In the military, in order to earn this badge, you need to take several weeks of hands-on, practical training, and then jump out of a perfectly good airplane and come down in one piece.

At least five times.

In order to earn this badge, you need to take months of classroom and hands-on training and then take off and land a perfectly good airplane.

Over and over again.

In order to defense DOD computer networks you can either read something like this, or go to something like this, and as long as you test well, you’re golden.

Actual, demonstrable knowledge and experience is less important that a potentially worthless piece of paper. You’re tired of me bringing up that same old story? Well, read on.

I believe it was 1992 when I first heard about discussions in the Army that the basic “computer programmer” MOS was insufficient for the coming information age. As far as I can tell, in the year 2013, the Army still only has one, specific IT MOS (I wasn’t in the Navy or Air Force so I can’t speak to how much more effective – or not – they’ve been at this task).

This is a problem that has been understood and recognized for at least 20 years, but the bureaucracy says it takes time to promulgate policy, an idea that would be laughable if the issue were not so dead serious. That the military is a bureaucracy is a given; that policy can’t move through a bureaucracy at combat speed is simply false (e.g. General Order Number 1).  Are these apples and oranges? Sure. Can the DOD move as fast as lightning when it wants to? You bet.

For this issue anyway, it doesn’t want to.

Why should it? Who builds weapons? Who connects the far-flung military commands? Where does all the nation’s technical expertise reside?


Not exclusively of course, but once you get above a certain scale – or down to a very discrete level – warfighting and warfighting support is too complex and lucrative to leave to GIs. Deploy recently? Did a 92-golf serve you that Whopper or a local-national (or an imported third-party national) working for KBR? Whose label is on that piece of equipment you’re flying in? Northrup? Harris? Where do you think those 4,000 people CYBERCOM wants are going to come from (in the end)?

If you want people capable of doing X then solicit for X and take the time and effort to validate their claims of skill and expertise. Certifications are not evil, but they are not an effective shortcut to the capabilities you want. They can in fact be very dangerous. You would not trust your life to the surgeon who got his degree after testing well after a two week ‘slice-n-dice’ boot camp; if INFOSEC and COMPUSEC are issues you really care about then don’t do effectively the same thing for your defenders.

Leave a Reply