The InfoSec Blog

How to get a job in security

Posted by Anton Aylward

http://www.wired.com/threatlevel/2012/05/airport-security-id-theft/

I often get hit on by wannabes who want to - as they put it - "break into security" and get a job as a security consultant. Perhaps the media has something to do with it, making it look glamorous when in fact it is tedious and requires a lot of study and self-discipline. The most often question is about which certification they should get first in order to get a job. Some people seem to view certification as a job ticket because so many job postings have various certifications as a requirement.

What these people are forgetting is that a certification is there to certify you have the experience; you need the experience to get the certification.

If course you could always fake it; there are plenty of diploma mills and no shortage of high profile people who have faked their resumes.

But this goes one step beyond that. This person got a job in security though faking an complete ID with all the supporting documentation:

NEWARK, NJ - DECEMBER 27:  A stranded traveler...

Bimbo Olumuyiwa Oyewole, known to his fellow workers as “Jerry Thomas,” obtained his job as a security guard supervisor at the Newark Liberty International Airport with credentials he’d allegedly stolen in 1992 from a petty criminal who was shot and killed in New York that year, according to CBS.

Authorities say Oyewole, who entered the U.S. illegally in 1989, began using Thomas’ birth certificate and Social Security number three weeks before he was murdered, though there’s no immediate evidence that he was involved in Thomas’ death. He used these documents to obtain a New Jersey driver’s license in Thomas’ name, as well as a state security guard license, airport identification and credit cards.

He used the fraudulent documents to gain employment with several contractors at the Newark airport, most recently with FJC Security Services.

That really inspires confidence in the system, doesn't it?

So what careful vetting and though investigation by the FBI and others uncovered this threat, a threat that could have been practised by a 'sleeper' for a terrorist organization?

Think again:

Authorities discovered Oyewole wasn’t the man he said he was only after an anonymous letter was sent to the Port Authority of New York, which oversees the region’s main airports, and to the New Jersey’s inspector general’s office. The letter indicated that “Jerry Thomas” was known by other names.

Might we suspect a disgruntled ex-lover?

Good policing that, eh? It makes you wonder how many other TSA operatives and supervisors are using fake ID or whose backgrounds and origins have not been adequately investigated.

Oh, right, there are so many of them, that level of investigation is impractical.

Didn't Bruce Schneier say something about the TSA's approach being impractical, being "Security Theatre"?

Enhanced by Zemanta