As someone who is getting into this business the easy answer is yes, we do
have the same problem. At the same time, consider this. If twenty
companies are looking to fill 2 positions each for security people than you
have a demand of 40 jobs. Let's say that there are 10 security people
available for hire. That's a pretty big job shortage, and the chances of
any one company filling their entire security staff is small. However, if
each of those 20 companies hires one online security company, which only
needs 5 security people to manage those 20 companies, then you have a job
surplus. So while you still have problems finding people to fill security
positions, the total number of jobs that need filling are less than the
total would be if each company was doing security in-house.
Adam H. Pendleton
INFOSEC Engineer
Corbett Technologies, Inc.
Alexandria, Virginia
USA
Work:
http://www.corbett-tech.com
Fun:
http://www.randjonline.net
Si hoc legere scis nimium eruditionis habes.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 22, 2000 1:40 PM
> To: J Weismann; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: Online Security Services and Continous Risk Management
>
>
> Let's get back on topic here.. I tried to prevent this thread
> from going
> down the path of the hiring process. Regardless of the fact, it is
> consultant's market out there. For some of us, it is what we
> bring to the
> table and how an organization can maximize their ROI on that
> person. But
> that is other discussion on drive, philosophy and such, that
> I don't want
> to go into.
>
> I was a NOC monkey and sys admin for a long time, and I
> really enjoyed the
> fast pace thrill of ripping a Telco provider apart or
> answering 15 lines at
> once, resetting 50 or so routers at once after a OC-3 routing
> flap. Hey,
> but that was a long time ago.
>
> Online Security Service are promoting the fact, that business
> can't hire
> the staff, or retain them long enough to ensure that all the security
> vulnerabilities are being addressed. So therefore, aren't the online
> security services having the same problem hiring qualified help??
>
> /mark
>
> At 01:35 PM 8/22/00 -0400, J Weismann wrote:
>
> >Actually chief, I just interviewed for a job in a NOC center
> in Boston
> >monitoring firewall trafic and data coming in and out of web
> servers, F5
> >load balancers, routers, etc. Seems to me that although I
> got a CCNA and
> >some Raptor XP, they still want me even though I don't know
> Checkpoint or
> >Unix. It truly is all about the interview and sadly how well you can
> >convince them of your skills. I am not saying my skills are
> subpar, or
> >that I won't learn anything new, just that with so few
> people willing to
> >jump into network monitoring and/or security, some companies
> will hire on
> >whomever that can meet some of their critera. It truly is a
> buyers market
> >out there for people who are hungry to learn. They were
> going to pay for
> >my CCIE training even though it could run upwards of 15k or more.
> >
> >
> >In conclusion, check with past and current customers of the service
> >provider to see how they fare. If they don't provide you
> with numbers with
> >some, I would not go with them. Most folk in the industry
> will gladly tell
> >you of those that are happy with them and the service they provide...
> >
> >
> >"Layer 4 and up is for End Users"
> > -Anonymous CCNA
> >
> >
> >
> >
> >>
> >> Regardless of how they store the information on your
> network there
> >>still needs to be some access granted. A company like this
> would have to
> >>have a pretty stringent hiring process and background check
> at the minimum
> >>as well as good logging of who accesses client company
> information. I
> >>suspect that they could be held liable if information they
> have on your
> >>network is used to break into your network. I thought
> NetworkICE offered
> >>those type of services as well as their Intrusion Detection
> products. If
> >>not it would be a good field for you guys to get into. You
> could progress
> >>from vendor support to installs to intrusion detection
> consulting. A good
> >>way to capitolize on existing talent.
> >>
> >>
> >>Regards,
> >>Jeffery Gieser
> >>
> >>-
> >>[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >>"unsubscribe firewalls" in the body of the message.]
> >
> >
> >
> >
> >_____________________________________________________________
> ___________
> >Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
