LETTERS TO THE EDITOR
LETTERS TO THE EDITOR
A key to retention
In your Reader Survey, 'Feds shoulder burden of technology worker shortage,' I noticed that the list of choices in the box titled, 'What should be done,' did not contain one of the most important aspects of a job'in some cases, even more important than the money [GCN, March 5, Page 16
The article quotes an Air Force senior network administrator who suggests that 'offering techies more meaningful and engaging work also is a solution.' I have been in information technology management for about 18 years, and the major reason I have experienced little turnover is because of encouraging staff to be forward thinking, team-oriented, versatile and cost-efficient.
Staff members approach user requests and projects with those characteristics in mind, even if the ideas are outside the norm. That, coupled with management's support for most of our decisions, has been the major key to employee retention.
Barbara BaileyInformation systems manager
Office of General Services
South Carolina Budget and Control Board
Columbia, S.C.Security certification's a must
I just read your article, 'New security certification program draws feds' [GCN, Feb. 5, Page 7
], and the good news is I want to find out more about the certified information systems security professionals program. But I believe Sallie McDonald of the General Services Administration was incorrect to say the government has no requirement for security certification.
I work for the Defense Information Systems Agency as a Unix systems administrator, and we have to go through a yearly security certification program.
There are three levels, depending on your job and experience. A Level 3 certified systems administration is usually versed in Microsoft Windows NT and Unix and has a supervisory or management role over many systems.
I am certified for Unix to Level 2 and was required to take a series of computer-based training courses, some classroom training and an exam. You must be certified to continue to work as an administrator.
DISA also has implemented a security readiness review of all computer systems. This has standard guidelines and scripts to follow to secure our systems.
Jay CrandallSystems administrator
Network Operations Center
Defense Information Systems Agency
Columbus, OhioNo scanning here
First, let me thank you for the citation in the story 'Hacks show patterns' [GCN, March 19, Page 7
]. I would, however, like to point out that Attrition.org neither monitors nor scans Web sites, let alone government or military Web sites, to determine if they have been defaced.
As we state on our main statistics page, our statistics are derived only from defacements that have been reported to and verified by us.
They only apply to our archive as stated on our site, at www.attrition.org/mirror/attrition/stats.html
, where you click on NOTES.
I could not find any four-month period during 2000 in which we mirrored 37 .mil and .gov sites combined, but perhaps that is a quibble.
The only statement I feel that requires correction is that regarding Attrition scanning sites.
Many site administrators might take that as obtrusive behavior, and this story could lend credence to the notion that we are meddling in their affairs by regularly scanning their sites.
In a different context, we map-scan sites after a site has been reported and verified as defaced to determine the operating system for our statistics.
This scanning is very different from the implication in your article that we use some form of scanning to determine if a site has been defaced in the first place.
Matt 'Munge' Dickerson