As a ten-year regular volunteer at the USO O’Hare, there’s a sly grin on my face knowing all the U.S. Navy personnel featured in this video have visited the Terminal 2 center at least once in their careers and should make every InfoSec News reader happy these men and women are learning about information warfare, cybersecurity (both offensive and defensive) and wireless networking, among other security topics, nearly two years of college training over the span of six months.
Hat tip: Soldier Systems
On July 4th, The New York Times reported NSA contractor Edward Snowden trained and certified as a Certified Ethical Hacker by the EC-Council, a certificate which has since been rescinded by the organization. After what could be called stall tactics with myself, the (ISC)² has now confirmed that Edward Snowden is in fact currently an (ISC)² member.
On late Wednesday evening, a Global Communications Manager for (ISC)² replied that “(ISC)² can verify that Edward Snowden is currently an (ISC)² member.” The Global Communications Manager for (ISC)² goes on to state that “the (ISC)² is in the business of validating the knowledge, skills, and abilities of such professionals, it cannot guarantee a member’s conduct or professional judgment. Mr. Snowden, like all other (ISC)² members around the world must do when they sit for an (ISC)² credential exam, signed an agreement to abide by the (ISC)² Code of Ethics as a condition of maintaining his (ISC)² certification.”
Like the EC-Council, the (ISC)² has an established ethics complaint procedure that is initiated when a member of the public, an employer, or an (ISC)² member submits a complaint to the (ISC)² Ethics Committee when one of their members violates the Canons of the Code of Ethics.
- Protect society, the common good, necessary public trust and confidence, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession.
It should be pointed out that a member of the public can only complain about a breach of Canons I or II, principals (those with an employer/contractor relationship with the certificate holder) may complain about violations of Canons III, and only other professionals (those who are certified or licensed as a professional AND also subscribe to a code of ethics) may complain about violations of Canon IV.
Its entirely possible that while Edward Snowden sorts out his asylum requests until he’s formally charged by the U.S. Government, he will be still be allowed under (ISC)² membership regulations to continue practicing security in Iceland, Venezuela, or the SVR Headquarters in Yasenevo.
The (ISC)² Global Communications Manager concluded the mail stating “Mr. Snowden’s previous employers should be applauded for seeking out a certified professional to carry out their very important work. Unfortunately, in the end, no organization can completely ensure those individuals will exercise professional judgment at all times.”
(Screenshot / The Guardian)
Snowden’s resume, which has not yet been made public has been described by those that have seen it, sheds new light about this “systems administrator” who morphed his skills to become an information security expert, skills that the N.S.A. and other government agencies have been very desperate to recruit.
In July 2012, General Keith Alexander, Director of the National Security Agency, gave the keynote address at DEF CON 20, the world’s longest-running and largest underground hacking conference, looking to recruit hackers like Edward Snowden to work for the N.S.A.
In 2010, Snowden attained his (C|EH) “certified ethical hacker” certificate by studying coursework that satisfied DoD Directive 8570 requirements by a company that is no stranger to controversy which has a tendency to forgo ethics and profit off plagiarized content from other sources.
EC-Council, the organization behind the (C|EH) and Certified Network Defense Architect (CNDA) has a code of honor that requires ethical hackers to keep private any confidential information that they obtain. EC-Council President, Sanjay Bavisi, told the New York Times that he was aware only of one other person who had lost his certification for making information public.
Edward Snowden’s profile will now be studied by counter-intelligence officials looking for clues about how to hire skilled hackers without endangering government secrets.