OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Michael Dean (michaelldean_at_sbcglobal.net)
Date: Sat Oct 26 2002 - 18:56:31 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ust a short note from N. Ca where high tech unemployment is about 8%. I
    am in a group studying for the CISSP test. This certification, we
    believe, is important in differentiating ourselves, and we too have a
    wealth of experience, my partner as a spook in Vietnam War, me as a high
    level health system admin & information systems, security in
    applications etc. 88% of security is within company as an employee --
    makes sense -- companies don't want to reveal what is happening, it
    could threaten their stock levels. But American companies do want
    security persons with computer science background and it pays about
    115,000. One of the network admins in our study group is earning 95K so
    that he can get out of boring work. Now audit work, per se, well, that
    just may be too narrow a niche, and too attackish for flavor. I suggest
    you certify, I suggest you broaden your skill set away from audit and
    you may start seeing more action. But definitely not as an independent.

    NOw your answer below -- I think that guy is all wet. Maybe that's the
    attitude in the corner drugstore, but not in any big business.
    Antonomasia wrote:

    >From: Alan Cox <alanlxorguk.ukuu.org.uk>
    >
    >On Sat, 2002-10-26 at 16:01, Yousry Kassieba wrote:
    >
    >
    >
    >>>job..can you imagin that i have got all this wealth of experiecnce and i
    >>>have cannt find a job in computer security audit field
    >>>
    >>>CAN any one tell me why is that?
    >>>
    >>>
    >
    >
    >
    >>Because people don't wish to pay for security, just moan about the lack
    >>of it. Security doesn't add to the short term bottom line, inflate the
    >>stock price and let the management run off with a load of money.
    >>
    >>
    >
    >Those who do have a job doing security stuff don't get things all their own
    >way. You may actually get the chance to audit code in the workplace. But
    >if it's written by another department in your company what do you think it
    >will take to get it fixed ?
    >
    >I could do an off-topic rant on a pile of things but I'll let you escape
    >this time. Suffice to say that tying the hands of the security staff is so
    >common that the reason for employing them is more likely to be PR than
    >implementation of objective security measures. So why would the security
    >staff need any experience ?
    >
    >Suppose I'd better mention this too:
    > http://www.cl.cam.ac.uk/~rja14/econsec.html
    >
    >
    >