> There were no red flags because I was so naive. But… there’s a ton of red flags [in retrospect]…. [For example] when you’re in the interview process and you’re talking about defending [the UAE] and … doing tracking of terrorist activity,… but then you’re [being asked] very specific questions about integrated enterprise Windows environments and [how you might hack them]. Guess who doesn’t have those type of networks? Terrorist organizations. So why [is the recruiter] asking these kinds of questions…?
> So had I been really cognizant of where or what I was stepping into, I probably would have known during even the interview process that something is a little bit amiss here.
Given the number of trainings that he would have attended while working at the NSA, I find it hard to believe that his OpSec radar wouldn't have been going off at that point.
Having read the remainder of the interview, IMO the entire series of events can be summarized as follows:
>Things were fishy from the start, but the compensation was good so I was happy to collect a paycheck until all plausible deniability went out the window. Knowing the gravy train wouldn't last forever and that the US govt would one day come knocking, I denied a position at DarkMatter and moved back to the states.
Must indeed have been quite naive, working for UAE, a dictatorship, where they still have what basically constitutes a modern form of slavery.
Perhaps not even former NSA employees are immune to the stuff influencers on social media pump out. Have a nice life in beautiful Abu Dhabi? Why not? It takes little to inform oneself about the country and the people in power though. I cannot understand, how one can move to another country and not look such stuff up. My guess about this is, that other people are simply way less hesitant to make such a move. Then of course there is the payment matter. With proper payment, perhaps we are willing to overlook certain things more easily or to not look too closely in the first place.
If you're in Northern Virginia, you'll see that many ex-NSA employees have evolved to also sell personal location data to Saudi Arabia and other despots. There are a dozen of these companies all working in the "ad" space.
The US doesn't have the moral high ground either. Every country has issues.
As a German who's currently in Dubai, I find it amusing when an American judges the UAE.
The US has tons of undocumented/illegal immigrants which live in horrible conditions, but companies still employ them because they're cheap. How's that not modern slavery?
How about all the H1B abuses?
In the UAE some companies may abuse the situation of foreign workers too, but the government clearly says you should not hand out your passport.
My American coworkers get taxed on their worldwide income, which basically only one other country does. Dictatorship?
The US started killed so many innocent people in the Middle East to get their hands on the oil.
To be very clear, to me the NSA or UAE NESA are one in the same. I wasn't pointing out one side being better than the other. He went from one, to another. NO government has any moral high ground, or character in my book. A state is a state. A state seeks to control and manipulate it's populace and others for it's own means. Period. And any government employee doing something as "just a job" for a state which infringes on any rights of a citizen is in the same book to me. For example, an IRS worker isn't any better than an NSA. One is spying on your finances and stealing your money, the other is surveiliing in the name of whatever hot-button lie of the month/year is up next. CSAM today!
Not sure if UAE is the same but my friends who worked in Saudi paid $0 income tax (some token amount of US tax to avoid the gaze of the IRS) and had their house and car arranged by the company. So a $200k salary in SA was much more akin to a $350k salary in California in terms of the amount of money you’d save.
> If you are American you still pay us taxes, no matter where you live.
You have to file, yes, but you don't necessarily have to pay. For Federal taxes there is the Foreign Earned Income Exclusion. As long as you are outside of the US for at least 330 days in a year you can exclude up to $108,700 (for 2021) in foreign earnings. There are a few other scenarios too.
In this case you would pay. No FEIC if you don't pay taxes in the country where you earned the income. The UAE doesn't have a federal income tax and has no tax treaty with the US so several boxes are missing for FEIC.
> No FEIC if you don't pay taxes in the country where you earned the income
That's technically only true for one of the two possible tests for FEIE. The presence test doesn't require any taxes to be paid anywhere else, and the bona fide resident test only requires that your "tax home" is in a different country.
I'm not 100% sure but for former NSA folks I think that is pretty great. I don't think the NSA pays all that well. At least not if you are used to fang salaries.
$200k is not "crazy high" - it's higher than a lot, for sure, but if you're in a HCOL area and work for a big company (not even FAANG-level) you can make that much within a few years at most. FAANG is even higher - median new grad total comp at Google is about $190k. Senior is almost twice that.
Top computer security professional can make a lot of money. 10+ years ago I knew someone making 350k in northern VA and a few people over the 200k range. It’s generally an unpleasant job with a small talent pool and plenty of options to move into other areas.
$350k isn't an "incredible" compensation package, and $200k shouldn't be considered high. You can earn that remotely pretty much anywhere working for a FAANG or fintech.
I'm making $500k+ in Atlanta as a reference point. As are my coworkers. I'm not super senior, and I'm not bragging. I just want to spread awareness of the existence and obtainability of these salaries.
Unheard of no, but it’s somewhat like suggesting every actor should aim for Hollywood A lister compensation because the jobs are out there. The top 1% compensation in any field tends to be wildly outside the norm and it keeps going up from there.
The equivalent would be telling other actors to audition for roles at [big studio] because they pay way better than [indie firm/commericals/etc]. And then everyone else coming along and being like "pfft why even bother".
A lot of people think they can't get jobs at high paying tech companies, when they can. Or they think it'd cost them their work-life-balance, when it often doesn't. Or that they wouldn't be able to handle it, when that shouldn't be a factor at all.
People aren’t saying why bother to apply, their saying why bother to promote such salaries as somehow common. More people applying doesn’t somehow increase the number of openings it just pushes down salaries at [big studio].
I mean Google getting 300 vs 200 applicants for an opening is kind of silly thing to promote.
Looking back, we are responding to a post saying “$200k shouldn't be considered high.” That’s not saying 200+k is Attainable that’s saying 200k is common.
They also say $350k isn't an "incredible" which seems to suggest it’s more than just attainable it’s a reasonable goal.
If you're happy with a 100k salary, far be it from me to commiserate. But don't tell other people they can't attain higher compensation that puts them into the top 1% of earners. These jobs are real, they're not scarce, and they're absolutely not overly difficult to attain. You don't even need a college degree.
Why not let us all in on a little secret and actually tell us what position and what certifications would be expected and required for this unicorn $500k job title? I know plenty of principle engineers, many of which are 10xers who make nowhere near this salary at all. So do tell a little bit.
Came back hours later after work and browsed levels.fyi a bit, I do see these total compensation levels specifically for FAANGs but misunderstood as you saying it was not for a FAANG and was a base salary. Probably just my understanding. I can see $500k-$1m for a FAANG with base/stock option/tenure/bonus.
How am I out of touch if I'm reporting my actual total comp and that of my coworkers?
Some businesses pay more than others. 100 billion, trillion dollar companies can afford to throw money around. They need lots of engineers to keep their services running and will do what it takes to attract them.
Just look at levels.fyi! That's real data. You'll see 600k, 700k jobs.
People in Atlanta in particular aren't aware of these salaries and they need to know. I'll tell people more details if they reach out.
It behooves me to get people paid more in Atlanta. It drives up market rates and brings more talent here. It also brings more high quality work and venture capital.
Before the pandemic, I spent a lot of time recruiting and telling people about this f2f. My improv buddies, people at bars, literally anyone who also worked in software.
If you aren't making this money and aren't happy, keep looking. There are places that are trying to fill headcount that will pay this salary.
Conversely, there are a lot of new startups that can't compete in the salary dimension and will use other perks such as 4-day work weeks, work abroad, and other desirable things that drive recruitment and retention.
There are very few jobs that aren't plumbing crud at some level. Find something that gives you what you want in exchange for crud plumbing.
When I start a company I likely can't afford this kind of comp either, so I'll do my best to make it up with other tangible perks. Like 4-day weeks and interesting domain work.
Even if you're not making these wages now, it doesn't mean you can't or won't.
I want all of us to make bank. It gives us FIRE, financial mobility, ability to pursue bootstrapped startups, etc.
Please don't normalize lower pay. It hurts us all.
3 to 4 leetcode-lite engineering problems plus a couple of architecture/discussion interviews. I'd say most of the interviewers do a good job of not being elitist/snobby or using impractical problems.
My personal interview problem isn't designed to be tricky, clever, or outside of something you might actually do at work. It's my job to help candidates do their best. I make a point of conducting an above average number of interviews, too.
I refuse to read resumes before interviews unless I'm interviewing the candidate about work experience. I don't want any bias about education or work history.
Being a SWE with even an implementor background in security is quite lucrative. Someone has to make all the crypto libraries that mathematicians come up with.
I can believe it. I remember hurting my back right before a trip to Singapore. I was prescribed hydrocodone by my doctor knowing that was the only chance I had of getting any sleep on the flight. I land and my coworker reminds Me Singapore has death penalty level punishment for “hard” drugs so I immediately flushed it all down the toilet despite having a valid prescription which probably would have been fine.
It’s easy to forget to do research on a country before you go there when it’s not something you’d consider “third world”.
The same moral reasoning can make nearly anything immoral. For example, is it morally right to pay taxes to Uncle Sam, knowing he will use them to pay for drone strikes in wars he started killing millions in the third world? Is the only moral option to give up ones citizenship and move to another country?
Yet, very very few people do this.
Is writing code for the UAE to help them kill people so different to paying money to the USA to help them kill people?
I find value in being ethically consistent, but I don't care for arguments like these.
Another variation of this is "why should I care about ethical issue 'X' since we all purchase goods and services that enable child or exploitative labor in another part of the world?" People can care about multiple issues at the same time. The fact that I, by necessity, have to participate in systems that enable oppression doesn't mean I should throw my hands up and disregard ethical decision making entirely.
I'm not saying it's happening in this case, but often these types of arguments do little more than serve as reactionary push-back against those seeking to solve issue "X" rather than being borne out of actual concern for the issue they've propped up in its place or some sort of concern about ethical consistency.
> Given the number of trainings that he would have attended while working at the NSA, I find it hard to believe that his OpSec radar wouldn't have been going off at that point.
These types of training tend to be very specific, and certainly do not involve questioning chain of command.
This is why he immediately noticed things like possible surveillance, but it took him much longer to question the mission and his commanding officer.
I think a lot of the external view of the NSA's training is tinted by Snowden's books and writing.
It is important to remember that Snowden was also CIA before he worked at NSA, and went through full CIA training for CIA staff stationed in foreign embassies (he was in Geneva, and I think Japan?).
Bingo. This is essentially the "PR" cover story that all ousted government employees seem to use once they're caught out. "Oh, I didn't realize I was even working for a murderous regime! I liked the paycheck though!"
>Given the number of trainings that he would have attended while working at the NSA, I find it hard to believe that his OpSec radar wouldn't have been going off at that point.
I've seen a similar line of thinking with regard to federal employees (who should have known better) and were successfully recruited, but then later arrested. You have to wonder to what degree they're telling the truth, or to what degree they really had blinders due to being so successfully charmed. Either way, this is common. I think it's hard for people to say "yes, I knew deep down this was a problem but hoped it wasn't true somehow."
imho NSA people is technically skilled but politically naive... and that's clearly why they work for NSA in the first place...
Technical training can make you good a something, but it doesn't necessarily make you aware of why you are doing something and what are the political consequences.
That's why also social science education and critical thinking is needed... to avoid those kind of situations.
I don't think that's the only reason people work for the NSA. Lots of people who are patriots (in their mind) go because they think it's a good cause. And I'm sure there are also political operators who do it because they think it's a way up whatever ladder they're climbing.
I would argue it's pretty naive to assume the positions of people internal to an organization such as the NSA. The NSA, just like the D.o.D., and the greater government employs people from all walks of life. They have representation of almost all major religions, atheists, democrats, republicans, libertarians, etc. It's no less diverse than other offices. I would also argue that the number of college educated to include PHD's is astronomical.
Plenty of critical thinking happens to avoid situations. In this case, a service member that probably made 50k all in, was given a juicy contracting offer above the local market rate for the time (though for good operators, $200k local wasn't unheard of at the time). He saw the money, went to Dubai.
Everyone in the agency knew of this contract, almost everyone said the same thing.. Screw that. A few took it, cashed in for a year or two, then left.
The fringe number of people that took this contract are far fewer than the vast number that said no. I know I said no, and about a dozen others that said the same. On the same shoe I knew two that did, most didn't last over a year.
> Given the number of trainings that he would have attended while working at the NSA
Right, so he was used to doing sketchy things and not questioning the ethics of what his superiors told him to do, just the right kind/level of sketchy for the right people, and didn't realize this was going to be a different kind/level of sketchy that would ultimately make him uncomfortable.
Other leaders. Leaders who were coming to visit [UAE] sheiks...
“Thanks for coming. Just as a sign of our appreciation, here’s a bunch of stuff.” One of those things happened to be a laptop. We do know that they were turned on sometimes. What happened after that we don’t aways know the answers to.
Got to be some sort of basic rule of being a leader not to take electronics from a foreign government and turn it on - or even do more than accept it to be gracious and then ensure it never goes anywhere near you.
Even at work we are not allowed to accept electronics from other companies.
I can’t imagine government officials or security people of a country using a full blown laptop provided by the government officials or security people of other countries!
Seems like an excellent counterintelligence opportunity. "Handing us an obvious trap we can flip around and use to deceive you / see what information you're looking for? Thanks."
Though I imagine UAE intelligence would also probably be accounting for that possibility, given it seems like such a natural thing to do in that scenario. Or maybe I'm overestimating both sides, depending on who's receiving the gift.
Given that decades ago, the Russians embedded completely passive microphones inside paintings and have them as gifts, undetectable to most equipment…yeah a full blown laptop should almost be an admission that “hey we’re trying to bug you”.
Nah, then they will try to get the information over other channels. Take the laptop and gift it to someone over craigslist or a similar site. It will take them some time to realize they are not monitoring you, using a persona, but a soccer mom from the suburbs who is really into social media and cooking.
It won't make anything more secure, but it can buy you some time and waste the attackers resources.
Now I'm picturing a series where actually it turns out that the person you sold it to is a major drug dealer or something and it plunges them into a web of international intrigue when the foreign government tries to blackmail them and then they come after you as revenge.
I think that is probably the plan ... I doubt the president is going to use it as their work laptop. Best case scenario you get into their home network somehow.
Yeah, this is absolutely insane. I worked briefly for an eastern european government (low level person, def not a senior official) and they even warned against having certain foreign apps on your personal/work mobile device. I don't remember them ever explicitly mentioning not to take and use electronics from a foreign government, probably because they thought it was so obvious it wouldn't be worth mentioning!
I just looked up the link to share this, but you already got to it so I’m going to sell Darknet Diaries to y’all.
This podcast series is one of my favorites. It some how manages to find a balance between being technical and accessible to the average person. Jack Resider is a great story teller. The level of care and detail they put into their research is incredible and they share the primary sources if you want to go even deeper.
If you like podcasts, give this a listen. Physical pentest episodes are my favorite.
Another thumbs up for darknet diaries. I love the show. The host balances technical talk and telling a story incredibly well and he covers all types of stories. Really anything "hacking" related you can think of there is probably an episode on.
Seconded. He really has a knack for telling stories and drawing narratives. As others have pointed out his stories are accessible to both the technical and non-technical people.
Quite the opposite.
The NSA would not provide the type of training that would make its own employees question the NSA itself, I'm sure you receive the exact amount of training to do your job and not more.
We're not. There was huge outrage when the Snowden documents were released, and the warrantless surveillance program was judged to be unconstitutional in 2020.
> So had I been really cognizant of where or what I was stepping into, I probably would have known during even the interview process that something is a little bit amiss here.
Given the number of trainings that he would have attended while working at the NSA, I find it hard to believe that his OpSec radar wouldn't have been going off at that point.
Having read the remainder of the interview, IMO the entire series of events can be summarized as follows:
>Things were fishy from the start, but the compensation was good so I was happy to collect a paycheck until all plausible deniability went out the window. Knowing the gravy train wouldn't last forever and that the US govt would one day come knocking, I denied a position at DarkMatter and moved back to the states.