Government Pre-Election Slowdown has Started

Posted September 9th, 2008 by

Signs of the pre-election slowdown are around us, and I’m definitely starting to feel it.

For those of you outside the beltway, it breaks down like this:  people aren’t willing to make any long-term decisions  or start any long-term projects because they will be overruled in a couple of months after the elections and as election platforms meet reality.  Typically this happens once most of the political appointees are in-place, and I have a feeling that early 2009 is going to be much fun, no matter who wins the presidency.

Now when the current president took charge of the executive branch, he issued a 5-point plan called the President’s Management Agenda.  You can check out the PMA on the OMB website.  And yes, E-Government is one of the 5.  You can expect something similar under the new administration.

As a parting shot, you know it’s a slowdown when you see contracts that will be awarded in November but the work doesn’t start until April.  =)


Lame ducks frozen in water

Lame Ducks Frozen in the Ice photo by digitalART2.

Similar Posts:

Posted in Odds-n-Sods | 1 Comment »

Super Secret Security Control You Were Never Meant To See

Posted September 4th, 2008 by

This super secret security control is from the unpublished control catalog of an agency we would be foolish to name here.  Oh, darn, you talked me into it, the agency is the Director of National Intelligence – Extralegal Ventures to Rectify Information Technology Hacks, Incursions and Numbskulls Gabbing (DNI-EVRYTHING):


The organization sanitizes information system personnel prior to disposal or release for burial.

Supplemental Guidance:
Sanitization is the process used to remove information from information system personnel such that there is reasonable assurance, in proportion to the confidentiality of the information, that the information cannot be retrieved, recovered or extraordinarily renditioned. Sanitization techniques, including clearing, purging, and destroying personnel information, prevent the disclosure of organizational information to unauthorized individuals when personnel are disposed. The organization uses its discretion on sanitization techniques and procedures for personnel containing information deemed to be in the public domain or publicly releasable, or deemed to have no adverse impact on the organization or individuals if released for reuse or disposed. The Black Operations For the Homeland (BOFH) provides personnel sanitization guidance and maintains a listing of approved sanitization procedures in their publication “Leave No Incriminating Evidence (or Where Jimmy Hoffa Went) Directive and BBQ Cookbook”.

Control Enhancements:
(1) The organization tracks, documents, and verifies personnel sanitization and disposal actions.
(2) The organization periodically tests sanitization equipment and procedures to verify correct performance.
(3) The organization employs personnel sanitizers (‘cleaners’) who bear an uncanny resemblance to either Harvey Keitel or Jean Reno to perform ad hoc personnel sanitization procedures.
(4) Lbh fubhyq arire gehfg EBG13 rapelcgvba be chg lbhe snvgu va pbafcvenpl gurbevrf. (ROT13 Super-Encrypted)

LOW: Not Selected  MOD: PS-1337(1)(2)  HIGH: PS-1337(1)(2)(3)  MAJESTIC12: PS-1337(1)(2)(3)(4)

Similar Posts:

Posted in IKANHAZFIZMA, Odds-n-Sods | 1 Comment »

Give Me Your Free-Form Comments

Posted August 20th, 2008 by

Any comment or graffiti you want to put up in the comments, go ahead.  Only stipulation is that it’s profanity-free (ack, this coming from me?) and relevant to security in the Federal Government.


Why do this?  Well, to give a voice to those who don’t say anything about what’s going on.  We need to hear more from the “silent infosec majority” who just do their jobs every day.

Similar Posts:

Posted in Odds-n-Sods, Rants | 5 Comments »

Friday Subversive Music–The Dead Kennedys

Posted July 18th, 2008 by

It’s even funnier when you know about the Frankenchrist album trial just a couple of years later.

Similar Posts:

Posted in Odds-n-Sods | 3 Comments »

Learning GovieSpeak: The Plum Book

Posted July 17th, 2008 by

You were thinking this was part of the rainbow series, along with the orange book, the red book, and the fuchsia book, weren’t you?

Well, no, security dweebs, we’re on a public policy kick, probably will be until the end of the year (more on that to follow, stay tuned), so you wouldn’t be so lucky.

The Plum Book’s official title is Government Policy and Supporting Positions and basically it’s a huge staffing chart for the Senior Executive Service–the political appointees.  Congress publishes the Plum Book after each presidential election, so for those of us who remember our civics lessons in high school, that would be every 4 years, and the last one was published in 2004.

In fact, you can see the last edition here.  Caveat:  it’s dry, like the uber-trocken Franken white wine that grows in the fields around where I used to live in Germany–so dry that it sucks the moisture right out of you.

Plum Pickin

Plum Pickin photo by Secret Tenerife

Now why do we care about the Plum Book?  Well, that’s a good question.  Have a look at some of the staffing plans in the plum book, and you’ll see something missing:  Agency CISOs.

Now, I’m not a rocket scientist on org charts, but it seems to me that unless you put CISOs up to where they’re answerable to the agency head, they’re just a cost center inside the IT department with no visibility to the decision-makers.  Once again, we’ve crippled our security staffs like the old-school way of doing things.

On another note, taking a quick straw poll of the agency CISOs that I know, I think about half of them are political appointees, and half of them are GS-15s.  So what’s the difference?

Well, political appointees (SES) are appointed by the President.  They make a better target because they have much more visibility from the higher-ups they are more political in nature.

GS-scale employees are civil service careerists.  Usually these are the guys who have moved up the ranks in the various agencies and know quite a bit of things.

Which is better?  Well, if you want survivability, then GS-scale is the way to go.  If you want to make the most difference, SES is the ticket.

Most of us will never get the choice. =)

Similar Posts:

Posted in Odds-n-Sods, Rants | 3 Comments »

The Wee Bonny Has a Blog

Posted June 27th, 2008 by

My friend, the Wee Bonny Graydon McKee, has his own company and a new blog.  Graydon is from Atlanta, helps us teach with the Potomac Forum, and just finished his Masters in Information Assurance.  Pretty good guy all around.  Check him out at Ascension Risk Management and fire up your RSS reader.

Similar Posts:

Posted in Odds-n-Sods | No Comments »

« Previous Entries Next Entries »

Visitor Geolocationing Widget: