemkin operation this will turn into.
I’m pretty sure he’d banish the word ‘cyber’ though–that would be a good start forward into the 21st century.
Of the dozen or so meanings of the word, I take it you’re referring to this Wikipedia meaning:
“Potemkin village” has come to mean, especially in a political context, any hollow or false construct, physical or figurative, meant to hide an undesirable or potentially damaging situation.
We got the gist, regardless.
I believe the whole notion of “1,000 experts” is laughable just from its vague nature.
It harkens back to the Chinese phrase “the ten-thousand things,” which means the uncountable – the universe.
It sure seems convenient that we needed exactly a thousand. Not 900. Not 1,100. Nope, a perfect thousand.
Don’t even know what we NEED them all for, just yet. But we need a thousand of them.
Even if there were 1000 and they wanted to work for DHS, DHS would not be able to hire or keep them. The bureaucratic delays and roadblocks in the hiring process would drive many away. Government pay for technical types would be another barrier. Those hired would have to learn that the first priority in the government IT security world is the paperwork exercise called “FISMA compliance”. Best would be to identify people with needed skills, hire them as contractors, and get out of their way – fat chance.
I’ve got to agree with #4 about the uselessness of “experts”whose only experience is getting a certificate.
As a fed in a low-level IT security position, I just hope I can retire before OPM’s plan to make us all get certs goes into effect. It’ll be such a waste of (taxpayer) money and to no ones’ benefit other than the companies do training & testing.
I can’t believe it when ISC2 refers to their Common Body of Knowledge as “a mile wide and an inch deep”. Who (with any real knowledge of the iisues) could possibly justify hiring an “expert” whose major accomplishment has been to win a round of “Trivial Pursuit: IT Security Geek Edition”. Rote memorization of meaningless trivia does not make an expert.
Making me get a cert will not give me one single, useful, tool to help me accomplish the things my boss thinks I should be doing (or to actually improve IT security).
Take a step back and look at the larger picture. What is the biggest security threat right now that spans most of the computers on the Internet? It is Microsoft Windows and it’s security history (yeah even recently since 2003 and their revamped attention on security — six years later and still nothing changes) has been horrific. What OS are those botnet machines running? Sure there were a bunch of Mac’s on a botnet recently but thats just because they tried to steal a pirated copy of iWork that contained a trojan. Most of the Windows zombies were targeted via web browser vulnerabilities or malicious spam and let’s not forget those popup advertisements that look like a dialog box! I’ve found some really really nasty spyware using rootkit technologies, keyloggers, etc. It’s a heck of a lot harder for spyware to target a Mac or Linux computer, but as long as you’re not running as an admin or root account, then you simply will not get infected like a Windows user can.
“So this is the wrong approach entirely. It won’t work, the DHS probably knows it won’t work (if they don’t know that, well God help us all) but they see it as better than nothing.”
Then God help us all. I seriously doubt they know how ridiculous that 1000 number sounds or what a security expert is.
We are at the mercy of ignoramuses, and that is true (regardless of party affiliation) with each new Federal pronouncement on the subject (Network Neutrality fits into the mold as well).
These people are “true believers” regardless of whether they support limited government or an ever expanding one.
Of course if you want to posit that those at the top are fully aware of the situations and are simply putting on a show to retain their safe, well paying jobs** at our and our children’s expense while accomplishing nothing of true value, then I’d say the situation is far far worse.
** not to mention creating up to 1000 new ones for family and friends.
I am an expert, but there’s no way in hell DHS will hire me as a result of this announcement. I know better… HEH. blackhat to the bone, no question about it! w00t
PS:
Have you considered that this is little more than an effort to keep DC unemployment at the 2% level?
Where is your gratitude?
The prefix “cyber” existed for a couple thousand years before “cybernetics”. So making a semantic argument on that point is kind of moot when your expert doesn’t even have it right. Cybernetics is no more right or wrong of a term than cyberspace. An “I’m so smart” argument based on that is one of the problems you have in dealing with some people in the tech industry. They’re so caught up in semantics and showing how smart they are, they’re oblivious to reality.
An astronaut doesn’t go to the stars. There were next to no rocket engineers in the 50’s. Yet by the end of the 60’s the government had astronauts and human space travel.
Unless your point is that the government shouldn’t even be trying to do internet security, I have no idea what it actually is.
Agree completely. I’m not sure what Cringely’s point is here.
There is no myth here. The key is to hire good people. Never hire below the average for your target employee. How do you get this done? Pay well.
In order to understand the word “expert” you have to break it into its component parts. “X” is a mathematical notion denoting the unknown. “Spurt” is a drip of water under pressure. Therefore, an “X-Spurt” is an unknown drip under pressure. In my personal experience (which includes Security CCIEs), they are way in over their heads in the real world.
I once worked for Bell Labs (yes the former 1% of your phone bill research company). They hired numerous PhDs, often supervised by less technical management types. Yet no one, not even Claude Shannon, would be called an”expert”. They were referred to as “specialists” which still seems to be a more apprpriate choice of words.
there are expert cryptographers, expert software security folks, expert network security folks, expert network/system operations folks, expert pen-testers…. all of these folks know that if someone comes to them asking for a cybersecurity expert to politely decline. its an overly broad term that hints that the requestor doesn’t really understand their own requirements, and any engagement will likely end up in failure as the job they end up in will be outside their actual area of expertise…
True…
The idea should be here is to hire a few good leaders (possibly good folks who’ve come up with some broad experience and a willingness to help the government) and have them pick the crypto experts, the forensics people, IDS and SEIM jockeys, as well as a few good R&D folks to work together, across agencies to get purview on the goings-on in the “cyber” world. You’re not going to find 1,000 of these broad folks, but those 50-100 which may be able to drive (with some incentives – like a GS14/15 or SES spot) the mission that can worry about the work and less about what they are giving up in pay in the private sector.
Bob (and other commenters) have also missed the idea of security architects, a spot advertised as having those skills. Some come from the network side, others from the application side, even others from the policy side. I posted below, you’ll most likely need to form a team rather than just have a single leader… defense in depth AND breadth. I can’t tell you how often the policy side of the shop (C&A and so forth) were out of touch with the operations side… let alone understand how these were actually affecting business, customers and general staff/users.
I suspect the government wants someone who is an expert at using the “specialists” to solve the problem at hand.
[…] Cringely, though has a tremendous riposte. His contention: “there aren’t one thousand civilian cybersecurity experts in the […]
Bob,
You want 1000 cleared folks who actually understand computer/network security issues? I think there actually may be that many in the country, but 600 of them already work for NSA or other security agencies.
Hiring 1000 new ones is a dream. Even withing considering how hard it would be to get them to accept a GS-13 pay rate.
Part of this is a repost from Logan’s Run and part is new.
Effective use of expertise is intrinsic on two principles in this case
1) The real ramifications of ignoring sound counsel
2) Trust in the Enforcement of Law
1) Experts are in the gap between Decision makers and the actual implementers providing counsel to the first and guidance to the second. However current political and economic issues really are inhibiting the true solution.
No one in the USA is really wanting to point to the root to solve all the security problems which is the Internet as it operates today and Modern Operating Systems are unsafe at any speed – to paraphrase Ralph Nader.
Point by Point lets look at a real world system – the simple mom’s minivan. If you step back and compare the engineering, safety and regulatory compliance inherent into the design lifecycle of a minivan bought off the lot today and compare it to those of a laptop the average bought off the shelf today to bank/buy something, some interesting deficiencies are evident.
The experts can not put teeth into the real systematic upheaval that is necessary to keep Globalization on path. Damage Compartmentalization, tracking and recall of suspect or failed parts, safety cut-offs and other systems used in real scenarios are just not implementable with the hardware/software vendors today. For years the consumers have been lulled into “patches” work. No one has ever questioned that. When will businesses and consumers revolt and demand their data equipment/software work out of the box like their cars. To many recalls/patches to rational people should give them a clue to stop implicitly trusting that vendor -not blindly trusting them more!
Other examples is: Why would a business think running business/banking transaction in the same space as unsecured traffic sound reasonable? The internet was designed to enable Military CNC post catastrophic event and faced probes and occasional direct attacks by state agents. The Internet simply was not intended for commercial business & banking which is constantly under probes, attacked hourly by Internal threats as well as by DEEPLY funded Mafias which have motive and money and are justing waiting for opportunity.
Ask any banker how many expert recommended physical security mechanisms a bank has it would not be below 12. Ask how many expert recommended policies/regulations for physical security it would be 100’s. Ask how many physical,policy,regulations for internet login to a clients bank account on the laptop he just bough it would be 5: Passive Logging, Meak Crypto, UID, Meak Password, and limit on the amounts that can be transfered.
It is done on a “untrustworthy” clients machine that the business/bank never can assure has not been hijacked, spoofed, or turned by malware. The onus is on the consumer to watch their statements and check for ID theft.
I’ve had many clients wince when I tell them that their system MUST suspect every business transaction made over the internet AND Intranet and distrust EVERY client that connects to their organization.
If they realized they already do this to every customer that comes in the physical door it would go over smoothly. From the moment you enter the parking lot your are filmed, you can be flagged to be watched by security, the customer’s transactions are tracked for markers against the possibility of fraud in progress, they are filmed going out of the business and BEFORE the cash till is balanced that night many other checks for fraud are already done or in progress: Inventory Controls, Counterfeiting checks, Verifications for Customer abuse of returns/sale items, Employee theft/fraud checks, Customer ID fraud checks, and many more.
Business owners wince when you tell them how much the such real world analogs to their etail/banking software will cost them. They often will game a gamble and go cheap. Distrusting expert security counsel ought to be a major penalty when the crime/fraud is uncovered. When was the last Financier/CEO terminated and imprisoned for ignoring his CIO or his security expert?
2) I ask you. If somebody is entrusted to run my company IT or whatever and he/she sells out my data/passwords to my competitor and destroys my company or if someone criminally attacks my company what happens next?
Why yes, I _sue_ somebody but the guilty will not likely or never get prosecuted in his country. The US isn’t good at prosecuting computer crime, computer Spies/Traitors are hard enough to prosecute. The same if the IT guys were told do a shabby job, don’t deliver on time or the product is just plain flawed. So its really impossible for Criminals, Companies or the individuals they employ to be “criminally punished” other than in economic terms.
Indeed the USA is becoming more morally corrupt but as a citizen I hope that if my management/coworkers are caught being bribed, taking kickbacks, fraud, employee theft, etc they go to jail, prison and/or get their assets seized and forfeited as ill gotten gains. If they pollute then my kids in the neighborhood beat up their kids in the neighborhood. I can stand outside their yard and protest at their house. Domestic/International Mafias are untouchable at the moment unless they get involved in terrorism or tax fraud. But in any case all this breaks down under the system in place now.
This is necessary to society if but to preserve the Trust & reputation of the industry or industry practice. If customers don’t “trust” the enforcement of law between companies who do you think will still be doing business?
TRUST, which is impossible to buy, was really once THE hallmark of any businesses you’d want to do business with. They have lost it because of investor greed and mismanagement.
John Dillinger was the best thing for Bank Security as it forced the Banks to become physically secure because people had lost TRUST in them which had to be rebuilt over time. The 21st century John Dillinger is operating out there today with impunity and no one is questioning the Banks and Businesses about the costs being passed on to the consumer.
Lastly it was said that Bernie Madoff used his IBM AS/400 to pull of the ponzi.
No one in the IT industry is admitting to selling/maintaining that gun which put the bullet into the life savings of so many people! It is shame upon us – the IT industry- we were collectively depraved by greed for turning a blind eye to what wall street is doing with the invention of the spreadsheet.
Isn’t this like saying “guns don’t kill people, people do.” Cybersecurity is not intended to keep people from committing crimes on the equipment they bought and own. We can’t implement computer controls and enforce a 5 day waiting period while a background check is to be done.
God help us!
A degree, a position in a high-flyer company, a self-inflicted title (like “expert”), these are nothing useful once you must resolve actual problems.
Those “experts” advocate for larger budgets, more staff, more security layers, more clueless (expensive) stuff.
Sadly, the DoD, like NASA, is a job project. It is all about inflating budgets to pay an endless number of people join the growing overhead of a pointless (from the security point of view) organization.
“Intellectuals resolve problems, geniuses prevent them.” Albert Einstein could teach a thing or two about experts.
“He who can does. He who cannot teaches”.
George Bernard Shaw made it clear: if you really understand the matter then you really make the difference -to the point that everybody will notice.
Here is one example of demonstrated insight:
The TrustLeap G-WAN web server’s ANSI C scripts (108 KB of portable user-mode code) are 5x faster than IIS 7.0 ASP.Net C# (in kernel).
It’s also 120x faster than Apache/Zend PHP.
It took only 3 days for Microsoft to notice (and send its dogs to attack the too-gifted newborn).
How the “experts” are welcoming such a nice tools? They censor it systematically because it does not server their cause. G-WAN makes them look inefficient and unfair.
After 3 months (and tenths of thousands of attacks), G-WAN is still up and running. Not a single vulnerability was found -a record in computer-science history.
“Experts” are not security for a single reason: if they were capable, they would deliver -and nobody would need them again (because all systems would be safe).
Security is a job project, nothing else.
[…] The Cybersecurity Myth – Bob Cringely […]
Hi, Bob. I’ve been an avid reader of yours for a very long time now and never posted any comments…
I think you make a valid point, but there’s one I think you’ve missed. Even if there were 10,000 bonafide experts in the world, it really wouldn’t matter. The Federal government thrives on politics and more than in the private sector by a long shot, federal employees have a thing about building their own empire and protecting it with their lives.
I find it very unlikely that an entity like the Air Force or Navy would allow a DHS “expert” to even connect to their networks, let alone sniff, troubleshoot, evaluate, etc. In most of these organizations, there are entire armies of their own (contractors) who manage their little corner of the world and their balance sheets depend on it. An order from the President himself might get you a connection to the network, but I’d bet my own life that every step of the way would be an uphill battle, and most likely a losing one.
Even if you could consolidate ALL connectivity, from every branch of government, including DoD — You would still have politics fighting over just about everything.
The point being — this is a *people* problem and not necessarily a technology problem. “Social Hacking” poses as much of a threat as lax technical security but both are less of a problem than the politics behind “who owns/controls what..”
Eric… they do have a program:
EINSTEIN:
http://en.wikipedia.org/wiki/Einstein_(US-CERT_program)
and TIC:
https://www.whitehouse.gov/omb/memoranda/fy2008/m08-05.pdf
[…] DHS wants to hire 1000 cybersecurity experts. Too bad there aren’t that many and NSA is poaching a lot of people anyway. In my world “expert” must mean something […]
While I will never claim to be a Cyber Expert I have fought more than my share of security problems, AND I have often been unimpressed with the skills of the so called experts.
My approach to security is driven by a few sayings:
A stitch in time saves nice.
An ounce of prevention is worth a pound of cure.
“Show Me”
I am also a firm believer in the Scientific Method as a way to find the cause of problems and separate facts from fiction. When you truly understand how things work, it is easier to secure them.
Most security experts and auditors come in with a checklist. Checklists are usually based on past threats and do not (and can not) anticipate the future. I prefer to prepare for the unexpected.
John
Bob,
I’ll try to keep it short here, having read your post earlier today and then having to think it over a bit during lunch.
I can take issue with a lot of your assumptions and examples, but the largest faux-pas was thinking “cybersecurity”/”cyber security” (depending on who you are) referring to strictly focusing on one or two practices within the realm.
Dragging out certifications and calling people experts (or lack of being experts for not having one) is a bad precedent to set. A CCIE, offered by a product/service vendor, does not guarantee you that you’re a security ninja. It’s network focused, which is fine, but there are other things to consider. a CCIE doesn’t get you an understanding of (and a CISSP even less so) malware, spam mitigation, computer forensics, social engineering, and a multitude of other concerns that permeate this field. You never touched on the big business term driving all of this, which is risk mitigation. All those folks pushing quants on Wall Street will eventually push into this realm and make folks who do C&A for FISMA and DoD/DISA certifications loose sleep over metrics and other nonsense without having a clear goal in mind of what you’re trying to measure.
Second, security folks are not badgers who survive on a lone existence, toiling in the dark rooms of their parents basements. Pop into a DEFCON, BlackHat, ShmooCon, ToorCon or a multitude of other security “festivals” and see that security folks, on either side (even grey/gray) are very social and in to sharing their latest attack and/or defenses. This definitely shows your lack of understanding of the field and the people who staff it.
I do agree that DHS will most likely go about it the wrong way, and we’ll get clueless leads/managers/ISSMs that will muck up the process, losing sight of what should be done (that’s a whole other blog response there). Yes, the two major posts for managing cyber-security within the government are vacant (besides the chief, the US-CERT is also down one director)… and they are less day-to-day operational and planning and more political. What they need to fill, at least a number of those 1,000 posts, are folks who have the breadth of experience to understand what it’s like to protect an organization… the defense in depth mentality. This also encompasses developing realistic security policies and education for the masses (see your cartoon) that don’t inhibit work, but work together, efficiently. All to often, people appointed to security leadership posts are like a parakeet in a cage, distracted by the shiny mirror and toys, not understanding that it needs to be a holistic approach and not just something driven by the latest scare, news story, or what your neighbor CISO/CSO is doing.
There are a lot of specialists, and power to them. If I get a job where I’m a lead or at least in a position to staff a security practice, I’ll hire them. Others, you don’t need to be an expert, but need to have a head about you to think through a problem. Some of the three most important qualities to have are the ability to remain calm in the fray and ability to ask for help and the willingness to learn. Very few people can be open minded enough in a situation in order to process what’s going on and realize when they are in over their head… use your team, leverage your skills efficiently, and know when you’re outgunned. That’s the time you need your high priced consultants, but choose wisely, because often the skills don’t match the price tag either. Know what you want and what you need to get it… keeping calm, being up to date on things (a situational awareness) and understanding you may not be able to solve every problem will eventually lead to success. Too bad everybody wants a silver bullet, and barely has the skills and temperament to load the gun, let a lone fire it.
Cheers, and good luck with the pulpit.
[…] https://www.cringely.com/2009/10/the-cybersecurity-myth/ a few seconds ago from kdemicroblog […]
[…] Microsoft-dominated DHS speaks about hiring an army of security people to address this issue, but Cringely explains why it’s unrealistic (to put it kindly). “I’m not sure there are even a handful (of experts) with any sort of broad […]
Bob,
Great post. I would disagree only on the point that InfoSec “experts” are unaware of each other. In fact, we are so few in number that we tend to know each other pretty well. We often say that there are 800 security professionals in the world and 800 jobs. Consequently, the industry rather incestuous.
Individual experts are not what they once were. There was a time when one could claim expertise across the various sub-disciplines of InfoSec — AAA, IDS, vulnerability management, penetration testing, PKI, etc. But the field and grown and with it, the ability of any individual to keep up has changed. Expert InfoSec generalists no longer exist.
InfoSec is a group activity — not an individual one.
What we need are not armies of individual experts but expert teams. Ten years ago I might have considered myself and “expert” (some would disagree 🙂 ) but I no longer find that to be a useful term. There are simply to many domains of expertise withing InfoSec. The security “rock stars” have been replaced with well-rounded teams of deep knowledge and skill, organized to be agile (and Agile).
Great InfoSec teams are vigorous learners. They understand what is important and what is not. They speak business and technology. They know when to change and position themselves to do so quickly.
Here’s a quick primer on government hiring. “1000 cyber security experts” means 1,000 billets authorized to hire people against. These people are filling roles from a few ACTUAL cyber-jockeys to their managers, to IT, travel, and HR, etc etc etc. This number might point to the hiring of about 10 actual experts on computer security and a lot of associated support staff. The government can’t afford to hire most of the really good people, so they contract them out. That takes contract managers, finance people, CORs, COTRs, etc etc.
Then there are the analysts. You don’t have to be an expert on computers past microsoft word to read message traffic and report it up the chain.
[…] thx, Cringley […]
At least a dozen of the guys I know from uni are working as cyber security experts (about half in non-government roles). I’m not saying they are brilliant, but they do know their stuff. If this is any indication, there must be tens-of-thousands of cyber security experts out there. FAIL.
I see some specious reasoning in your article that I think bears mention.
1.) Cybersecurity = cybernetics security. That’s a completely fair assumption based on basic rules of etymology and yes, it means nothing. It means nothing because that’s not the root of where (I will postulate) that term originates. I believe it is spawned from a neologism taken from fiction – specifically William Gibson’s creation of the word “cyberspace” in his novel Neuromancer. I’d like to think more people involved in computer security would know this. The experts I know do.
2.) You try to illustrate your argument by using a low percentage of Cisco certifications as some proof that there aren’t enough “experts”. If you knew anything about IT and Security work you’d know that there’s a lot more people who are in fact the de-facto experts in these areas by the mere performance of their daily duties and the “other duties as required” work they do. Many of them can’t afford the time or money to sit for these exams and many employers wouldn’t consider paying to allow them for a myriad of reasons (fear they’ll leave, etc.). This point made me laugh. I guess you had a deadline and thought no one would notice? I’ve read your stuff for years Bob – you’re better than this.
As for other security certifications – I agree with Roland Dobbins and goodb0fh (previous commentators). The CISSP means very little. I can state from personal experience that most high-profile companies out there will actually count a CISSP certification as a mark against you if you tout it up front. When I’m hiring for a security position I will too. It’s knowledge, experience and mindset that will win the day. The fact that you took a test (filled with the previously mentioned errors) does not make you an expert. The only valid use of that certificate that I’ve seen is when trotted out by a consulting firm that wants to convey they have accredited staff – the customers don’t usually understand what the practical meaning of them are – they’re just a marketing item.
Whenever I see someone defend it, they just don’t know the joke is on them.
Plus ca change …
http://en.wikipedia.org/wiki/Maginot_Line
CCIE != Security Expert. It means expert in CISCO. Knowing CISCO does not mean knowing security. I think that Network and Infrastructure Engineers do not make good security professionals. They are trained to open connections, and not to secure them. I worked with CCIEs who were a waste. They could not put together a security plan or diagram, they could not complete major security project because they did not have any project management skils.
Let’s for the moment be realistic about what DHS would consider a “security expert”. If you are hiring 1,000 people you are looking for people to do the hard every day work, not uber-geeks like your six friends.
To come up with a “number of security experts” based on what DHS actually needs you should do something like this:
Every large corporation (1,000+ employees) has at least one firewall, one IDS, and one AV person on their staff. In my experience they have a security team of on average 10 (a convenient number).
So, the Fortune 2000 employ 20,000 security experts suitable for helping DHS. Hiring 5% of that civilian crew would be feasible, although the pay grade is probably what a 3 star General makes.
So, your point is taken. It might be hard to find 1,000 Bruce Schneiers (hard to find two actually) but DHS needs security pros, not “experts”.
I think it’s pretty funny that #4 holds up the PCI-DSS as the acme of security standards. I don’t claim to be an expert but the standard could never be described as overly ambitious and regardless we seem to have a steady flow of payment providers (nominally in compliance) donating large number of cc’s to the criminal fraternity.
[…] Robert Cringely thinks cybersecurity experts are thin on the ground, so we’re all doomed. […]
The only thing I’m an expert in is Freecell.
Not only don’t I doubt there are 1,000 “cybersecurity experts” in the world, I doubt there are more than a dozen across both DOD and DOE. Simply put, the security protocols of those agencies is so blatantly ass backwards that no one with even a shred of knowledge in the subject would stand for it. Even the physical security of devices can’t pass muster. Care to wager on how hard those nets are to hack?
A security “expert” would be someone that has more than half a clue with respect to security who already have a job elsewhere and are too smart to take the big pay cut to work for the federal government. So, by definition, they will not be able to find 1000 of them to hire. Q.E.D.
I think the definition of “cybersecurity” is derived from “cyberspace” rather than from “cybernetics” (the former in turn being derived from the latter). One definition of the former appears here:
https://www.webopedia.com/TERM/c/cyberspace.html Since “cybersecurity” would presumably then mean security in (and at the perimeter of) “cyberspace”, DHS would not appear to be out of line. Sorry if the culture the actual world doesn’t conform to that of Principia Cybernetica, but I think you’ll have to learn to live with it. At least until you either (a) get the Department of Motor Vehicles to change its name to Department of Engine Vehicles or (b) ban engines in favor of motors — the latter seems far more probable at the moment.
[…] feeling pretty good about this. Then, I read IT pundit Bob Cringely’s article entitled “The Cybersecurity Myth“. He contends there aren’t 1000 cybersecurity experts […]
[…] would increase the chances to reach the number of professionals to be hired. In the article “The Cybersecurity Myth” by IT pro Bob Cringley he questions the availability of the 1,000 cybersec […]
People misunderstand the terminology used by goverment and corporate america. “Expert” does not mean “Highest Skilled” in hiring today. “Expert” means “lowest cost”. The government will find 1000 newly minted CISSPs willing to work for minimum wage.
Don’t believe me? Go read DOD 8570. Security+ is considered a security certification, but the CCIE Security is not.
cctv surveillance
Entschuldigen Sie, ich habe diese Phrase gelöscht
[…] I could get to it, Bob Cringely wrote almost everything that I was going to write in his blog post The Cybersecurity Myth – Cringely on technology. (NB. Similar to Bob’s correspondent, I have always disliked the term […]
Hello, probably our post is off topic but anyhow, I have gone surfing around your site and it appears extremely professional. It is obvious that you know the topic and you seem passionate about it. We are constructing a fresh site and I am striving to make it look good, and also provide quality website content. I’ve gleaned a good deal visiting this internet site and also I anticipate more posts and will be back soon. Many thanks.
It seems like the Department of Homeland Security is really trying to beef up on cybersecurity. In my honest opinion it is a smart move.Thanks for the article.
Love the blog, found it in bing, how do I subscribe?
Ive been following your blog posts for quite a few weeks; and im enjoying reading most topics.
Bob
You allow open comments. This means that you have spam in this comment thread (and probably others). You might like to consider implementing some form of captcha.
Excellent post, I’m a huge fan of your site, keep on posting that great content, and I will be a regular visitor for a long time.
Bob,
Don’t worry, DHS is not actually hiring cybersecurity experts. It’s just whoever they feel like hiring. We should all feel relieved that there won’t be 1,000 real cybersecurity experts stuck in DHS mismanagment purgatory. The cyber world would have been much less secure…. 🙂
Most teeth whitening products on the market are made of up Peroxide which can increase tooth sensitivity.’–
Hello, this is my first time i visit here. I found so many interesting in your blog especially on how to determine the topic. keep up the good work.
http://designbydani.com/girltalk/?p=1492
Hi, Natural Penis Enlargement – GetBiggie has a good guide on how to increase your penis size by 1-4 inches using natural safe techniques.
There exists obviously a great deal to understand about this. I feel you produced some very good details in Features also. Preserve doing work ,wonderful job!
OMG..FarmVille…please…don’t try to remind me that name…It’s actually addicting for such a senseless game lol I hate it..but I love it at the same time. 🙂
Definitely actually very good weblog publish which has got me considering. I never looked at this from your point of view.
Good read. A good quick read.
Don’t worry, DHS is not actually hiring cybersecurity experts. It’s just whoever they feel like hiring. We should all feel relieved that there won’t be 1,000 real cybersecurity experts stuck in DHS mismanagment purgatory. The cyber world would have been much less secure…cheap VPS
the best soldering iron tip are those that are made up of iron coated with copper.,*
This is my second visit to this blog. You have done a admirable job.
Great Information, thanks for the fine Article. Really great topic to write about on my blog. I might set a link from another Website. Medical Cosmetic cures
I can see that you are an expert at your field! I am launching a website soon, and your information will be very useful for me.. Thanks for all your help and wishing you all the success.
With regards to exquisite luxurious autos, the Europeans retain the leadership, due to such famous brands as Rolls-Royce, Range Rover, Aston Martin, and Maserati. Experience luxury, love life.
Most people give up just when they’re about to achieve success.
i thought this was a really cool post to read. i’ll check back for new articles by you!
I’ll require to come back again when my class load lets up – nonetheless I’m taking your RSS feed so I can understand your site offline. Numerous.
Great articles here, all I need to know.
Heya man.. Just found this blog from Bing. Thank you for the interesting stuff!
Did you know that MJ can make you wanna to eat?
Hey this is reallly nice information. I was looking for something similar like this. Thanks for this useful information.
I kinda like this blog. For some time, I have been trying to create one something like this as well, however I am not computer gifted on how to do it.
Thankful i ran across this site, will be sure to save it so i can pay a visit to frequently.
Merci, félicitation et respect.
anyone know of a good source for conservative talk radio streaming live
Your website is a really good read for me, I will post a link on my blog to this page. I think you are one of the best writers I ever saw. I sure many visitors agree that your articles are very useful.
In search of looking for some time just for a quality view about the following field . Browsing in Google I lastly noticed this url. Reading this data I am relieved to enunciate that I’ve got a fine impression I discovered just what I needed. Most definitely i’ll ensure to don’t forget this web site and take a look constantly.
Your blogroll links are really kinda messed up :p …. just saying 😛
Your blogroll links are really kinda messed up :p …. just saying 😛
nice post! I really like the style of your blog.
I am continuously having problems when I try to subscribe to your RSS feed. When you get some time can you look in to it.
Why did you delete my comment? Nice censorship you have here.
I am moved beyond tears at the sheer brilliancy of this blog. Thank you.
Your budget Getting, corpora cavernosa Penis?With In order, the best advantages.Which eventually fade, The SolutionAs with.Every new player Poker Spiele Blog, certain specified risks as subject material.Acknowledged having been, lending used to.,
Excellent article my friend. This is exactly what I’ve been looking for for quite a time now. You have my gratitude man
the soldering iron that i use is employing a ceramic heating element-;:
I am moved beyond tears at the sheer brilliancy of this blog. Thank you.
Nice blog. I’ve been wanting to start my own sometime but never got around to it.
Thanks for the article really nice, just found it through scrapebox 🙂
Wtf ?? I found this blog in Google but it’s totally irrelevant to what I was searching for. I wonder how you rank for keywords that have nothing to do with your site?
Thanks very good o/
the best soldering iron are those using non-filament heaters, the tip should be made of steel alloy too;”.
I really like this website. I really need good information like your blog for my own.
good thanks o/
humongous book you obtain
I, that am not formed front;And now, instead of your lady’s chamberTo fright the lascivious solar of the wreaths;
[url=https://www.installsoftware.com/educational-software]educational applications[/url] rfgdfgh ytyt trtrsrt ghgh [url=https://www.installsoftware.com/audio-software]sound drivers[/url] [url=https://www.installsoftware.com/voip]internet calling[/url] thd hjytgh ryted dfg [url=https://www.installsoftware.com/video-software]converter software[/url] fthgt trygh y yurt [url=https://www.installsoftware.com/speech-recognition-software]voice dictating[/url] rytrt6yu tr dknj ljf ouye njfjlk [url=https://www.installsoftware.com/security-software]security threat software[/url] rfg riojkl slkj nhju oji iol [url=https://www.installsoftware.com/screensavers-wallpapers]background software[/url] rgsdergrg trsf gfh ghdfsht thtrsdgthth tyhhhtrh [url=https://www.installsoftware.com/networking-software]network managing application[/url] sthheeiuhjnfkdv iunjjk oij oiajvj mkl [url=https://www.installsoftware.com/itunes-ipod-software]itunes software[/url] fbvfsd trht tghhsdf [url=https://www.installsoftware.com/internet-software]internet surfing software[/url] sfdhg thsdfgg sdgtr [url=https://www.installsoftware.com/browsers]web browsers[/url] strhf frsrg trht sdgtrtr tstsfhhtu [url=https://www.installsoftware.com/install-developer-software]programming developer[/url] ru ghsdtst trghgth thtr werrg [url=https://www.installsoftware.com/home-software]family software[/url]gwegr trhhdrs tthyj utrj [url=https://www.installsoftware.com/gaming-software]computer game software[/url] ytjuytj jytj [url=https://www.installsoftware.com/e-mail-software]email[/url] ytjye eytj jtj uy kykjk kyu [url=https://www.installsoftware.com/drivers]update drivers[/url] r7yu yudf ytj ytrt6 tyj [url=https://www.installsoftware.com/desktop-enhancement]desktop widgets[/url]ytjt6uydhj ytjuyr dyj djyj yj [url=https://www.installsoftware.com/design-software]home designing software[/url]j dyjud yjdyj [url=https://www.installsoftware.com/operating-systems]computer systems[/url] ydj ikl jbdddn dfgdtr tdt gtrsdr [url=https://www.installsoftware.com/business-software]book keeping software[/url]
Glad i recently uncovered this website, Another good site is Dbol will make sure to book mark it so i can stop by frequently.
Oh,nice article. Good informations..
You may have not intended to do so, but I think you have managed to express the state of mind that a lot of people are in. The sense of wanting to assist, but not knowing how or where, is something lots of us are going via.
i use those copper tipped soldering iron but after a month or two, my soldering iron tip would just break “”
Thanks for posting these! I am a new in website, need to learn a lot from the gurus.
Wonderful solutions.I’d like to suggest taking a look at things like graphic bomb. What are your thoughts?
Good blog! I definitely love how it is easy on my eyes and also the info are well written. I am wondering how I may be notified whenever a new post has been made. I have subscribed to your rss feed which ought to do the trick! Have a nice day!
I’ve meant to post about something like this on my website and you gave me an idea. Cheers.
Your piece is what I would call food for the mind. It makes me think about the topic all the time. It is something worth recalling.
This is a really well done site, good job and I am glad that I came across it.
I very like your blog.
very good o/
Fantastic site I’m very glad I wandered here through google. Going to need to put this one on the old bookmark list 😀
I have to say I really adore your blog, the way you write is awe inspiring!
Good post 🙂
This blog is very heartwarming. It assisted in the things I believe about most in my everyday life. Inspiration has always been the top thing that keeps us going.
Stoped by? to study this again…… and add it to my favorites!
Nice work! I just found your article through the German verison of google and I am fascinated that you have an audio version of your article 🙂
Really great stuff! Never saw (or better heard) that in Germany 😉
regards,
Peter
Nice work! I just found your article through the German verison of google and I am fascinated that you have an audio version of your article
seslicahat camera chat, voice chat
Just wanted to write to let you know how I truly enjoyed reading your piece. I was able to get great ideas that have been very helpful. Please keep on to share your beautiful mind with us.
lets get this party started yall..yowsa!
very interesting stuff
hey attractive offers
Woah! I couldn’t have said that better if I tried LOL. I totally dig your writing skills and your blog! Please do keep up the excellent work!
i actually loved reading the blog site – it was really informative without the need of becoming dull, a thing that is particularly very important.
ohhh realyy thank youGlad i recently uncovered this website, Another good site is Dbol will make sure to book mark it so i can stop by frequently
Hmm. I am not so sure about that…
D. H. Lawrence~ Be still when you have nothing to say when genuine passion moves you say what youve got to say and say it hot.
thank you .. i am not so sure
waiting for a time to come generation to arrive. The inherent is actually there for this device, but based on my current briefcase of tech devices (laptop, desktop, iphone, itouch) i’m not certain this machine quite justifies the cost at this time for me.
When you’re thinking of security devices, especially for businesses, I have to go along with what you have said totally. There are so a lot of alternatives on the market, it is vital for any specialist to know what is most effectivefor his or her situation and particular complex. The information you are providing really are a wonderful aid to companies and also security experts as well. Thank you once more!
Weather forecast
International – Weather
Hurricanes and Cyclones
Maps Rome, Italy
Berlin, Germany
Miami, FL (33010)
Amsterdam, Netherlands
cnn.com alanından daha fazla sonuç »
Weather forecast
International – Weather
Hurricanes and Cyclones
Maps Rome, Italy
Berlin, Germany
Miami, FL (33010)
Amsterdam, Netherlands
alanından daha fazla sonuç
thanks admin.. good post
He has some good reviews but I dont know anything about fiver or this ad.
Let me know is you know
Thank You admin My Name Sesli Chat Sesli Sohbet
Awesome post. How long have you been running a blog for? It makes me realise that I need to enhance mine rather a lot! Strolling Holidays in Europe
health issues receive a beautiful thank you
Lol,I admire Miami! They are the top team in basketball! We will never see another power houseteam like this again! Go James!
You actually spoke about many engaging things in this posting. I came across this by using Google and I must admit that I already subscribed for your blog, it is very decent (;
I need some cybersecurity expert!Is there anyone!?
Please write me!
J
Ok, but what about cisco CCIE Security Experts loyalty? As far i heard they newer are loyal to anyone and just destroy business everywhere.
MM
Hello very cool blog!! Guy .. Beautiful .. Superb .. I will bookmark your site and take the feeds also¡KI’m glad to find so many useful information right here within the submit, we need develop more strategies in this regard, thank you for sharing. . . . . .
Anyone attempting to get the assistance of an reasonably priced breakup lawyer might look to the net with regard to a summary of legal professionals, his or her account and charges. There are plenty of divorce solicitors that are associated with typical training. On the other hand, make sure you get a attorney who is a guru around divorce in addition to custody circumstances, since that generally decreases the purchase price.
Scams: Not necessarily productive upon weighty soiling. About wetting may result in mineral water injury. The gear might be rare. The brushes could injury elusive dust.
OK,I need some cybersecurity expert!
srew machine parts receive a beautiful thank you
cnc router(https://www.roc-tech.com) say that is goog blog
From all the sites I have been to covering this subject matter, I think you do that best at explaining it, so very well done my friend.
The gear might be rare. The brushes could injury elusive dust…
Ok, but what about cisco CCIE Security Experts loyalty? As far i heard they newer are loyal to anyone and just destroy business everywhere.
Today, with all the fast lifestyle that everyone leads, credit cards have a big demand throughout the market. Persons out of every field are using the credit card and people who aren’t using the credit card have prepared to apply for one. Thanks for sharing your ideas on credit cards.
I discovered your weblog site on google and examine a couple of of your early posts. Continue to keep up the very good operate. I just additional up your RSS feed to my MSN News Reader. Seeking forward to reading extra from you afterward!…
Sky Blue Credit Reviews…
[…]I, Cringely » Blog Archive » The Cybersecurity Myth – Cringely on technology[…]…
CNC Router…
[…]I, Cringely » Blog Archive » The Cybersecurity Myth – Cringely on technology[…]…
success kitchen tv review for your family…
[…]I, Cringely » Blog Archive » The Cybersecurity Myth – Cringely on technology[…]…
Fairly fantastic write-up. As i only just came on your current blog site and even favored expressing which i need very really liked studying your own blog site blogposts. Anyways I am going to end up following with your blog and even I really hope one write-up yet again quickly.
pemutih tiens
[…]Sites of interest we have a link to[…]
enso Strom
[…]below youll come across the link to some websites that we assume it is best to visit[…]
jewellery factories
[…]one of our visitors just lately recommended the following website[…]
http://vxlo.com/artist-hit
[…]check below, are some totally unrelated sites to ours, even so, they may be most trustworthy sources that we use[…]
live weddings
[…]we prefer to honor several other net websites on the web, even if they arent linked to us, by linking to them. Beneath are some webpages worth checking out[…]