Re: Contract Rates & CISSP or not

[ark () eltex ru]

nuqneH,

nuqneH,

That's all true but why the hell should we pay for it so much?

There is no paper that can _really_ prove your skill - and if you need one
to show to some moron^H^H^H^H^HHR man to prove you are not complete idiot,
Brainbench "Master Internet Security Specialist" will fit perfectly for just
~3% of big bucks you spend to be CISSP.

Supporting this _bad_ practice you make it a kind of de-facto standard and
cause troubles to people who are not willing to.

YOU (David Hawley) WROTE:
>  
>  There was a great deal of interest on these two topics on a
>  securityfocus.com list, so it made sense to share this information with you
>  all.  My first question is at the BOTTOM of this posting, and is about
>  consulting/contract rates
>  Not the Agency or Corporations billing rate, but the take home W2 or 1099
>  rate we see on the check (no distinction was made between W2 and 1099, but
>  you can assume ~15%+-).  I conducted this survey because the SANS and DICE
>  Salary Surveys don't seem to reflect the effects of the bursting of the
>  dot.com bubble yet.   Just ABOVE that posting is the summary of responses
>  (there were about 20 so far), and the question about CISSP.  The final
>  email, at the top, is the summary of the replies about the need for a CISSP
>  cert.
>  
>  If anyone wants to send me any feedback, or input they have I promise not to
>  expose their name to the list, just as
>  promised when conducting the other two surveys.  However am willing to
>  summarize to the list if there is a lot of interest.
>  
>  
>  ----------------------------------------------------------------------------
>  ---------------------------------------------------------------------
>  One of the main reasons for the CISSP, is the abysmal awareness of what we
>  do amongst not only HR folks, but even our counterparts in the IT/MIS
>  Industry.  When we get together *we* KNOW who knows what they are talking
>  about, but how in the heck would HR Folks, or even most IT/MIS Managers?  On
>  most of the contracts that I have held since forming UNIX & NT NETWORK
>  SECURITY, LLC in 1995 I was generally the only one who had the big picture
>  (not all mind you, at one of my contracts, was only one wheel in a big
>  security machine).  So to repeat, it's used by folks that don't understand
>  what we do.
>  Another reason, of course, is standardization.  Some of us may focus on one
>  area or another, it takes a long time to have "done it all" as they say.
>  Having a CISSP would give one the broad knowledge to head into a contract in
>  a new area without having to reinvent the wheel.  For example if you had
>  been doing firewalls for 2 years, and were hired to write security policy on
>  a new gig you would already be aware of the terms we all use, and who the
>  players are in that area, so that we can build on a common knowledge base.
>  Another good point that was brought up was that for someone doing hands on
>  work, such as installing C2, a VPN, or a one time password system it was
>  less important.  For managers, policy writers, team leads it would be more
>  in demand.
>  Lastly we come full circle back to rates, and employability.  A number of
>  people (especially those with a CISSP) it was felt that in a situation where
>  there were two candidates, who were equal in all other respects the one with
>  the CISSP would probably be hired.  I was actually writing a long quasi
>  white paper on "Why I DON'T have a CISSP", to be used with employers,  when
>  it dawned on me that I would be better serving our Industry as a whole to
>  join forces with those who hold one, rather than to "fight city hall".  If I
>  can help out in any way please let me know.
>  Cheers, David
>  David Hawley --- Future CISSP :)
>  
>  
>  David R. Hawley CEO/Chief Consultant - UNIX & NT Network Security, LLC.
>  drh () 123netsecurity com
>  www.123netsecurity.com
>  
>  NOTE: Rhino Bomd was the alias I was using on my Yahoo account. ~drh~
>  
>  -----Original Message-----
>  From:        Rhino Bomd [mailto:rhino007_us () yahoo com]
>  Sent:        Wednesday, November 21, 2001 2:21 PM
>  To:  securityjobs () securityfocus com
>  Subject:     RE: Rate's for contractors & employees
>  
>  
>  Folks,
>  Was *swamped* with responses.  Thanks!  So there seems to be enough
>  interest that I will summarize, for all rather than reply to 20 folks.
>  Won't
>  blow anyone's anonymity, as promised.
>  
>  Some folks are still making the big bucks we used to charge 18 months ago,
>  especially with clients they had worked for in the past.
>  
>  But a lot have had to take 20% or more cuts.  The standard range seems to be
>  pretty consistent at $60-$95, sometimes up to $125/hr,
>  those who were getting more than $90 mostly said that the work was sporadic.
>  
>  While I have the floor, I have one more survey question.  The deal is the
>  same I won't pass on anyone's name or answers, specifically, but will
>  summarize if the response is great.  Here is the question:
>  
>  1)   How much difference does the CISSP make in getting hired?
>  
>  Came up through the ranks, paying my dues at Sun Micro, supporting Sun
>  Federal when Sun was very small startup firm.  Was there when the first
>  Internet virus hit (the Internet WORM), supported C2 & B1, have worked with
>  all kinds of firewalls, routers, written policy,  PKI, network management,
>  VPN, C2 audits, handled intrusion detection, post mortem, SSL, encryption,
>  etc., etc.  just don't want to spend thousands of dollars for some training
>  that is fully redundant to my experience... unless it makes it much easier
>  to get hired.
>  
>  
>  David Hawley
>  UNIX & NT Network Security, LLC.
>  drh () 123netsecurity com
>  www.123netsecurity.com
>  
>  -----Original Message-----
>  From:        Rhino Bomd [mailto:rhino007_us () yahoo com]
>  Sent:        Wednesday, November 21, 2001 8:18 AM
>  To:  securityjobs () securityfocus com
>  Subject:     Rate's for contractors & employees
>  
>  
>  I have been out of touch with the rates question for a while.  When one
>  looks
>  at the DICE Salary Survey it indicates that the mean rate is
>  Something like $75/hr for all contract work.  Of course we in the security
>  field should be doing better... but the recruiters I talk to tell me that
>  people
>  are going out for half what they did 18 months ago.  I tend to discount what
>  they say, because their job it to talk us down in price, and their Clients
>  up in
>  price, at all times.  So I'm taking my own informal survey.  I can promise
>  that
>  anyone who responds directly to me will remain anonymous.  Specifically what
>  are the rates for someone who has (cumulative) had over 20 years of Industry
>  experience, 25 years of security experience, 6 years of computer and network
>  security consulting, and 15 years of UNIX experience.  This kind of
>  background used
>  to bring in between $110/hr - $200/hr, depending on length of contract, and
>  level of responsibility.
>  
>  David Hawley
>  UNIX & NT Network Security, LLC.
>  drh () 123netsecurity com
>  www.123netsecurity.com
>  
>  
>  
>  
>  
>  _______________________________________________
>  firewall-wizards mailing list
>  firewall-wizards () nfr com
>  http://list.nfr.com/mailman/listinfo/firewall-wizards
>  


-- 
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards