Sign in to follow this  
Followers 0
damienak

If someone else tells me they want to be in "Security"....

19 posts in this topic

... I swear I'm gonna flip out. (backstory: As my day job I pay the bills being a head-hunter for a IT Staffing company). I swear nowadays everybody wants to be a "security Analyst" or a "security specialist" or a "Security ___________ [insert random job title here]. What is it with these people thinking that being an "ethical" hacker is something you can pick up by reading Hacking Exposed. "I'm working on getting my Security+ certification" great job deuche bag. who cares? Maybe I'm in a unique perspective being a recruiter, I get to see trends in the industry develop early. I'm just sick and tired of dealing with these Network Admins who think "they know a thing or two" about hacking. Sometimes I wonder why I don't just send my resume over to companies instead of trying to recruit people that think setting up WEP on your router at home should be mentioned on your resume under the security section right next to Norton Anti-virus and Zone-Alarm (oh wait, it's because I make over 6 figures a year). Oh well, enough of my little rant here.

Just some job advice for any of the up-and-coming hackers on this board: Don't try to go into "security" if you don't know what you're talking about. If the recruiter you are interviewing with knows more about Metasploit than you it's a pretty good sign that you should stick to being a Network Admin. On that note being a Pen Tester pays a lot. I'm working on a position right know where the person who gets the job will probably make around $100-$120 per hour for a 3 month project (thats an easy 40-45K in three months).

0

Share this post


Link to post
Share on other sites

I'll keep that in mind when I look for a job :)

0

Share this post


Link to post
Share on other sites

90% of the people in Infosec are a bunch of fuckups. Most people that have a CISSP are dumfucks that cant run nmap. and last but not least go to DEFCON and walk around and find the weirdest person you can and buy them a drink, they will teach you more than any book.

0

Share this post


Link to post
Share on other sites

DamianAK, I see your point, but (and this is just $.02) you seem to be self defeating in this;

I've seen two of your posts now back to back talking about how much money you make. In this very thread you mention it twice in one post. It's nice to be well compensated for a skill set, but maybe constantly reminding people how much money you get encourages people to try and take the fast track? That's part of the reason people think a security.* job is so sexy...

0

Share this post


Link to post
Share on other sites
DamianAK, I see your point, but (and this is just $.02) you seem to be self defeating in this;

I've seen two of your posts now back to back talking about how much money you make. In this very thread you mention it twice in one post. It's nice to be well compensated for a skill set, but maybe constantly reminding people how much money you get encourages people to try and take the fast track? That's part of the reason people think a security.* job is so sexy...

Thanks for pointin that out cause usually I'm really not somebody to talk about money a lot. I had to rant yesterday cause I spent 12 hours at work trying to find a good pen tester to no avail. maybe I needed to remind myself why I do that stupid job :blowfuse:

0

Share this post


Link to post
Share on other sites

How the heck does somebody make 120/Hour doing security?

I do this for a living, and I do not make near anywhere $120/Hour. Hell, I dont even make $50/Hour, and my official title is "Unix Security Test Engineer". I work with such things as SECSH and TTLS (SSL) connection apps.. on 20+ different UNIX based platforms. My entire day is spent talking about public and private keys, HMACs, Ciphers, Exponential Key (Read: DH) Exchanges, and how great Boost is compared to crappy pointer math in C code written by people who do not know the difference between pre-incrementation and post incrementation and like to use while(1) loops.

I do not understand what you seem to mean by the type of people going for this type of work; During my first interview I had to explain to the guy interviewing me - turned out to be one of the devs on my team - common security problems like leaking objects, integer overruns/underruns, buffer overflows, off-by-one errors, input sanitation, stack overflow, thread leaks, memory leaks, attack surface reduction, and more... That should scare anybody who does not know what they are doing away from it after the first time, or at least let them know they have much more to learn.

What part of the world are you in that needs people for that much?

Edited by feverdream
0

Share this post


Link to post
Share on other sites
How the heck does somebody make 120/Hour doing security?

What part of the world are you in that needs people for that much?

They'll pay that up here in oil country Canada, if you are worth it.

A company I am looking at is in a bidding war to try to secure more CCIEs from their biggest competitor and the CCIEs are making out like bandits; especially the multi-cert ones.

Over a billions dollars changing hands daily in this province, there is a massive shortage of qualified and able specialists to keep up with the workload and far more money than anybody knows what to do with it being thrown at some of the top guys in the world. If you think the specialists are being paid well, their retainers and agents are making far more money, you don't want to know the signing bonus a head-hunter makes up here.. I know of one making well over a million a year for just FINDING people to work (and the perks, free travel and paid vacations)!

It's like the last IT bust never happened, people are drunk from the boom going on. ;)

Edited by jabzor
0

Share this post


Link to post
Share on other sites

Funny you mention that C'thulhu lol, I was just going to post that :P

Great article. :P

0

Share this post


Link to post
Share on other sites
How the heck does somebody make 120/Hour doing security?

What part of the world are you in that needs people for that much?

They'll pay that up here in oil country Canada, if you are worth it.

A company I am looking at is in a bidding war to try to secure more CCIEs from their biggest competitor and the CCIEs are making out like bandits; especially the multi-cert ones.

Over a billions dollars changing hands daily in this province, there is a massive shortage of qualified and able specialists to keep up with the workload and far more money than anybody knows what to do with it being thrown at some of the top guys in the world. If you think the specialists are being paid well, their retainers and agents are making far more money, you don't want to know the signing bonus a head-hunter makes up here.. I know of one making well over a million a year for just FINDING people to work (and the perks, free travel and paid vacations)!

It's like the last IT bust never happened, people are drunk from the boom going on. ;)

Canada, eh? ;)

And you have to have a CCIE? Man..that seems kind of, well, unfair. A lot of people I have known that are total idiots get certs, and that does not make them more knowledgeable or better at the job; In fact they tend to get dumber after them because they depend on that cert and the course work they later forget because "I have the cert, why should I care enough to actually know it". I do not have one myself, got into the gig without meaning to.. I would rather work with embedded hardware toys. or at least thats what I thought.

Then again, even if that 120/Hour is in Canadian dollars, then at 70% of USD it would still be at 84/Hour... D*mn..

Edited by feverdream
0

Share this post


Link to post
Share on other sites

From what I hear CCIE is very very hard to get.

PS - I wanna be a Security Man.

0

Share this post


Link to post
Share on other sites

Cisco Gold Certification for the companies is another contributing factor, going from silver->gold really saves them money when dealing with Cisco corporate and pulls in a ton more money from actual clients in a 'we have xx CCIE on staff, xx CEH, etc'. (Gold and Silver require x number of certs in each field.)

At the CCIE level if you have bothered to get one or more than one you have proved yourself, it's not exactly something you can paper-cert with brain-dumps and pre-filled 'answer keys'. Flying down to SanJose or RTP and dropping the kind of cash they are asking, you aren't even going to attempt the certs unless you know what you are doing thoroughly.

As for the CDN dollar, it's currently at ~.937 USD (xe.com), nothing to sneeze at - thinking it might 1:1 in the near future. ;)

Of course taxes are much higher up here so you can devalue your earnings from that certainly. There are guys (and the odd girl, though it really is a male-heavy field) earning more than the specified 120/hr, some much more.

You don't 'need' the IE you can get by with a ccnp+ccvp+ccsp+ceh among others, it's just the IE is *so* much more in demand; the IE routing+switching is the most 'available' though security and especially voice are the most 'in demand' at the moment, at least lately.

WORLD WIDEl: Total of Storage Networking CCIEs: 70 <- you can bet those guys have work :P

0

Share this post


Link to post
Share on other sites

You should be making about 100K. If you are making any less, Its your own fault.

How the heck does somebody make 120/Hour doing security?

I do this for a living, and I do not make near anywhere $120/Hour. Hell, I dont even make $50/Hour, and my official title is "Unix Security Test Engineer". I work with such things as SECSH and TTLS (SSL) connection apps.. on 20+ different UNIX based platforms. My entire day is spent talking about public and private keys, HMACs, Ciphers, Exponential Key (Read: DH) Exchanges, and how great Boost is compared to crappy pointer math in C code written by people who do not know the difference between pre-incrementation and post incrementation and like to use while(1) loops.

I do not understand what you seem to mean by the type of people going for this type of work; During my first interview I had to explain to the guy interviewing me - turned out to be one of the devs on my team - common security problems like leaking objects, integer overruns/underruns, buffer overflows, off-by-one errors, input sanitation, stack overflow, thread leaks, memory leaks, attack surface reduction, and more... That should scare anybody who does not know what they are doing away from it after the first time, or at least let them know they have much more to learn.

What part of the world are you in that needs people for that much?

0

Share this post


Link to post
Share on other sites
90% of the people in Infosec are a bunch of fuckups. Most people that have a CISSP are dumfucks that cant run nmap. and last but not least go to DEFCON and walk around and find the weirdest person you can and buy them a drink, they will teach you more than any book.

nmap is the epitome of computer sec ? i thought it was rather like the necrophilia of computer sec :/

0

Share this post


Link to post
Share on other sites
You should be making about 100K. If you are making any less, Its your own fault.

I only make a little less, but I'm only 25, have no collage degree, and am doing the work well enough that one of my uber-bosses told me I am "doing well" the other day. I'm not really worried since all of my peers are at least 12 years older then I am and have at least a Masters, so it may just be an experience 'thing' because I am the youngest security guy in the entire company. Thanks for the heads up.. I have been wondering what the numbers should be.

This thread also makes me wonder about what technical recruiters need to know to hire others for tech work. If your complaining about the lack of skill in others, one has to assume a degree of skill in the complainer.. right?

0

Share this post


Link to post
Share on other sites

Security....how do you make 120 an hr...

ill tell yea,,like i do

165 to 250 hr depends how they want me to

find there spouse cheating on em.

lol yep and i dont have to learn a whole lot of computer language

to do it lol...

just a reply to, feverdream, on how to make alot in Security,

main thing all is to learn and work at wat u enjoy

doing u only live once,,

thxs

0

Share this post


Link to post
Share on other sites
Security....how do you make 120 an hr...

ill tell yea,,like i do

165 to 250 hr depends how they want me to

find there spouse cheating on em.

lol yep and i dont have to learn a whole lot of computer language

to do it lol...

just a reply to, feverdream, on how to make alot in Security,

main thing all is to learn and work at wat u enjoy

doing u only live once,,

thxs

You don't seem to know English language either. It amazes me that they pay you 165 to 250 $ per hour.

0

Share this post


Link to post
Share on other sites

EDIT: I want to go into security.

Of course, I'll learn a thing or two about it first.

Edited by mabufo
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0