but seriously, who hasn't enjoyed some Gedankenexperiment and run through all the neat little things one could do to really make someone's life a living hell? The fail here was the evidence trail he left :)

for myself, I intend to jump ship from facebook once a critical mass of my "friends" are available on g+ (and really, just friends, not people who know my friends). Until then, I'll live with fb updates to my inbox and the occasional interactive login to respond... oh wait. that's what I'm doing now!

Thanks Charlie and James! I'm rockin and rollin!

looks like matt grabbed the AC's invite. if there's anymore out there, i'd love to receive it! gyshin(@)g mail . com

i'd appreciate an invite as well. noone(.)indy@liamg.moc danke schon!

return to ARPAnet? Are you MAD?!?! replace the hierarchical DNS structure w/ P2P filesharing to avoid a vulnerability? Are you INSANE?!?! Sure, professional consultants may understand that alternatives exist for several key infrastructure services (oooh let's get rid of RIP/EIGRP/BGP/etc w/ static routes. It's more secure and that means its more reliable!). Hopefully they understand the issues w/ NOT utilizing it and the ramifications to operational costs to maintain it as well as the implications to reliability. End of the day... you're CRAZY!

I'd start reaching out to other utilities/organizations in a similar situation for what they're doing. I'm involved in the electric sector (ES-ISAC) as well as the FERC/NERC stuff so I'm heavily involved in the regional and national "user groups".

For more direct advice:

1) discrete network firewalled, ideally air gapped, from the "corporate" or normal network. This is a single function network.

2) strict controls on media usage as well as protocols on how to use

3) strict config management and change control

4) physical protections to "local" and "remote" systems (RTUs, PLCs, and IEDs (note: IED = intelligent electrical device), you really don't want to build a secure control room and then get back hacked from a field device!)

To actually learn more, Idaho National Labs has the National SCADA Test Bed Program (http://www.inl.gov/scada/) and they also have control system security workshops/training programs. Their Advanced SCADA Security Training is pretty eye opening, and that's coming from the perspective of an IT security guy. Your normal operators and operational engineers will likely be blown away by it.

Like I mentioned, coming from the electric sector, I know what your facing (technical as well as cultural issues) and feel you pain. Good luck, and know you are not alone out there... just a minority! ;)

Responding to your question: of course you can ask. If you ask politely, you might even get an honest response (more than likely, the harried and over worked HR rep will ignore you). Less likely, they will be overwhelmed by your diligence and move you to the top of the candidate list. Move on to the next comment if you don't want the dreaded free advice. Stop, don't get any more certs! Anymore certs without real world experience will just label you as a cert whore and welcome to the death spiral. Find experience, volunteer at a school/church/non-profit but you've got to get it. FIND a place to work, even for free. Use that experience (and possibly contacts) to land a paying gig. Yes, you've got more than enough qualifications for an entry level job (maybe over qualified?), but why spend more money for more certs? They're not helping you right now, you need experience. Look at WFYI, United Way, or even the Y. Even if they can't help you out directly, ask if they're aware of any organization that might need your help. I can't remember the name, but there's also one charity that does adult computer training on the east side, I'm sure there's more as well. Good Luck!