RE: General question

["Craig Wright" <cwright () bdosyd com au>]

We live in a market economy. Pure economic reality. If you are not happy with your job and want more money, than the 
issue is a simple one. See what the market rate is. (In simple terms get a new job).



In some places you get paid more. The demand is higher. Security is not paid for the level of knowledge in 
contradiction to what some people believe. In fact, the levels of knowledge are not at the high end of many 
professional roles. It is purely based on Market supply and demand. If there are numerous people in the area who can 
fill a role, the wage drops. If the resource is scare - the price goes up - the result of this being that more people 
enter the field.



As for what this tells? Communication is a large part of a security role at any level that pays in the high end. How 
you write a report and the language you use is important. Your attitude is important. Feeling that you are hard done by 
only makes others shy from you and lowers you chances at success. The rot caused by jealousy is the same. Who cares 
what others get? You make your way on your skills in the long run and by living on vitriol and anger you lose this 
chance to bitterness in the end.



You have been in network admin and moved into security. You have to learn many things to be taken as seriously as you 
desire and until then, it may be that you will not get the respect you believe is due. First, you have to understand 
the business and its risks. Not just as a security/techie, rather at a fundamental level. Learn to speak the language 
of those who run the business. Learn finance and risk (and this is not what the majority of the list seems to believe 
it is). Learn the skills needed and than people will start to gain more of a belief in your skills. Remember - you have 
to speak their language, they will not learn yours. The language of management and business is not that of the techie.



This is based on over 20 years in the industry. Manager of the security function in the past of a Stock Exchange. 
Founder of 2 security companies and still manager of risk and security with a hand on approach.



Regards,

Craig S Wright


________________________________

From: listbounce () securityfocus com on behalf of Francois Yang
Sent: Fri 23/02/2007 3:30 AM
To: security-basics () securityfocus com
Subject: General question



what if your boss told you that the network engineers who maintain the
network and servers got paid more (10k more) than you  the security
analyst because they DO MORE THINGS?
what would be your reaction?
In my situation I was like WTF (to myself of course) and basically
said that it was a totally different area and job description.
That also bought to my attention that maybe he didn't really read my
resume, cuz I was doing network administration for the past 6 yrs
before I got this job.
Now what does that tell you about the boss and my job?


--
If you think technology can solve your security problems, then you
don't understand the problems and you don't understand the technology.
Bruce Schneier

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------




Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------