Wednesday, July 19, 2017

Senior Enterprise Architect Wanted - I think this is in the Washington DC area


(Please forgive the grey shading, this is what I got from the recruiter)

For further info, please call:
Gregory Price
Vice President of Defense Programs
Trowbridge & Trowbridge, LLC

Cell: 815.531.9667
1430 Spring Hill Road, Suite 200, McLean, VA  22102 |  www.tt-llc.com  |  O: 571-298-8478 | F: 571-499-4153


= = = = =
Senior Enterprise Architect 

Work Experience, min 12 years:
5+ years primary role operating, troubleshooting, installing network routers and switches
5+ years primary role designing, architecting routed and switched networks
2+ years as senior or lead network architect in multi-tenant network
2+ years as senior or lead network architect in planning, designing, and building software defined networks 3+ years DoD environment

Certifications:
At least two nationally recognized certifications for senior network administrators/engineers/architects, and one of these certifications must be tied to the proposed solution’s routers and switches.
IAT Level III in accordance with DoD 8570.01-M http://iase.disa.mil/iawip/Pages/iabaseline.aspx
Education:
Bachelor’s degree in Information Systems, Engineering or Equivalent; Master’s degree preferred
Demonstrated Skills:
Ability to analyze requirements; plan and develop technical solutions and frameworks; develop test and implementation plans, analyze and evaluate networks,
Use of current and emergent network design principles and protocols
Experience with network virtualization technologies and vendors
Experience with multi-tenant network architectures
Experience with specific designing and modernize a complex network to separate control from data planes. Familiarity with a width variety network routing and switching equipment devices from multiple vendors Scripting languages such as Pearl, Python.

Awareness of DoD JIE-JRSS architecture, and design experience for a DoD network within the last 3 years.
Clearance:
Active or current Top Secret clearance, SCI eligible, adjudicated through DoD Central Adjudicative Facility (CAF).
67 of 79 SDN Solution Final PWS v1.0 As Of: 23May17_1700hours 

Friday, July 14, 2017

Cybersecurity research: What and How

Friday July 7, 2017, I was asked by the folks at SANS.EDU to help the graduate students submit research proposals to be evaluated by the STI research committee. It was fun work, and a glimpse at a new, (to me), part of the research process at STI.

In the first batch there were a number of potentially great proposals, but only one student took the time to clearly articulate what she was going to do and how she was going to do it. Not surprisingly, when this proposal reached the committee for a go/no go decision, the answer was go, (approved), and several faculty members volunteered to be the advisor on the project.

The experience led me to wonder, "what is the difference between the successful project proposals and the ones we evaluate as not yet ready?" From the title of the blog post you can probably guess the answer is the successful students clearly articulate what they are going to do and how they are going to do it. Before we examine that, let's take a minute to define a Cybersecurity Research Proposal. There are, amazingly, three key words to consider:

    Cybersecurity: all of the proposals fell into the realm of computer security, so we don't need to belabor this point. We can leave Better methods of picking daisies to some other worthy institution.

    Research: we ran into some problems here.  Research is studious inquiry. Research is not regurgitation of already published information, or an opportunity to recount one's personal experience.

    Proposal: this is where the student defines what they are going to do and how they are going to do it.

As mentioned, most of the proposals had potential in the sense that the topics were timely and interesting. So where did so many miss the mark?  There seemed to be two major pitfalls, overly broad topics, (failure to succinctly define "what") and research process that cannot be practically accomplished, (failure to pragmatically understand/define how).

Since it is frustrating to be sent "back to the drawing board", here are a couple suggestions for success the first time through the process.

1) Know what you want to do. Ideally, your topic will be something that you want to learn more about, or that will benefit your employer. In the best of all possible worlds your topic will satisfy both conditions. If you do not know what you want to do, you will not be able to explain it in the proposal. That results in "fuzzy writing" which ends up frustrating all parties, student and advisor. Only you can know what you want to do.

2) Use the literature search part of the process to explore the uniqueness of your proposal. If there are lots of papers, tutorials, YouTube videos, etc on "Using Wireshark to monitor the TCP/IP 3 Way Handshake", it could be an indication that ground has already been covered. However, keep in mind that just about everything you can imagine has been published on the Internet in one form or fashion. The published material may not be supported by studious inquiry and/or empirical results. In that case, you may still have a valid topic and this is a discussion you should have with your advisor.

Summary: if your research proposal: reflects studious inquiry, covers new ground and adds to the body of knowledge, clearly explains what you intend to do and how you intend to do it, then the odds are better than average it will be accepted the first time.