You want to know more about it, read this book. It was suggested to me during a lecture by Bruce Schneier on the subject and really has some good insights, if a little dated by now.
Thanks for the discussion above, insightful.
I can tell you what got me into this.
Richard Clarke (former counter-terroirsm czar under Clinton and Bush) wrote a book about cyber warfare.
It's a fantastic and terrifying book. While he's looking at everything through the lens of vulnerability to cyber warfare, it really does illustrate that our society is a long chain only as strong as its weakest link. It has a lot of weak links.
The fact that we can go to the grocery store (and it will have food in it), call 911 and a cop or ambulance will show up, go to a hospital that has room and supplies for us, go to a gas station that has gas in it - hell, the fact that when you flick the lightswitch the lights go on - all these things rest on a very complicated and very fragile system. Shit can go wrong, much more easily than people realize.
I’m currently a 17C fresh out of AIT and have been at my first duty station for only a little while now. I don’t really want to go into too much detail about things that I shouldn’t so I’m going to try and keep everything I talk about related to stuff you could mostly find by googling. Also please feel free to ask me any questions you want and I’ll do my best to answer them here. If it’s something more specific that you don’t want to discuss in an open thread like this, feel free to PM me. If possible PM me your .mil email and I can reply and answer questions through there.
Wtf do you actually do?
In a very broad sense you can split cyber into Offensive Cyber Operations (OCO) and Defensive Cyber Operations (DCO) (THIS document gives a nice short description ). Starting with OCO, it is very much what you might think it entails. Exploiting our adversaries networks. There are lots of books (THIS is one we were required to read for one of my college classes) or youtube videos that go into detail on what real hacking looks like. Biggest thing I will note though with OCO is that not every 17C will be doing the leet hacker stuff. You have to be extremely skilled and knowledgeable in order to do that and it requires lots of additional training after AIT to get a spot in those work roles. Those specialized work roles also are not only reserved for warrant officers or senior enlisted. From what I’ve learned it’s very much based off of merit and I’ve heard of people saying even specialists can be in those work roles. I don’t have any experience in an OCO unit so I can’t really give any more details other than that.
For DCO it again is kind of as the name implies. You’re responsible for the defense of the DoD Information Network (DODIN). Defensive Cyber Operations (DCO) provides the hardware, software and tools to proactively defend and enable the Army's network to operate unfettered from the threat of cyber attacks (yoinked from google somewhere). Much like OCO there are also specialized work roles within DCO that you can work towards as well.
Where do you go?
Three big units I’ve heard of lots of people getting assigned to recently are the 780th, CWB, and CPB. Most common duty stations I’ve personally heard of people going to so far are Ft. Meade, Ft. Gordon, and Hawaii. During AIT though a few higher ranking people that came in to talk to us during class told us that people in cyber are going to be deploying a lot more / going to different duty station other than the big three above.
What’s AIT like?
Long and shitty. Currently the army is changing how they are doing phase 1 and 2 for 17Cs but as of writing this they are still sending people to Corry Station in Florida for phase 1 where you will be attending JCAC. I’ve heard a lot of people complain about Corry but they are mouth breathers that probably never phased up and went to the beach. If you get to go and covid restrictions aren’t in place, go to the beach / downtown. Pensacola and the surrounding area is actually really cool. Starting sometime in April (or sometime this year who knows), they will stop sending 17Cs to Corry and they will be going to Ft. Gordon for phase one. After Corry station you go to Ft. Gordon for phase 2 training. The classes for both phases are 100% passable by everyone and don’t let anyone tell you differently. For some people it may be more of a challenge than others, but if you truly want this job and want to make a career out of it, you’ll put in the work and pass. Trust me. You are allowed to have your phone, gaming console, tower PC and monitor, you name it from the get go. Once you get phase V privileges you will be allowed to wear civies. Once you get phase V+ you will be allowed to drive a vehicle. You can have your parents or whoever bring you your car or when you go home for holiday block leave you can drive it back (this is what I did). Since our AIT is so long you can also get phase V+28 which gets you extra privileges like going places without a battle buddy and not having to wear a camelbak all day (still have to walk around with a water bottle)
If you are a MOS-T you won’t be living with the MOS-Is. For both Corry and at Gordon the MOS-Ts lived in a different barracks or off post. You even had a different PT schedule, the MOS-Ts were never around us or really interacted with the drill sergeants. If you are a MOS-I with dependents, once you phased up to phase V you were allowed to move off post.
170D Information
I was recently able to get some info regarding the 170D position. Before you submit a packet you will go through a three part assessment. If you score well enough on this assessment then you will be allowed to submit a packet. The assessment will give you a score between 1 and 12 based on the following:
(1pt. possible) Info about yourself and your background. To me this just sounded like you tell them if you have any relevant experience with coding or maybe just stuff in general that would make you a good 170D candidate.
(1-10pts. possible) You will be given a logical reasoning test. You can just google “logical reasoning test” to get an idea of what this is like. You will be given points based on how well you do on this test.
(1pt. possible) I’ll try my best to explain how this test works based on how it was described to us. The purpose of the third assessment will be to judge your ability to understand code / a set of instructions. You won’t be given real code and expected to read it and understand what it does, but you will be given something almost like pseudocode. With this pseudocode or set of instructions, you will need to infer or answer questions based off of what you were given. Again it was a while ago that I had this brief and I’m trying to go off of the small amount of notes I was given, but takeaway is maybe a short word problem very similar to reading code.
Biggest thing we were told about the assessment is that you aren’t expected to know how to code in order to pass. They are looking for people who have the aptitude to learn how to code and will be able to pass the training to become a 170D. So for example if you have no background in writing code and don’t score well on your background information or the pseudocode, but still do really well with the logical reasoning test, you could still very easily pass the assessment. We were told if you score in like the top 30% on the assessment, then you will be permitted to submit a packet and then they will choose people for the job from there.
We were told they will be accepting the next round of applicants in Oct-Nov 2021. There will be a website to register that will be pushed out in around September. My notes also said check the USAREC website for more info. That’s all my notes have, sorry if it leaves you with more questions than answers haha.
bots get everyday a little more evolved and get a little more of our jobs - https://www.youtube.com/watch?v=7Pq-S557XQU - which brings serious societal tensions ...
but the part in-explored there is pirating the operating systems and apps -> imagine to drive on a high-way an "intelligent" car with pirated GPS and self-driving SW already TODAY ^^
with more bots everywhere, such attacks open new horizons for criminals, but certainly new wars - better then nukes - and we are already in such wars https://www.amazon.com/Cyber-War-Threat-National-Security/dp/0061962244