My .02$ If you are trying to focus your career into a specific sub section of security then a security related company tends to make that possible. If you are trying to be a jack of all trades and learn everything about anything then a non-security company will allow that. I have done both. In the past I have worked for a software company that had nothing to do with security. I did it all, firewalls, IDS, hardening, vuln-test/pen testing, etc. etc. Now I work for a specific gov agency and I ONLY do incident response and forensics. (Where I wanted to focus). The Crocodile ----- Original Message ----- From: "Gadrow, Jim" <jgadrowat_private> To: "'Anton Chuvakin'" <antonat_private> Cc: <securityjobsat_private> Sent: Friday, September 21, 2001 12:04 PM Subject: RE: Any profitable SECURITY-ONLY companies? > > Well, I have to say that my job is a incredible amount of fun, and is not a > security-only shop. Actually, I'm the only security guy here. So I get to do > everything. IDS, Firewall, Network design, OS hardening checklists, > antivirus, NT, Unix/Linux etc.... > > Quite a challenge. I don't think this should be too unusual... If you want a > challenge like this, look for a company that has been around and is doing > some expanding into new areas like e-commerce or web hosting, etc. Many of > them have a minimal security staff, because their focus is more on their > main product lines, which leaves some challenging projects for the security > folks. > > I don't think I'd even consider looking in a security-only shop. I don't > think I'd get near the amount of challenge and hands on experience in the > wide variety of tasks as I do now. > > Regards, > Jim > > -----Original Message----- > From: Anton Chuvakin [mailto:antonat_private] > Sent: Thursday, September 20, 2001 6:19 PM > To: securityjobsat_private > Subject: Any profitable SECURITY-ONLY companies? > Importance: High > > > Hello all, > > In the course of my current job search, I seem to have developed a strange > conclusion about the infosec companies: they are either start-ups running > on the last drops of venture capital (well, last drops might be $40 mil > received in Fall 2000, but for the sake of argument - it is still venture > money) or small 1-10 person shops that are profitable because they stay > small. Both offer little in terms of potential employment: I rule out > first group due to my recent experience and second are not hiring at all. > > Well, there are also behemoths like NAI or Symantec, which are heavily > involved in security, but it is quite impossible to get in (no matter how > many times one reads "What color is your parachute" book ;-). > > Maybe I am mistaken in restricting my job search to security companies > only, but I do that due to the fact that most fun jobs seem to be there. > Compare designing a new IDS to ensuring HIPAA compliance of a hospital and > you will understand what I am talking about. > > Am I wrong (hopefully) or what? I just came back from a local ISSA chapter > meeting and we were presented with a hyper-optimistic speech on how the > need for security will drastically grow in the next 12-24 months, but I am > unwilling to wait that long (need to eat something before that ;-)). > > Best regards, > -- > Anton A. Chuvakin > === You either succeed or learn! === > http://www.chuvakin.org > licq: 29034084 >
This archive was generated by hypermail 2b30 : Sat Sep 22 2001 - 05:44:55 PDT