Jump to content


Photo
* * * - - 2 votes

If someone else tells me they want to be in "Security"....


  • Please log in to reply
18 replies to this topic

#1 DamienAK

DamienAK

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 15 posts

Posted 21 June 2007 - 07:31 PM

... I swear I'm gonna flip out. (backstory: As my day job I pay the bills being a head-hunter for a IT Staffing company). I swear nowadays everybody wants to be a "security Analyst" or a "security specialist" or a "Security ___________ [insert random job title here]. What is it with these people thinking that being an "ethical" hacker is something you can pick up by reading Hacking Exposed. "I'm working on getting my Security+ certification" great job deuche bag. who cares? Maybe I'm in a unique perspective being a recruiter, I get to see trends in the industry develop early. I'm just sick and tired of dealing with these Network Admins who think "they know a thing or two" about hacking. Sometimes I wonder why I don't just send my resume over to companies instead of trying to recruit people that think setting up WEP on your router at home should be mentioned on your resume under the security section right next to Norton Anti-virus and Zone-Alarm (oh wait, it's because I make over 6 figures a year). Oh well, enough of my little rant here.

Just some job advice for any of the up-and-coming hackers on this board: Don't try to go into "security" if you don't know what you're talking about. If the recruiter you are interviewing with knows more about Metasploit than you it's a pretty good sign that you should stick to being a Network Admin. On that note being a Pen Tester pays a lot. I'm working on a position right know where the person who gets the job will probably make around $100-$120 per hour for a 3 month project (thats an easy 40-45K in three months).

#2 BoBo

BoBo

    I have the Phreak Phactor

  • Members
  • 77 posts

Posted 21 June 2007 - 07:48 PM

I'll keep that in mind when I look for a job :)

#3 stacksmasher

stacksmasher

    Mack Daddy 31337

  • Members
  • 214 posts

Posted 21 June 2007 - 09:50 PM

90% of the people in Infosec are a bunch of fuckups. Most people that have a CISSP are dumfucks that cant run nmap. and last but not least go to DEFCON and walk around and find the weirdest person you can and buy them a drink, they will teach you more than any book.

#4 savant

savant

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 368 posts
  • Gender:Male
  • Location:408

Posted 22 June 2007 - 01:10 AM

DamianAK, I see your point, but (and this is just $.02) you seem to be self defeating in this;

I've seen two of your posts now back to back talking about how much money you make. In this very thread you mention it twice in one post. It's nice to be well compensated for a skill set, but maybe constantly reminding people how much money you get encourages people to try and take the fast track? That's part of the reason people think a security.* job is so sexy...

#5 jedibebop

jedibebop

    Dangerous free thinker

  • Members
  • 1,935 posts

Posted 22 June 2007 - 01:55 AM

I want to be in Security...

#6 DamienAK

DamienAK

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 15 posts

Posted 22 June 2007 - 07:46 AM

DamianAK, I see your point, but (and this is just $.02) you seem to be self defeating in this;

I've seen two of your posts now back to back talking about how much money you make. In this very thread you mention it twice in one post. It's nice to be well compensated for a skill set, but maybe constantly reminding people how much money you get encourages people to try and take the fast track? That's part of the reason people think a security.* job is so sexy...


Thanks for pointin that out cause usually I'm really not somebody to talk about money a lot. I had to rant yesterday cause I spent 12 hours at work trying to find a good pen tester to no avail. maybe I needed to remind myself why I do that stupid job :blowfuse:

#7 feverdream

feverdream

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 341 posts
  • Location:Here.

Posted 23 June 2007 - 07:14 PM

How the heck does somebody make 120/Hour doing security?

I do this for a living, and I do not make near anywhere $120/Hour. Hell, I dont even make $50/Hour, and my official title is "Unix Security Test Engineer". I work with such things as SECSH and TTLS (SSL) connection apps.. on 20+ different UNIX based platforms. My entire day is spent talking about public and private keys, HMACs, Ciphers, Exponential Key (Read: DH) Exchanges, and how great Boost is compared to crappy pointer math in C code written by people who do not know the difference between pre-incrementation and post incrementation and like to use while(1) loops.

I do not understand what you seem to mean by the type of people going for this type of work; During my first interview I had to explain to the guy interviewing me - turned out to be one of the devs on my team - common security problems like leaking objects, integer overruns/underruns, buffer overflows, off-by-one errors, input sanitation, stack overflow, thread leaks, memory leaks, attack surface reduction, and more... That should scare anybody who does not know what they are doing away from it after the first time, or at least let them know they have much more to learn.

What part of the world are you in that needs people for that much?

Edited by feverdream, 23 June 2007 - 07:15 PM.


#8 jabzor

jabzor

    hax?

  • Agents of the Revolution
  • 1,146 posts
  • Country:
  • Gender:Male
  • Location:Northern Elbonia, fighting the lefties

Posted 23 June 2007 - 07:53 PM

How the heck does somebody make 120/Hour doing security?
What part of the world are you in that needs people for that much?

They'll pay that up here in oil country Canada, if you are worth it.
A company I am looking at is in a bidding war to try to secure more CCIEs from their biggest competitor and the CCIEs are making out like bandits; especially the multi-cert ones.

Over a billions dollars changing hands daily in this province, there is a massive shortage of qualified and able specialists to keep up with the workload and far more money than anybody knows what to do with it being thrown at some of the top guys in the world. If you think the specialists are being paid well, their retainers and agents are making far more money, you don't want to know the signing bonus a head-hunter makes up here.. I know of one making well over a million a year for just FINDING people to work (and the perks, free travel and paid vacations)!

It's like the last IT bust never happened, people are drunk from the boom going on. ;)

Edited by jabzor, 23 June 2007 - 07:55 PM.


#9 C'thulhu

C'thulhu

    Gibson Hacker

  • Members
  • 80 posts
  • Location:Albuquerque, New Mexico

Posted 23 June 2007 - 07:57 PM

To show everybody what a total noob I am I had to actually google "pen tester" to find out what the heck it is, I ran into the following link which I thoought was pretty funny -- http://blogs.securit...hp/archives/223

#10 gloomer

gloomer

    Hakker addict

  • Members
  • 588 posts

Posted 23 June 2007 - 08:52 PM

Funny you mention that C'thulhu lol, I was just going to post that :P

Great article. :P

#11 feverdream

feverdream

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 341 posts
  • Location:Here.

Posted 23 June 2007 - 10:11 PM

How the heck does somebody make 120/Hour doing security?
What part of the world are you in that needs people for that much?

They'll pay that up here in oil country Canada, if you are worth it.
A company I am looking at is in a bidding war to try to secure more CCIEs from their biggest competitor and the CCIEs are making out like bandits; especially the multi-cert ones.

Over a billions dollars changing hands daily in this province, there is a massive shortage of qualified and able specialists to keep up with the workload and far more money than anybody knows what to do with it being thrown at some of the top guys in the world. If you think the specialists are being paid well, their retainers and agents are making far more money, you don't want to know the signing bonus a head-hunter makes up here.. I know of one making well over a million a year for just FINDING people to work (and the perks, free travel and paid vacations)!

It's like the last IT bust never happened, people are drunk from the boom going on. ;)


Canada, eh? ;)

And you have to have a CCIE? Man..that seems kind of, well, unfair. A lot of people I have known that are total idiots get certs, and that does not make them more knowledgeable or better at the job; In fact they tend to get dumber after them because they depend on that cert and the course work they later forget because "I have the cert, why should I care enough to actually know it". I do not have one myself, got into the gig without meaning to.. I would rather work with embedded hardware toys. or at least thats what I thought.

Then again, even if that 120/Hour is in Canadian dollars, then at 70% of USD it would still be at 84/Hour... D*mn..

Edited by feverdream, 24 June 2007 - 11:50 AM.


#12 Network Nurd

Network Nurd

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 18 posts

Posted 23 June 2007 - 10:24 PM

From what I hear CCIE is very very hard to get.

PS - I wanna be a Security Man.

#13 jabzor

jabzor

    hax?

  • Agents of the Revolution
  • 1,146 posts
  • Country:
  • Gender:Male
  • Location:Northern Elbonia, fighting the lefties

Posted 23 June 2007 - 10:55 PM

Cisco Gold Certification for the companies is another contributing factor, going from silver->gold really saves them money when dealing with Cisco corporate and pulls in a ton more money from actual clients in a 'we have xx CCIE on staff, xx CEH, etc'. (Gold and Silver require x number of certs in each field.)

At the CCIE level if you have bothered to get one or more than one you have proved yourself, it's not exactly something you can paper-cert with brain-dumps and pre-filled 'answer keys'. Flying down to SanJose or RTP and dropping the kind of cash they are asking, you aren't even going to attempt the certs unless you know what you are doing thoroughly.

As for the CDN dollar, it's currently at ~.937 USD (xe.com), nothing to sneeze at - thinking it might 1:1 in the near future. ;)
Of course taxes are much higher up here so you can devalue your earnings from that certainly. There are guys (and the odd girl, though it really is a male-heavy field) earning more than the specified 120/hr, some much more.
You don't 'need' the IE you can get by with a ccnp+ccvp+ccsp+ceh among others, it's just the IE is *so* much more in demand; the IE routing+switching is the most 'available' though security and especially voice are the most 'in demand' at the moment, at least lately.

WORLD WIDEl: Total of Storage Networking CCIEs: 70 <- you can bet those guys have work :P

#14 stacksmasher

stacksmasher

    Mack Daddy 31337

  • Members
  • 214 posts

Posted 25 June 2007 - 08:28 PM

You should be making about 100K. If you are making any less, Its your own fault.






How the heck does somebody make 120/Hour doing security?

I do this for a living, and I do not make near anywhere $120/Hour. Hell, I dont even make $50/Hour, and my official title is "Unix Security Test Engineer". I work with such things as SECSH and TTLS (SSL) connection apps.. on 20+ different UNIX based platforms. My entire day is spent talking about public and private keys, HMACs, Ciphers, Exponential Key (Read: DH) Exchanges, and how great Boost is compared to crappy pointer math in C code written by people who do not know the difference between pre-incrementation and post incrementation and like to use while(1) loops.

I do not understand what you seem to mean by the type of people going for this type of work; During my first interview I had to explain to the guy interviewing me - turned out to be one of the devs on my team - common security problems like leaking objects, integer overruns/underruns, buffer overflows, off-by-one errors, input sanitation, stack overflow, thread leaks, memory leaks, attack surface reduction, and more... That should scare anybody who does not know what they are doing away from it after the first time, or at least let them know they have much more to learn.

What part of the world are you in that needs people for that much?



#15 oddflux

oddflux

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 380 posts
  • Location:cyberspace

Posted 26 June 2007 - 08:42 PM

90% of the people in Infosec are a bunch of fuckups. Most people that have a CISSP are dumfucks that cant run nmap. and last but not least go to DEFCON and walk around and find the weirdest person you can and buy them a drink, they will teach you more than any book.

nmap is the epitome of computer sec ? i thought it was rather like the necrophilia of computer sec :/

#16 feverdream

feverdream

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 341 posts
  • Location:Here.

Posted 26 June 2007 - 09:33 PM

You should be making about 100K. If you are making any less, Its your own fault.


I only make a little less, but I'm only 25, have no collage degree, and am doing the work well enough that one of my uber-bosses told me I am "doing well" the other day. I'm not really worried since all of my peers are at least 12 years older then I am and have at least a Masters, so it may just be an experience 'thing' because I am the youngest security guy in the entire company. Thanks for the heads up.. I have been wondering what the numbers should be.

This thread also makes me wonder about what technical recruiters need to know to hire others for tech work. If your complaining about the lack of skill in others, one has to assume a degree of skill in the complainer.. right?

#17 Robin_Hood

Robin_Hood

    Will I break 10 posts?

  • Members
  • 5 posts

Posted 26 June 2007 - 09:34 PM

Security....how do you make 120 an hr...
ill tell yea,,like i do
165 to 250 hr depends how they want me to
find there spouse cheating on em.
lol yep and i dont have to learn a whole lot of computer language
to do it lol...
just a reply to, feverdream, on how to make alot in Security,

main thing all is to learn and work at wat u enjoy
doing u only live once,,

thxs

#18 WhatChout

WhatChout

    Dangerous free thinker

  • Members
  • 814 posts

Posted 27 June 2007 - 11:10 AM

Security....how do you make 120 an hr...
ill tell yea,,like i do
165 to 250 hr depends how they want me to
find there spouse cheating on em.
lol yep and i dont have to learn a whole lot of computer language
to do it lol...
just a reply to, feverdream, on how to make alot in Security,

main thing all is to learn and work at wat u enjoy
doing u only live once,,

thxs

You don't seem to know English language either. It amazes me that they pay you 165 to 250 $ per hour.

#19 mabufo

mabufo

    Gibson Hacker

  • Members
  • 89 posts

Posted 27 June 2007 - 01:05 PM

EDIT: I want to go into security.

Of course, I'll learn a thing or two about it first.

Edited by mabufo, 27 June 2007 - 11:37 PM.





BinRev is hosted by the great people at Lunarpages!