[HN Gopher] Security Clearances at the Speed of Startups
___________________________________________________________________
Security Clearances at the Speed of Startups
Author : sblank
Score : 35 points
Date : 2024-08-13 19:30 UTC (2 days ago)
(HTM) web link (steveblank.com)
(TXT) w3m dump (steveblank.com)
| bell-cot wrote:
| Rule of Thumb: Unless either (1) your family has been "in that
| line of work" for several decades, or (2) a Clearance is needed
| for long-term success in your chosen field, the grief & weirdness
| of getting & maintaining a Security Clearance is Just Not Worth
| It.
| Narhem wrote:
| The upside being having a security clearance is means almost
| always having a job available.
| martinky24 wrote:
| If you don't do drugs, don't commit felonies, and don't have a
| ton of foreign friends (particularly from a few key,
| problematic countries), it's really not _that_ bad. You have
| some more annual paperwork that you're paid to do, you might
| have some restrictions on certain international travel, but for
| many people, nothing of meaning really changes before/after
| getting one.
|
| It's not for everyone, but for plenty it's not a huge burden.
| Even if their family hasn't been "in that line of work" for
| several decades.
|
| And it unlocks the ability to work on certain things that
| simply don't exist elsewhere (no, not just weapons).
| greyface- wrote:
| Getting a security clearance comes with liability and potential
| downside that doesn't exist in the private sector. Some examples:
|
| * Restrictions and reporting requirements around international
| travel and contact with foreign nationals
|
| * Restrictions on discussing work with friends and family
|
| * Prohibition on cannabis use
|
| * Prohibition on reading publicly leaked secret documents (from
| the Snowden days:
| https://web.archive.org/web/20211120154017/https://sgp.fas.o...)
|
| Interns-to-be should consider carefully whether this lasting
| infringement on personal liberty is worth any upside of
| employment at a defense contractor for 3 months.
| basementcat wrote:
| Note that there are different clearances with different
| restrictions and obligations. Lower level clearances are not
| much different than standard background checks to obtain an
| HSPF-12 credential (US Gov ID badge) while higher level
| clearances may require periodic polygraph tests and other
| additional restrictions.
|
| https://www.commerce.gov/osy/programs/credentialing/hspd-12-...
|
| https://en.m.wikipedia.org/wiki/Security_clearance
| jonnybgood wrote:
| I believe the only lasting restriction is speaking about the
| work due to an NDA, which is not that different than NDA
| restrictions on speaking about private sector trade secrets and
| intellectual property. The other restrictions only last if
| seeking to maintain the clearance or employed in a position
| that requires a clearance. Clearances expire except for the
| NDA.
| buildsjets wrote:
| A job that requires a security clearance is not a job that I want
| to be doing, ever.
| j_bum wrote:
| Why's that? I'm really not familiar with the ins and outs of
| clearance.
|
| Do you have ethical reasons? Or practical?
| 1oooqooq wrote:
| Did you miss the several times on the news where
| whistleblowers had their lives destroyed after speaking up
| about literal knowingly bombing of children?
| girvo wrote:
| For myself it's somewhat ethical, and somewhat practical:
| there's no way I'd get cleared anyway, due to my history of
| hard drug addiction in my teens and early 20s. Despite being
| sober for... gosh, over a decade now, it's a moot point in
| that process.
| upfrog wrote:
| Don't assume that your history would be an immediate
| dealbreaker. With enough time, they are happy to ignore a
| lot of that stuff. Just be honest.
|
| Of course, if you don't believe in any of the causes you
| might need a clearance for, it doesn't matter, but don't be
| too quick to make that assumption either. A lot of stuff
| gets classified by the government, and not all of it is
| morally noisome.
| dgacmu wrote:
| You might be surprised. I have some friends who did a lot
| of drugs at one point or another in their life and ended up
| later holding a clearance. Addiction might be different,
| but I wouldn't let your past deter you from looking if
| there was an opportunity you really liked. The clearance
| process looks more at if you have a problem that can be
| exploited.
|
| (Now, that said, holding a clearance can be a pain for
| other reasons already detailed in this thread. A lifetime
| ban on talking about some things can be an annoying
| cognitive burden to carry, also.)
| wildzzz wrote:
| There's a lot of practical reasons why someone wouldn't want
| one. There are foreign travel and contact reporting
| requirements and use of weed is forbidden. Some people may be
| uncomfortable with the level of scrutiny that investigators
| go through to find dirt on you (talking to neighbors,
| friends, and family even if you didn't put them down as
| references). Once your clearance lapses, you have no
| requirements other than the lifelong NDA you sign regarding
| the work you did which could hamper future job interviews
| somewhat if you can't talk about what you actually worked on.
| If you write a book, you usually need to get permission prior
| to publishing by submitting drafts to the government,
| especially if it's relevant to your work.
|
| As for ethics, clearances go hand in hand in working with
| intelligence agencies, the department of defense, federal law
| enforcement or a few other departments either as a contractor
| or government employee. So if you are fundamentally opposed
| to what these groups do, maybe a job requiring a clearance
| isn't the best fit for you. There is another clearance called
| public trust that is very mild that may be required at places
| like the Treasury or NASA. Basically if you don't want a
| clearance, avoid working for the government.
| rdl wrote:
| Having done startups in the national security space (and had to
| deal with clearances) -- it's a bad system from both directions
| -- overly onerous compliance for good people AND ineffective at
| addressing modern security risks. It made sense in the 1950s as a
| way to protect large development and operational programs with
| long tenure employment against penetration by an external
| adversary (USSR), and to a limited extent, ideological or
| financially motivated defectors. It doesn't work as well today
| where someone can become "radicalized" online,
| foreign/international contacts are routine, etc.
|
| Just being a citizenship bar, even if it did nothing else, really
| complicates hiring in tech -- what you often end up doing is
| having as much work as possible done uncleared/commercially and
| then thrown over the wall to cleared people who can implement it
| with the client. Works well in infosec with mostly systems
| integrated with commercial stuff; doesn't work with jet engines
| or missiles as well
|
| Clearances being handed out like relative candy to 18-28 year
| olds in the military (so, for someone like Manning, approximately
| zero information responsive to requests (as minor records
| excluded, and the 7-10 year lookback isn't relevant when you have
| far fewer adult years), extreme reluctance to suspend or revoke a
| clearance when granted), and ineffective reporting of incidents.
|
| The hassle of holding a clearance to some extent depends on the
| issuing agency/level (DOD Secret is relatively non-hassle; law
| enforcement ones are more lifestyle focused on paper at lower
| levels; substantial travel restrictions for levels/programs come
| in above Secret too).
|
| There is also the difference between official restrictions and
| reality -- given OPM hack and general government incompetence,
| it's safe to assume your info becomes public or at least known to
| adversaries, so even after a clearance expires, it would probably
| be unwise to travel to some countries for a much longer period.
| Also exposes your family/other contacts to hassle from both USG
| investigators and potential foreign adversaries.
| MattPalmer1086 wrote:
| It definitely takes a long time and makes it hard to employ
| people.
|
| I've had SC clearance twice in the UK, which isn't too bad, just
| a couple of months or so. Even so, I saw people sit around
| waiting for their clearance, unable to do anything, and then
| leave before they had managed to do anything.
|
| One job I applied for needed a DV clearance, and that takes a
| really long time. They advised me to get another job in the
| meantime, but it was just too much hassle, so I passed on it.
| altairprime wrote:
| I think this submission title should be modified to:
|
| > Palantir's accelerated security clearance plan for students
|
| This addresses several issues with the headline as presented:
|
| - It's capitalized appropriately for HN.
|
| - It clearly states that this is about students _only_ , reducing
| the scope of the effort from the unstated framing: "all workers".
|
| - It reflects the single-company focus of Palantir in the
| article, improving HN submission search results for that company.
|
| - It reuses the exact wording of the most key heading in the
| article with only two words added: "for students".
| tedmiston wrote:
| Yeah, this is a much more accurate title than _Security
| Clearances at the Speed of Startups_.
|
| I think you need to email dang <hn@ycombinator.com> to see if
| he'll agree to update.
| vineyardlabs wrote:
| Not sure why this article (or Palantir) is trying to paint this
| as a new thing. I started at a legacy defense contractor
| immediately after graduating from undergrad. I was hired and had
| my security clearance process initiated during the fall of my
| senior year. Unfortunately this was during the great backup of
| ~2016 so I still wasn't cleared by the time I started, but they
| still had unclassified work I could do.
| kevin_thibedeau wrote:
| You should never submit an SF-86 before your first day of work.
| That is used to trick you into an interim clearance review that
| can lead to the job being revoked before you report for work.
| Once you're an official employee you can't be fired for denial
| of clearance, though an effort at constructive dismissal will
| likely ensue if they can't find an uncleared role for you.
| vineyardlabs wrote:
| That wouldn't have mattered for me. The contractor I worked
| for (and most that I'm aware of) required me to complete a
| questionnaire that they used to assess my likelihood of
| getting a clearance before extending me an offer.
|
| Not trying to doubt you, but I find the idea that a company
| can't terminate an employee for failing to get a clearance
| for a job that requires a clearance to be tough to believe.
| You have a source?
| jdmarble wrote:
| Is there a law that prevents a company from firing you if you
| can't get a clearance?
|
| I've seen job postings with something like "the ability to
| acquire and hold a [Top] Secret security clearance is
| required for this position". Is this illegal or necessary to
| be able to fire someone because they couldn't get or lost
| their clearance?
| anthomtb wrote:
| This was also the case for several of my college classmates and
| I graduated in the late 2000's.
|
| I would be curious why Steve Blank (who's pretty sharp
| otherwise) and Palantir are presenting this as something novel.
| 1oooqooq wrote:
| > Over the last five years more of my students have understood
| that Russia's brutal war in Ukraine and strategic competition
| with the People's Republic of China mean that the world is no
| longer a stable and safe place. This has convinced many of them
| to work on national security problems in defense startups.
|
| oh so that is why there's always that crap on the news?
|
| Man I miss when they lured smart kids with the false promises of
| moon rockets
| 0x1ch wrote:
| I don't know a single graduate that joined a defense contractor
| to help Ukraine lol. Maybe their bank accounts perhaps, but
| that isn't a false promise.
| 1oooqooq wrote:
| I was being facetious for humor, on the fact that now several
| senate hearings are public in which NASA budget was justified
| as such recruiting.
| jdmarble wrote:
| I think that a better strategy is to make the work that requires
| a clearance as "small" as possible. Consider two contractors:
|
| Contractor A does everything in a closed area. All software is
| written, built, and tested on classified information systems. In
| this situation, it is impractical to move anything out,
| regardless if the software is actually classified. It's easy to
| move things back and forth between the developer's machines and
| the (necessarily) classified test/production system, but now you
| have the problem from TFA: you can only hire cleared employees or
| you eat the cost of them doing nothing useful for ~1 year.
|
| Contractor B has arranged things so that the work that has to be
| done in a closed area is only on the specific information that
| _must_ be classified as described in the security classification
| guide for that program. Depending on the program this could be a
| small software library or even a configuration file. Interns and
| first-year employees can work on the majority of the system with
| dummy/stub libraries and fake data, then hand their work over to
| cleared employees for further testing in the closed area (if that
| is even necessary for the work at hand). It is not very hard to
| move software from an unclassified to a classified area. It is
| harder to move test results from a classified to an unclassified
| area. A description of what happened when an unclassified piece
| of software runs in a classified environment _can_ be sanitized
| and still leave all information necessary to continue work
| outside. Aside from the situation described in TFA, this also
| reduces the "it is miserable working in the SCIF" retention
| problem.
|
| It requires work to arrange things in this way, but not much more
| work if the software is written using best practices. Maybe this
| strategy only applies to software development. There are other
| professions out there I've heard. :)
| josh_carterPDX wrote:
| Security clearances should take a long time because the risk of
| information being leaked is so high. Not sure I'm aligned here
| with Palantir or Steve Blank that the process needs to be sped
| up. Sounds like a recipe for disaster given all of the leaks
| we've seen over the past decade or more.
| bpshaver wrote:
| The article does not mention speeding up the process, only
| starting it sooner.
| bpshaver wrote:
| I work in this industry and I thought the practice described here
| was common. I'm aware of multiple companies, including my own,
| that put in for security clearances for interns so they can have
| a clearance on the first day of their full time employment.
| enjoyyourlife wrote:
| This is how the hiring process already works at government
| agencies. You get a CJO (Conditional Job Offer) are able to start
| the clearance process and get the FJO (Final Job Offer) once you
| receive the clearance.
___________________________________________________________________
(page generated 2024-08-15 23:00 UTC)