Penetration Testing mailing list archives
Re: Contract Rates??
From: Terry M <tmccork () gmail com>
Date: Mon, 5 Oct 2009 01:14:41 -0700
Jon, I have actually worked with an individual that was contracted through a discounted over seas company. They had all the credentials you could want, SANS, CISSP, Etc, and the resume looked good. But when it came down to it they did not have the true experience or skills required to get the job done, and there was a language barrier. My advise, be very cautious of low bidders for security services and check references. Usually it is the same as most things in life, you get what you pay for. - Terry On Sat, Oct 3, 2009 at 1:26 AM, <craig.wilson () redtray co uk> wrote:
In my opinion those are sys admin or 2nd level support roles rates. At the pentester role there seems to be a view in certain industries that the role can be as simple as following scripted methodologies where the real skill has been in creating the method. As a result the rates are commensurate. Additionally the security architect role is often seen as a subset of the network engineer/manager. Sent from my BlackBerry® wireless device -----Original Message----- From: Jon Kibler <Jon.Kibler () aset com> Date: Fri, 02 Oct 2009 10:57:53 To: <pen-test () securityfocus com> Subject: Contract Rates?? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, Question: Is the market for SENIOR security architects and and penetration testers fully saturated or is there a lot of unemployed senior level security consultants? The reason I ask, is, I am being inundated by head hunters and job shops looking for senior level security consultants (10-15+ years of experience) at rates of $35 to $45 per hour for architects and $25 to $35 per hour for penetration testers. From the job descriptions, expected knowledge and skills, these appear to really be senior level consulting contracts. These rates seem to be absurdly low. In perspective, I was making $40/hr in the early 1980s. One of my colleagues with only 5 years of experience, who works full time for a software house, echoed my sentiments, "Dude, I was making more than that while still in grad school in 2003 doing pen testing on the side!" A year ago, both pen tester and architect contract rates were in the $75 to $150 per hour range, and some pen tester rates were even higher. Can anyone explain what is going on here? The one observation I will add is that most of the low rates seem to be coming from either off-shore companies, or the on-shore face of an off-shore company. Are they simply bidding on and winning a bunch of contracts by low-balling the rate, and then struggling to find people to staff the jobs? I would really like to get some other perspective on what is going on here. Finally, I will add that there are still organizations looking for contractors at reasonable rates, but they seem to have become a small minority. TIA for all feedback! Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrGFPEACgkQUVxQRc85QlO6eACcCM54V9Rj+BSihwXAwY0i7dRS 9YkAn3MnC0HNdOOcgYPXUGdMzbQxMd16 =zGB+ -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email. ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Contract Rates?? Jon Kibler (Oct 02)
- Re: Contract Rates?? Robert Portvliet (Oct 04)
- Re: Contract Rates?? ChromeSilver (Oct 04)
- Re: Contract Rates?? Chris Brenton (Oct 04)
- Re: Contract Rates?? Eric Milam (Oct 04)
- Re: Contract Rates?? Richard Lee (Oct 04)
- Re: Contract Rates?? Paul Melson (Oct 05)
- Re: Contract Rates?? craig . wilson (Oct 04)
- Re: Contract Rates?? Terry M (Oct 05)
- Re: Contract Rates?? Stephen Mullins (Oct 05)
- Re: Contract Rates?? Ivan . (Oct 09)