Documents
SIDtoday Interview with a SID Hacker
Jun. 11 2015 — 10:24 a.m.

DYNAMIC PAGE -- HIGHEST
POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA
AUS CAN GBR NZL
Welcome! Saturday, 10 Nov 2012
•
•
•
•
•
•
•
•
Web search
Agency-all Emails
SID-all Emails
NSA Rolodex
SCQAWK: The SID Mailbag
SIDtoday Blog
SIDtoday Series
SIGINT Worldwide VTC
•
•
•
SIDtoday Article
Letter to the Editor
SIGINT-y Social Media Page
(U//FOUO) Interview with a SID ''Hacker'' -- Part 2: Hacker Culture and Worker
Retention
FROM: the SIDtoday Editor
Run Date: 07/13/2012
(U//FOUO) Here's the conclusion of SIDtoday's 2-part interview with TAO's
(pictured). If you missed it, you can find part 1 here.
3. (U) What kind of people gravitate to this kind of work?
(U) Hackers, geeks, nerds! The people in TAO are very interesting. There's an annual
event for hackers in Las Vegas called DEF CON, and many of us attend. When there, we
feel as though we are among our bretheren! We all have a similar mindset of wanting to
tear things apart, to dig in, to see how things work. Here in TAO, the atmosphere is
casual. You'll see people in shorts, tee-shirts, flip-flops, black clothes. There is a DEF
CON feel to the place.
(U//FOUO) The skills we are after are technical. The people in the ROC have hacker
skills while R&T analysts often have hands-on experience as network administrators

skills, while R&T analysts often have hands on experience as network administrators.
When those former network admins are hired and we put them to work in TAO, there's a
mental shift that takes place as they switch from playing defense to offense, but they
have the knowledge they need. There are some really great R&T analysts who came here
with S2 and SIGDEV backgrounds, but those with network admin experience have the
easiest transition.
4. (U) Aren't the skills needed for CNE highly marketable on the "outside"? If so,
is it hard for the government to attract and retain those workers?*
(S//SI//REL) There are two sides to it. On the positive side, the job is amazing and
awesome! We do things that you can't do anywhere else in the country... at least not
legally. We are gainfully employed to hack computers owned by al-Qa'ida! I was even
involved in the operation against UBL [Usama bin Laden] -- how many people can say
they were involved in something like that? We get great job satisfaction. CNE is
enabling kinetic [i.e., bullets, bombs, missiles, etc.] operations against bad people on a
regular basis. We also get immediate feedback, which means instant gratification, shared
by everyone on the team. Also, the people we work with are good. As I mentioned, we
feel as though we are among bretheren. All of these factors make people reluctant to
leave TAO.
(U//FOUO) Now on the other hand, there are lures to leave. It's not the highest-paying
job, especially for developers who can write exploits that are worth a lot of money on
the open market. Even locally -- within just the Washington, DC, metro area -- people
could probably make more money. Another factor is that the people who are close to
active operations -- in R&T and the ROC, for example -- are civilians or military, not
contractors. That is because the jobs they do are considered an inherently governmental
function, not something that is appropriate for contract work. Many young people have
more of a short-term mentality than the older generations, and they don't necessarily
want or expect to stay in the same job with the same employer for an extended period of
time.
(U) ...Do TAO "hackers" feel uneasy about the fact that they work for the
government? Do they feel restricted?
(U//FOUO) I think some people do chafe a bit at government restrictions, but overall I
don't think it is a big problem. We train people to make things happen and to not let
bureaucracy stand in the way. If necessary, we'll get management involved, and they are
very supportive of us. We are a very high-priority mission and management really looks
out for us and makes problems go away. They are willing to convey a sense of urgency
to all involved that we need to "get it done."
(U) ...Do you have the workers in tee shirts on one side and managers in suits on the
other? Is there a big cultural divide?
(U) Actually, I think the managers get absorbed into the "hacker" culture! I remember
we had a new manager join us and he wore a suit for a while, but eventually he started
dressing more casually like the rest of us.
(U//FOUO)
(seated) among the "bretheren" at a hackers convention.
5 (U) You've spoken of some of the best aspects of the job What are the worst

D. (U) I 01 some 01 Inc 085! 01 me J00. Hill are me
aspects?
One negative would be the long hours that people in TAO need to work,
and the times are often inconvenient. For example,- are often working here
at midnight, because we have to work when our targets are active. Also, in CT we are
often on call, and might even be called in during holidays. Those are sacri?ces you have
to be willing to make. Also,_ Building [which is home to most of the TAO
workforce] isn?t the best building. The cafeteria is relatively small and not open after-
hours, although they did add some vending machines recently with sandwiches and
wraps. The parking at- is somewhat better than the- however.
6. (U) What has been the most nerve-wracking moment of your career so far?
greatest thrill?
I'd say they were the same event: the UBL takedown. I was brought in early
on, months in advance. I was told, "We think UBL is in this compound how can you
help?" In the prep stages, one of the NSA primary was ?own to Afghanistan
and even DIRNSA was involved. Dining the actual raid [by Navy the
CT employees were all here on chat rooms following the events. When we heard that the
helicopter had crashed, that was a "Whao, what just happened??" moment. Were lives
lost? Then when we heard "Jackpot!" there was a moment of great jubilation. It was
awesome! We were all pleased that we could make a direct contribution to this success
-- something we will remember for the rest of our 1ives.**
7. (U) Is there anything else you think people should know about
I think a lot of people in SID don?t fully understand what we can do they
believe we are focused only on a few particular missions. But that's really not the case.
We are the technical experts on CNE [computer?network exploitation], and we can apply
those skills to all missions -- against every target that uses computer networks.
hope people will keep in mind that we can support everyone.
(U) Notes:
See a Tapioca Pebble on a related theme: "Best way to retain highly in?
demand teclmical employees?"
Mr- related another thrilling event from his career at a SID town
hall meeting last year. You can see it in this video, starting at the 29:50 mark.)
Comments/ Suggestions about this article?
SIDtoday articles may not be republished or
reposted outside Without the consent of 80121
(DL

Information Owner:
Page Publisher:
Last Modified: 11/10/2012 / Last Reviewed: 11/10/2012
DYNAMIC PAGE -- HIGHEST POSSIBLE
CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR
NZL
DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007
DECLASSIFY ON: 20320108