I definitely think there is a need for security and people are definitely spending money on security (well at least security software, I know first hand). Not all security companies are doing that bad, however a large majority of them seem to be. I've been saying it for a while now but I think over the next year and a half or so we'll see security companies start to tumble over like dotcoms. Its not that people do not need security or that people aren't spending money on security but there are to many half thought out ideas being turned into companies. To many security consulting companies that lack anything unique or most of the time, just plain lack any clue of what they are trying to do or provide as a business. In the arena of security products it all falls closer to the dotcoms for like the dotcoms you have many security product companies developing products which they think are "cool" or "a good idea (tm)" however "the market" (people with the cash) does not really think those products are a good idea. Much like trying to have an online pet store when no one wants one. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: Joe Judge [mailto:joeat_private] | Sent: Saturday, September 22, 2001 7:55 AM | To: securityjobsat_private | Subject: RE: Any profitable SECURITY-ONLY companies? | | | | | I agree ... except that the small 1-10 person shops are close to | dying also. | | So whats the truth, the messages are: | security jobs are posted | need for security strong | big articles about how IT security budgets are "soaring" | ... but no one is really hiring?? | | There are enough strong security folks on the beach right now to form | one hell of a company (infosec, compsec, security ops & | engineering people). | | -- joe | joe judge, boston, security guy, www.intrusion.org | | | > -----Original Message----- | > From: Anton Chuvakin [mailto:antonat_private] | > Sent: Thursday, September 20, 2001 6:19 PM | > To: securityjobsat_private | > Subject: Any profitable SECURITY-ONLY companies? | > Importance: High | > | > | > Hello all, | > | > In the course of my current job search, I seem to have | developed a strange | > conclusion about the infosec companies: they are either | start-ups running | > on the last drops of venture capital (well, last drops might be $40 mil | > received in Fall 2000, but for the sake of argument - it is | still venture | > money) or small 1-10 person shops that are profitable because they stay | > small. Both offer little in terms of potential employment: I rule out | > first group due to my recent experience and second are not | hiring at all. | > | > Well, there are also behemoths like NAI or Symantec, which are heavily | > involved in security, but it is quite impossible to get in (no | matter how | > many times one reads "What color is your parachute" book ;-). | > | > Maybe I am mistaken in restricting my job search to security companies | > only, but I do that due to the fact that most fun jobs seem to be there. | > Compare designing a new IDS to ensuring HIPAA compliance of a | hospital and | > you will understand what I am talking about. | > | > Am I wrong (hopefully) or what? I just came back from a local | ISSA chapter | > meeting and we were presented with a hyper-optimistic speech on how the | > need for security will drastically grow in the next 12-24 | months, but I am | > unwilling to wait that long (need to eat something before that ;-)). | > | > Best regards, | > -- | > Anton A. Chuvakin | > === You either succeed or learn! === | > http://www.chuvakin.org | > licq: 29034084 | > | |
This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 12:34:20 PDT