I suspect that there will be a lot more replies on this topic, after the Thanksgiving weekend, but there were some excellent replies already and I wanted to summarize them, and share some thoughts of my own. All of the replies that I have received so far fall along similar lines. ---------------------------------------------------------------------------- --------------------------------------------------------------------- One of the main reasons for the CISSP, is the abysmal awareness of what we do amongst not only HR folks, but even our counterparts in the IT/MIS Industry. When we get together *we* KNOW who knows what they are talking about, but how in the heck would HR Folks, or even most IT/MIS Managers? On most of the contracts that I have held since forming UNIX & NT NETWORK SECURITY, LLC in 1995 I was generally the only one who had the big picture (not all mind you, at one of my latest contracts I was only one wheel in a big security machine, they had 3 folks doing viruses alone!!!). So to repeat, it's used by folks that don't understand what we do. Another reason, of course, is standardization. Some of us may focus on one area or another, it takes a long time to have "done it all" as they say. Having a CISSP would give one the broad knowledge to head into a contract in a new area without having to reinvent the wheel. For example if you had been doing firewalls for 2 years, and were hired to write security policy on a new gig you would already be aware of the terms we all use, and who the players are in that area, so that we can build on a common knowledge base. Another good point that was brought up was that for someone doing hands on work, such as installing C2, a VPN, or a one time password system it was less important. For managers, policy writers, team leads it would be more in demand. Lastly we come full circle back to rates, and employability. A number of people (especially those with a CISSP :) ) it was felt that in a situation where there were two candidates, who were equal in all other respects the one with the CISSP would probably be hired. I was actually writing a long quasi white paper on "Why I DON'T have a CISSP", to be used with employers, when it dawned on me that I would be better serving our Industry as a whole to join forces with those who hold one, rather than to "fight city hall". If I can help out in any way please let me know. Cheers, David David Hawley --- Future CISSP :) P.S. I have changed my preferences back to David Hawley, Rhino was my nickname from long ago, when my dating techniques resembled the charging Rhino, LOL. Bomd, was a typo, supposed to be Bond, as in James Bond. No more need for stealth, with this account. David Hawley UNIX & NT Network Security, LLC. drhat_private www.123netsecurity.com -----Original Message----- From: Rhino Bomd [mailto:rhino007_usat_private] Sent: Wednesday, November 21, 2001 2:21 PM To: securityjobsat_private Subject: RE: Rate's for contractors & employees Folks, I was *swamped* with responses. Thanks! So there seems to be enough interest that I will try and summarize, for all rather Than reply to 20 folks. I won't blow anyone's anonymity, as I promised. Some folks are still making the big bucks we used to charge 18 months ago, especially with clients they had worked for in the past. But a lot have had to take 20% or more cuts. The standard range seems to be pretty consistent at $60-$95, sometimes up to $125/hr, those who were getting more than $90 mostly said that the work was sporadic. While I have the floor, I have one more survey question. The deal is the same I won't pass on anyone's name or answers, specifically, but will summarize if the response is great. Here is the question: 1) How much difference does the CISSP make in getting hired? Came up through the ranks, paying my dues at Sun Micro, supporting Sun Federal when Sun was very small startup firm. Was there when the first Internet virus hit (the Internet WORM), supported C2 & B1, have worked with all kinds of firewalls, routers, written policy, PKI, network management, VPN, C2 audits, handled intrusion detection, post mortem, SSL, encryption, etc., etc. just don't want to spend thousands of dollars for some training that is fully redundant to my experience... unless it makes it much easier to get hired. David Hawley UNIX & NT Network Security, LLC. drhat_private www.123netsecurity.com -----Original Message----- From: Rhino Bomd [mailto:rhino007_usat_private] Sent: Wednesday, November 21, 2001 8:18 AM To: securityjobsat_private Subject: Rate's for contractors & employees I have been out of touch with the rates question for a while. When I look at the DICE Salary Survey it indicates that the mean rate is Something like $75/hr for all contract work. Of course we in the Security field should be doing better... but the recruiters I talk to Tell me that people are going out for half what they did 18 months ago. I tend to discount what they say, because their job it to Talk us down in price, and their Clients up in price, at all times. So I'm taking my own informal survey. I can promise that anyone Who responds directly to me will remain anonymous. I have no intentions of using this info for more than my own contract search & negotiations. Specifically what are the rates for someone who has had over 20 years of Industry experience, 25 years of security experience, 6 years of computer and network security consulting, and 15 years of UNIX experience. This kind of background used to bring in between $110/hr - $200/hr, depending on length of contract. David Hawley UNIX & NT Network Security, LLC. drhat_private www.123netsecurity.com _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2b30 : Fri Nov 23 2001 - 13:42:59 PST