We know one thing, learning never stops and any update to cert, fell different: fresh, challenging, and full of potential.... Looking forward to TTT.

Kwabena Fred said:

It’s getting exciting with the new releases of certifications. Can’t wait for the TTT

Click to expand...

I mean ..its gonna be a very big moment we cant wait

@Sean Ellars ,I don't disagree that they're federal employees. The questionable area is the type of employee. As in other areas, all employees don't enjoy the same level of access as others. If a 'one size fits all approach' is being applied, as you imply. The current predicamen should be questioned.

Brandon G said:

@Sean Ellars , i think you're making an untenable connection. If the current DOGE members were subjected to the same background checks and standards as regular government employees or contractor. Then i would agree with you're supposition. @Greg Childers makes a very salient point, this is not a normal process. If this was in other areas (public and private), the current actions would be grounds for reprimand at minimum and incarceration at worst.

If I worked in health care or finance or education, the actions would be grounds for dismissal. To paraphrase a remark, it's never the crime, it's the cover up. In some areas running fast and breaking stuff works. In other areas, one needs to stop and smell the roses. I wonder what will be the outcome of the proverbial running with scissors. Who will were the bandages.

Click to expand...

DOGE members are federal employees. They have security clearances. They work for the US Digital Services. Just like other USDS projects, they are assigned to specific agencies to do the work. They do work similar to the work that USDS has done since 2014. USDS is about technical innovation. They stood up the cloud, they've built web apps and automated processes, they've helped with business intelligence/data warehouses, AI etc. They always worked outside of the Agency's processes unencumbered so they could move faster. The world is just now hearing about them.

RegisteredX

I follow Krebs on Security (excellent), and this was recently posted: https://krebsonsecurity.com/2025/02/teen-on-musks-doge-team-graduated-from-the-com/

There are too many red flags around this whole topic to mention in a single post here. It's scary to say the least.

With respect to the 'political' aspects, it's par for the course. As instructors and IT professionals, we deal with the 'political' aspects. We need to state and enforce the guardrails as it relates to training.

@Sean Ellars , i think you're making an untenable connection. If the current DOGE members were subjected to the same background checks and standards as regular government employees or contractor. Then i would agree with you're supposition. @Greg Childers makes a very salient point, this is not a normal process. If this was in other areas (public and private), the current actions would be grounds for reprimand at minimum and incarceration at worst.

If I worked in health care or finance or education, the actions would be grounds for dismissal. To paraphrase a remark, it's never the crime, it's the cover up. In some areas running fast and breaking stuff works. In other areas, one needs to stop and smell the roses. I wonder what will be the outcome of the proverbial running with scissors. Who will wear the bandages.

@Stephen Schneiter - Have all the vouchers gone out for Network+ and Tech+ from last year? I have the certs from all sessions for both, but haven't received anything yet. I was either at the live sessions, or completed them both within 2-3 days of the last session. Am I out of luck with these two?

Another viewpoint:

DOGE Is Hacking America​

The U.S. government has experienced what may be the most consequential security breach in its history.​

As a prior Federal employee and contractor (DoD, DHS, and USDA), there is nothing DOGE is doing that other contractors are not. DOGE is built on top of the old USDS and the 18F program in GSA that extended cloud to the Fed environments. Just look at the Booz Allen Hamilton contractor that released thousands of tax returns or Snowden (another Booz Allen employee) if you're even curious what level of PII/Top secret access just contractors (DOGE/USDS/18F are fed employees) get every day. IMO, the concern here is overblown, it's business as usual when it comes to the access afforded the DOGE team whether you consider them temp Feds or gov't contractors.

As much as I dislike the current-day LLM / AI fad, those objectives look surprisingly okay.

Also, please remove this double post. Or at least remove their email here as well.

Angel Waymer said:

Can you site the source of your image? Genuine question as I'd like to do further research on how this could relate as a Cybersecurity topic.

Click to expand...

I'm willing to bet it's this article.


I cannot verify, because I do not have an NYTimes subscription.

In this case, I am not sure how to discuss the technical issues without politics.

Click to expand...

From the point of view of the aspects of infosec which we teach.

Risk management. Threat modeling. Assumed breach. Access controls. Data destruction.

Threat modeling exercise:

• Business process: monthly social security payments
• Protected assets: PII, financial data, database with past and current transactions, credentials for authorizing payments
• Business interest: continue primary business process, maintain CIA of assets per SLA or requirements.
• Related infrastructure: office terminal, office network, database server, bank payment API
• Related personnel: office workers, customer support, database admin, server admin, bank personnel

The case:

• Threat actor: unauthorized party from outside the organisation, acting with assumed yet unverified authority.
• Threat entry: forced access to office or data center.
• Threat interests: PII, financial data, disrupting primary business process.
• Threat activities: assume control of office terminals, assume control of office worker credentials, assume control of administrator credentials, remove hardware from data center for destruction or for data retrieval.

Question to the students:

Which security controls can we put in place to disrupt the threat actor's activities and to prevent or mitigate the threat actor's interests and activities?

I don't view this as a political issue. I view it as a cybersecurity issue related to governance, risk, and compliance. I have emphasized the importance of GRC, due diligence, due care, regulations, standards, procedures, and ethics. DOGE is counter to all of those concepts. Where is the oversight and accountability? Where are the checks and balances? Where are the controls to protect the security and privacy of data so that no unauthorized access occurs?

Outside the classroom, I would answer questions about these security and privacy issues based on my study of history, experience teaching for those organizations, technical knowledge, and political opinions.

Technical instructors are usually not allowed to discuss politics in class. A student may ask a relevant technical question about something political. If possible, I answer the technical part of the question and ignore the politics.

In this case, I am not sure how to discuss the technical issues without politics. The issues about constitutionality and legality are political, and have an impact on governance, risk, compliance, incident response, cybersecurity analysis, and forensics.

When pressed to discuss political issues in class, I usually say: “My political opinions are beyond the scope of this course.”

Watching all sessions … going good and no issues so far

I Also faced some issues but now they are going good …

The risk is not hypothetical; history has shown what happens when oversight fails. We have seen before the pitfalls of concentrated access to sensitive data-Snowden leaked classified NSA data, Reality Winner leaked intelligence reports, even private contractors like Booz Allen had security incidents. When one person or organisation has deep financial and political connections as well as access to a huge amount of data, it poses a legitimate problem of conflicts of interest and national security.