RE: Student-Degree valuable or not?

["Ben Huntley" <benh () steffian com>]

keep in mind that no one can ever take the degree away from you.  also, some of the salary numbers being tossed around 
this thread may apply regionally.  for example, one of the first messages made reference to $30K being too much to ask 
for.  if you live/work in the northeast (e.g. Boston, NYC) this number isn't enough for you to survive on, therefore, 
the pay scale is much higher (as well as the cost of living).  

as a developer, i can't really speak for those in the security administration field, however, most entry-level jobs for 
software companies that are hiring [programmers] locally (and yep, some are) start off in the 40-50 range and move up 
from there.  

-b

-----Original Message-----
From: vam [mailto:devnull001 () fastmail fm]
Sent: Saturday, September 27, 2003 3:48 AM
To: Security-Basics
Subject: Re: Student-Degree valuable or not?


I am 24, have a Masters in Networking, and have been studying info 
security exclusively for the past 4 years.. so felt like chiming in..

Paul Ledin wrote:
> I've read the other poster's gloom and doom about H1Bs
> and the mass IT outsourcing to the 3rd world, but IMHO
> it's overblown.  If everybody's outsourcing to
> India(or whereever) then why are American IT job loss
> projections over the next 10 years only like 10%? 
> It's not like it's some tightly guarded secret that a
> 3rd world developer makes 1/10th what an American
> does.  If your good, you'll find work.

I agree. Also, imho, IT outsourcing has its limitations.

My theory is that anything that's automate-able - something that an 
average Joe can learn from a textbook or two - can and perhaps should be 
outsourced to firms full of average Joes who can perhaps do it better 
for cheaper. Call centers, data entry jobs, web site design etc perhaps? 
But not cutting edge R&D! Correct me if I am wrong, but I can't imagine 
firms like @stake, ISS (X-force), or even SAS etc outsourcing to 
anywhere outside US..

Further, US has, for years/decades, imported skilled labor in all sorts 
of areas, which works out pretty well for entrepreneurship/innovation.. 
  So you'll have network modeling statisticians with PhDs working with 
Avaya along side core C/system programmers over a next generation VoIP 
product. This can't happen in most 3rd world countries. And I don't 
think we can pursuade a good number of these folks (a significant 
fraction of whom are Not from India/China) to move to those countries 
even for comparable salaries, it just isn't the same lifestyle outthere. 
So, CEOs will have to work off of local limited talent (yes, very senior 
software engineers perhaps) over there if they chose to outsource core 
R&D teams too.

How about Intellectual Property protection! I don;t think the concept of 
startups, where trade secrets mean everything, can exist for long in 
India/China. Piracy is rampant, and lawsuits almost never happen. 
Services model works best for them for exactly that reason, there's no 
innovation to protect.

Same with selling stuff you create. The main sales offices will still 
always have to be in US/UK/France etc.

I can think of a zillion other hurdles complete IT outsourcing will 
face.. it could still happen if CEOs remain short sighted and greedy, 
and the US govt and INS continues to 'ignore' this problem. Reducing the 
H1B cap as someone pointed out is like fueling outsourcing even more. 
Another mismanagement marvel - all highly skilled H1Bs are forced to 
leave US after 6 years to work with overseas companies that directly 
compete with US!? Companies could easily be given some good incentives 
in creating jobs in US versus outsourcing - tax relief etc. Ad infinitum..

> As far as the security thing goes, I'm of the opinion
> that in 4 years time the market will be swimming in
> *security engineers*.  Don't they make like $100K with
> no experience? And unlimited frapachinos! ;-)  I
> definitely think that security knowledge is a must in
> the IT field, but I'd be careful not to pigeonhole
> yourself.  I'm holding off till either (a) Teach
> Yourself IT Security in 24 Hours is released, or (b)
> that dude hawking learn Windoze98 CDs, *guarantees* me
> that he will make me a security professional to make
> my prediction final.

I don't think 'learn security in 24 days/hours' is possible (if that's 
what you meant is possible). A lot about security is not exact science 
or trivial. Writing exploits, reverse engineering, auditing binaries, 
forensics is not for everyone. Plus, its a dynamic field with almost no 
standards (how about the evolution of shellcodes, for example). So, its 
a nice niche to be in if you think you are good at it. :)

Thanks,
Vinay.


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------