Actually, COMSEC is a security clearance category,
which indicates material involving communications security
and users who are authorized to access such material.
It's one of the variety of categories covering things like
intelligence-related and nuclear information, NATO stuff, and
material not to be given to foreigners (there's a lot of
classified information which gets shared with "friendly" governments).
An example of COMSEC material is encryption keys used for
transmission of classified information - the code clerk not only has
to be cleared for, for example, SECRET material,
but also cleared for COMSEC because losing one SECRET key can
give away large volumes of SECRET material,
so there are special rules for handling the stuff.
Back when I was a tool of the military-industrial complex (:-),
which was long enough ago that the rules may have changed,
if somebody had active SECRET clearance and worked at a facility
that was cleared to handle COMSEC material,
getting a COMSEC authorization was no big deal - there's some
training and paperwork involved for the individual and
the security management at the facility, but it's not like
getting the security clearance itself, or like getting
authorizations for intelligence material or nuclear design material.
On the other hand, there were a *lot* of rules regarding
recruiting for companies that were doing classified work,
and they're *really* worth checking out if you want to mess with the field.
For instance, advertising for people with active clearances
wasn't something you could do directly, especially for higher-level clearances.
Otherwise, some startup company that was really a KGB front could go
advertising for people with TOP SECRET REALLY SENSITIVE STUFF clearances,
and find out whose garbage cans or credit history to start looking through,
whose grandmother to threaten, whose girlfriend to start following,
what kinds of bribes or threats might be successful, etc.
It also let them find out about projects people were working on -
of course the candidates won't tell you the classified bits,
but if you know that a lot of people at Big Airplanes Inc.
have degrees in optical fiber materials research
and have supervisor references from the avionics department,
they could draw some conclusions from that, and also could
hire critical personnel away to work on other projects.
Bill Stewart
P.S. No, I'm not interested in doing that stuff again :-)
On the other hand, it's interesting to see what you're trying to
recruit people for, and make guesses about what projects the
military might be interested in doing that involve fiber optics research,
for companies that might be located in Raleigh NC (yeah, there are lots).
At 01:42 PM 05/26/2001 -0400, Jeffrey Hilles wrote:
>I am a network recruiter and have a very frustrating opening with a defense
>client in the Boston area that I just can not fill. One of the list members
>suggested I gently ask if someone on cypherpunks could give me a suggestion
>or two on where a fit might be found. I have spent the last 2.5 days
>researching and have come up almost totally empty handed.
>
>The job description from the client is below. I know TEMPEST is spelled
>wrong and that COMSEC is not at security clearance (I guess it is an HR kind
>of error thing.) Anyway I think they are looking for a strong project
>manager with exposure to NSA or some other government certification, INFOSEC
>and a system level knowledge of Satellite Communication Systems. Believe it
>or not another recruiter found a guy on Headhunter that fits most of this
>and is local to Boston. The only problem I see is that he does not have a
>four year degree. If I do not get someone in there soon I will miss the
>window. If anyone has any suggestions I would sure appreciate it.
>
>Thanks Jeff.
>[EMAIL PROTECTED]
>www.wdinc.net
>
>
>Cryptography Specialist
>
>Lead NSA certification for embedded cryptography in modern Satellite
>Communication Terminals. Analyze and allocate INFOSEC requirements at
>System, HW and SW levels. Review systems architecture, HW and SW and
>provide guidelines for INFOSEC features. Interact with NSA and other
>Government reps, including preparation and presentation of INFOSEC PDR and
>CDR material. Generate and/or review certification documents including
>Theory of Equipment Operation, Theory of Compliance, Security Fault
>Analysis, INFOSEC SW documentation, and INFOSEC test plans, procedures and
>reports. Support mechanical and TEMPEST design and related documentation.
>
>Required ability to analyze requirements and implementation across a broad
>spectrum ranging from high level requirements to requirements flow down to
>detailed HW and SW implementation and mechanical design. Understanding of
>state-of-the-art computer architectures, robust design methods, and HW/SW
>tradeoffs. Secret/COMSEC clearance essential.
