Thursday, July 23, 2009

Defense Contractors, Consultants and NISPOM

Consultants are hired by a company to fill a need the organization is not prepared to meet. The consultants share office furniture, the water cooler and are hopefully made to feel as part of the team. In spite of being a well respected contributor to the cause, consultants do not always enjoy the same benefits of a regular employee. However, this difference should occur when working on classified contracts the consultant has been hire to perform on.
According to NISPOM 2-212 “A consultant is an individual under contract to provide professional or technical assistance to a contractor in a capacity requiring access to classified information. The consultant shall not possess classified material off the premises of the using (hiring) contractor except in connection with authorized visits. The consultant and the using contractor shall jointly execute a consultant certificate setting forth respective security responsibilities. The using contractor shall be the consumer of the services offered by the consultant it sponsors for a PCL. For security administration purposes, the consultant shall be considered an employee of the using contractor."
Simply stated, though a consultant is not a regular employee, the NISPOM considers them an employee of the company that they represent. The contractor is expected to maintain the consultant’s clearance and assign classified work as specified in a contract. As with other employees, the consultant should also attend annual security awareness training and follows set procedures for working with classified information. For example, suppose a consultant is required to attend a classified meeting at a government location. There should be no problem with them couriering classified information as long as visit request and authorizations are in place. That could be as simple as providing a visit request to the government facility through JPAS. However, consult with the Government organization’s security department for specific requirements.

Career Advice for Defense Contractor Security Specialists

I receive a lot of emails from people who wonder how to get into the security field. Many are looking for a career change and are curious about what kind of education and experience is needed to work as a security specialist in the defense and contractor industry. Others are just starting out in life and looking for a job with challenges and opportunities the security field offers. There are plenty of great opportunities in with large and small contractor companies providing the venue. Here is what I have discovered about our industry and some of you may have other experiences and advice you can pass to those who ask about a career in security.
Industrial security is an outstanding field for someone with all ranges of experience to enter into. Some have been hired at an entry level job and have received promotions and additional responsibilities. Others have transferred full time to security after enjoying serving in an additional duty capacity. Career growth occurs as the contract and company expands or the employee takes on more responsibilities after hiring on with another company. Security managers can also move to higher level security positions as chief security officer or corporate security officer as experience meets opportunity.
Employees just entering the work force can benefit from entry level jobs. These opportunities are great for building skills and filling a critical need while filing receipts, wrapping packages, checking access rosters, applying information system security, or bringing classified information into an accountability system. Those skills combined with learning to implement programs designed to safeguard classified information provides a great foundations to build careers on. Additionally, many employees attend university and other adult education opportunities while serving full time in the security field. The experience, education, certification and security clearance gained while on the job prove very valuable.
Taking a look at want ads and job announcement, one can see that education and certification is beginning to be more of a requirement. Past listings for entry level and some FSO jobs required only the ability to get a security clearance and having a high school diploma or a GED. However, more and more job announcements require formal education to include college and a preference for security certification. The defense security industry still provides a good career field to gain entry level experience and move up quickly. Being well entrenched in a good career provides the perfect environment and opportunity for simultaneous education and certification. This will make the prepared ready for future positions and raises.
For those starting their careers in smaller enterprises have a keen opportunity to perform in various security disciplines. Some actually assume appointed FSO responsibilities as an extra duty and learn as they go. Many of the defense contractor organizations are small and may only have one person in the security role. The sole security manager may only work in one discipline such as personnel security. Others have a larger scope, working with a guard force, information security, and compliance issues such as exports.
Large Defense Contractors and Government agencies also provide entry level security jobs. The job title is often security specialist and job descriptions allow for many experiences. Some descriptions use words to the affect as the following: “The candidate must be eligible for a security clearance. Job responsibilities include receiving, cataloging, storing, and mailing classified information. Maintain access control to closed areas. Provide security support for classified information processing and destruction. Initiate security clearance requests and process requests for government and contract employees conducting classified visits. Implement security measures as outlined in NISPOM.” Administrative, military, guard, and other past job experience may provide transferrable skills to allow a person to apply for the job. Once hired, the new employee learns the technical skills, they can quickly advance applying their other experiences and education.
Our industry is still a great place to learn and grow. Career advancement and promotions are continually available for the prepared. Opportunities continue to exist in companies large enough to provide increasing challenges and rewards. Some may have to apply for jobs with other enterprises to reach their potential. Others may be satisfied performing their valuable functions in an organization where their skills are valued and rewarded. Consider reading ISP Certification-The Industrial Security Professional Exam Manual. Our book provides excellent career advice and provides just the right review of NISPOM to prepare you for that important job interview. Regardless of your professional goals, what are you doing to remaining competitive?

Hiding In Plain Sight-OPSEC Procedures in a Defense Contractor Organization

While on vacation this summer I had the opportunity to bump into a famous actress. Actually, I didn’t even notice her until my wife pointed her out. But, there she was walking right past us in Dollywood, USA. At first, I did not recognize her because I really was not looking for her. Also, she had not been dressed in the fashion of her TV career. A moment later I asked my wife to continue with the children while I back tracked to get a better look.
I turned back and finally caught up with the actress and her group. Since I only wanted to verify my sighting and not bother her, I continued to walk past her, took a right and pretended to be lost. I looked around as if searching for something. After taking a discreet look I was able to finally recognize her as the TV personality. I then made my way back to my family smiling and nodding to the actress as I walked by.
“I’m not sure, but I think that was her,” I later told my wife. “Good sighting”.
Later that night, after returning to our vacation cabin my wife came running up to me.
“See, I knew that was her.” My wife held open a gossip magazine with the actress and her famous boyfriend in a photo walking along a resort beach.
In the picture, the actress had worn the same pink trucker hat and brown sunglasses we had seen her in earlier that day. I couldn’t believe it, it had been a good sighting.
“So, why didn’t you talk to her?” asked my wife.
“Well, I really didn’t know what I would say. Plus, I really think she just wanted to enjoy her holiday,” I replied.
I’ve been thinking of the event on and off since returning from our vacation. This actress had made an attempt at assuming a normal life on a normal vacation taken by normal people. However, instead of really blending in she stood out enough to be recognized by my wife (who has also been able to spot other celebrities at airports during our travels).
Our actress had attempted to blend in dressing in clothing to be somewhat incognito. However, the hat and sunglasses really made her stand out. Here in the south, many like to wear baseball caps. That day, few people wore hats. Those who did wore regular baseball caps and not the mesh type of trucker hats; especially not hot pink ones. The sunglasses were oversized and clashed with the hat (and outfit) and kind of made the appearance of someone doing everything wrong in an attempt to look like everyone else.
Not that I am a sound fan of fashion, but I am looking at this in an OPSEC or security point of view. Our actress attempted to have fun at a theme park while not drawing attention to herself or her celebrity status. However, her attempt to blend in may have failed because of her unusual dress.
Cleared professionals could learn a lesson from this story. Defense contractor and Government work should be performed in such a way not to bring attention to the operation. This applies for both classified and unclassified efforts. Practicing good OPSEC includes taking a look at your operations through the eyes of someone wanting to exploit your vulnerabilities. A good question to ask is “how would an adversary recognize our effort and how will they attempt to learn more about it?” Security managers should study the surroundings, situation, and environment to ensure performance on contracts, proprietary data and otherwise privileged information remains low key. Teach employees to work in a way to not draw unwanted attention.