Firewall Wizards mailing list archives
Re: Contract Rates & CISSP or not
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 23 Nov 2001 22:48:00 -0500 (EST)
Of course, I met a few CISSP's that lacked cluelessness over the past fre years. Yet, I have been in the same boat as you, and even when dealing with others tasked and supposed to be clued in the security realm of IT. Thanks, Ron DuFresne On Fri, 23 Nov 2001, David Hawley wrote:
There was a great deal of interest on these two topics on a securityfocus.com list, so it made sense to share this information with you all. My first question is at the BOTTOM of this posting, and is about consulting/contract rates Not the Agency or Corporations billing rate, but the take home W2 or 1099 rate we see on the check (no distinction was made between W2 and 1099, but you can assume ~15%+-). I conducted this survey because the SANS and DICE Salary Surveys don't seem to reflect the effects of the bursting of the dot.com bubble yet. Just ABOVE that posting is the summary of responses (there were about 20 so far), and the question about CISSP. The final email, at the top, is the summary of the replies about the need for a CISSP cert. If anyone wants to send me any feedback, or input they have I promise not to expose their name to the list, just as promised when conducting the other two surveys. However am willing to summarize to the list if there is a lot of interest. ---------------------------------------------------------------------------- --------------------------------------------------------------------- One of the main reasons for the CISSP, is the abysmal awareness of what we do amongst not only HR folks, but even our counterparts in the IT/MIS Industry. When we get together *we* KNOW who knows what they are talking about, but how in the heck would HR Folks, or even most IT/MIS Managers? On most of the contracts that I have held since forming UNIX & NT NETWORK SECURITY, LLC in 1995 I was generally the only one who had the big picture (not all mind you, at one of my contracts, was only one wheel in a big security machine). So to repeat, it's used by folks that don't understand what we do. Another reason, of course, is standardization. Some of us may focus on one area or another, it takes a long time to have "done it all" as they say. Having a CISSP would give one the broad knowledge to head into a contract in a new area without having to reinvent the wheel. For example if you had been doing firewalls for 2 years, and were hired to write security policy on a new gig you would already be aware of the terms we all use, and who the players are in that area, so that we can build on a common knowledge base. Another good point that was brought up was that for someone doing hands on work, such as installing C2, a VPN, or a one time password system it was less important. For managers, policy writers, team leads it would be more in demand. Lastly we come full circle back to rates, and employability. A number of people (especially those with a CISSP) it was felt that in a situation where there were two candidates, who were equal in all other respects the one with the CISSP would probably be hired. I was actually writing a long quasi white paper on "Why I DON'T have a CISSP", to be used with employers, when it dawned on me that I would be better serving our Industry as a whole to join forces with those who hold one, rather than to "fight city hall". If I can help out in any way please let me know. Cheers, David David Hawley --- Future CISSP :) David R. Hawley CEO/Chief Consultant - UNIX & NT Network Security, LLC. drh () 123netsecurity com www.123netsecurity.com NOTE: Rhino Bomd was the alias I was using on my Yahoo account. ~drh~ -----Original Message----- From: Rhino Bomd [mailto:rhino007_us () yahoo com] Sent: Wednesday, November 21, 2001 2:21 PM To: securityjobs () securityfocus com Subject: RE: Rate's for contractors & employees Folks, Was *swamped* with responses. Thanks! So there seems to be enough interest that I will summarize, for all rather than reply to 20 folks. Won't blow anyone's anonymity, as promised. Some folks are still making the big bucks we used to charge 18 months ago, especially with clients they had worked for in the past. But a lot have had to take 20% or more cuts. The standard range seems to be pretty consistent at $60-$95, sometimes up to $125/hr, those who were getting more than $90 mostly said that the work was sporadic. While I have the floor, I have one more survey question. The deal is the same I won't pass on anyone's name or answers, specifically, but will summarize if the response is great. Here is the question: 1) How much difference does the CISSP make in getting hired? Came up through the ranks, paying my dues at Sun Micro, supporting Sun Federal when Sun was very small startup firm. Was there when the first Internet virus hit (the Internet WORM), supported C2 & B1, have worked with all kinds of firewalls, routers, written policy, PKI, network management, VPN, C2 audits, handled intrusion detection, post mortem, SSL, encryption, etc., etc. just don't want to spend thousands of dollars for some training that is fully redundant to my experience... unless it makes it much easier to get hired. David Hawley UNIX & NT Network Security, LLC. drh () 123netsecurity com www.123netsecurity.com -----Original Message----- From: Rhino Bomd [mailto:rhino007_us () yahoo com] Sent: Wednesday, November 21, 2001 8:18 AM To: securityjobs () securityfocus com Subject: Rate's for contractors & employees I have been out of touch with the rates question for a while. When one looks at the DICE Salary Survey it indicates that the mean rate is Something like $75/hr for all contract work. Of course we in the security field should be doing better... but the recruiters I talk to tell me that people are going out for half what they did 18 months ago. I tend to discount what they say, because their job it to talk us down in price, and their Clients up in price, at all times. So I'm taking my own informal survey. I can promise that anyone who responds directly to me will remain anonymous. Specifically what are the rates for someone who has (cumulative) had over 20 years of Industry experience, 25 years of security experience, 6 years of computer and network security consulting, and 15 years of UNIX experience. This kind of background used to bring in between $110/hr - $200/hr, depending on length of contract, and level of responsibility. David Hawley UNIX & NT Network Security, LLC. drh () 123netsecurity com www.123netsecurity.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- (no subject) chandrakant mardhekar (Nov 22)
- Re: (no subject) Patrick M. Hausen (Nov 23)
- Re: (no subject) H. Morrow Long (Nov 23)
- Re: (no subject) John Adams (Nov 23)
- Contract Rates & CISSP or not David Hawley (Nov 23)
- Re: Contract Rates & CISSP or not R. DuFresne (Nov 25)
- Re: Contract Rates & CISSP or not Darren Reed (Nov 26)
- Re: Contract Rates & CISSP or not Crispin Cowan (Nov 27)
- Re: Contract Rates & CISSP or not Drew - Home (Nov 28)
- Re: Contract Rates & CISSP or not Crispin Cowan (Nov 29)
- Re: Contract Rates & CISSP or not Harry Tabak (Nov 28)
- Re: Contract Rates & CISSP or not Darren Reed (Nov 28)
- Re: Contract Rates & CISSP or not Adam Shostack (Nov 29)
- Re: Contract Rates & CISSP or not R. DuFresne (Nov 25)
- RE: Contract Rates & CISSP or not David Hawley (Nov 28)
- Re: Contract Rates & CISSP or not Andy Nold (Nov 29)
- Re: Contract Rates & CISSP or not Darren Reed (Nov 29)