Firewall Wizards mailing list archives
RE: Contract Rates & CISSP or not
From: "David Hawley" <chiman () hawaiian net>
Date: Tue, 27 Nov 2001 11:44:56 -1000
Crispin, Your viewpoint, is *very* refreshing! Anytime you need help on a project, please drop me a line. I wish my experience of working in this Industry was filled with more like-minded folks... Please don't laugh too hard at me for playing "devil's advocate", as I came to the group with the question, but unfortunately, the reality of being a consultant or contractor is sometimes filled with drudgery (picture writing the Gauntlet rules, (which is a "where the rubber hits the asphalt" security policy in a sense for a set of subnets that include 10 firewalls, 20 access and choke routers) keeping in mind that all the IP's and all the subnet masks and All the ports, all of them mind you, must be correct or you will be let go, and doing it for 6 months or a year straight. Often the Full Time Employees (FTE) will be going to meetings, explaining the concept of a firewall to a PM, or in the lab playing with the next generation firewall where there is room for error. That is tedious.... Of course it's not always that way, sometimes we do get to design the entire security architecture for an entire company, while all the brilliant FTE's are working on writing Java code, or designing the next generation chipset, or something (often times writing emails protesting the security measures we are trying to put into place). Those are the fun contracts! My point is that as contractors or consultants we, like a day trader, get in and out of the market a *LOT* more often than a FTE, so we are of necessity faced with dealing with HR folks who have no idea about technology, who's only recourse is to look at our credentials (or ask a set of questions generated by the FTE's) and those credentials aren't always in a nice Masters degree, or a PHD, often they were gotten at the last minute to stay up on the latest technology, or concurrent with competing for an open job order, or in this case fighting it out for the few contracts that are out there in a recession (I've been through 3-4 in my career, it's the only time you can get around in the Silicon Valley in any semblance of a timely manner, in a car :-). So there is brilliance, and there is brilliance. Sometimes the brilliance, ignores $$$ and develops a whole new generation of products, or a better mousetrap (a Synaptic touch pad?), sometimes that brilliance decides to risk it all and go for the gold, found in consulting/contract work... Please don't judge us too harshly for doing what we need to do to survive in this bloody marketplace. Cheers, David Another example of drudgery is sorting through tools designed to do in the Microsoft world, what has been done in *NIX for 20-30 years... Bill Gates said 2 things I like to quote, "The Net is a passing fad", and "you will never need more than a megabyte of RAM". David Hawley UNIX & NT Network Security, LLC. drh () 123netsecurity com www.123netsecurity.com -----Original Message----- From: Crispin Cowan [mailto:crispin () wirex com] Sent: Monday, November 26, 2001 12:09 PM To: Darren Reed Cc: R. DuFresne; chiman () hawaiian net; firewall-wizards () nfr net Subject: Re: [fw-wiz] Contract Rates & CISSP or not Darren Reed wrote:
One would hope that this would perhaps deter the snake oil security folk from polluting the waters but there are guarantees in this world besides death and taxes.
"Death, Taxes, and Imperfect Software: Surviving the Inevitable". Crispin Cowan, Calton Pu, and Heather Hinton. Presented at the New Security Paradigms Workshop 1998 <http://www-hsc.usc.edu/%7Eessin/nspw98.html> . Postscript <http://www.cse.ogi.edu/%7Ecrispin/bugtol.ps.gz> 130 KB, PDF <http://www.cse.ogi.edu/%7Ecrispin/bugtol.pdf> 92 KB. :-)
A different take on the CISSP issue is this: if people with the same experience quote for the same job and the person with the CISSP gives a somewhat higher quote (lets say $10/hr more), is the recruiter going to go for the CISSP qualified person or the other? I guess the question I'm asking here is does the CISSP equate to X$/hr extra when it comes to the consulting gig and if so, for what value of X ?
Personally, I use CISSP as a filter for who *not* to hire, as in "if they have a CISSP, I don't hire them". Rationalle: we do advanced R&D, so I'm shopping for brilliance, not competence & willingness to do drugery with dilligence. The CISSP (hopefully :-) assures a minimum level of competence, but IMHO the social filter of those who seek such certification makes them unlikely to be a brilliant innovater. My position used to be much stronger: that certificates are for poseurs, give me a real degree or a Bugtraq pedigree, or don't bother. But I've mellowed in my old age :-) In summary, I still look at CISSP's (and other certificates that don't start with "Bachelor's" or similar) as a negative mark, which I'm willing to overlook if the other factors are strong. I certainly will not pay extra for it. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: (no subject), (continued)
- Re: (no subject) John Adams (Nov 23)
- Contract Rates & CISSP or not David Hawley (Nov 23)
- Re: Contract Rates & CISSP or not R. DuFresne (Nov 25)
- Re: Contract Rates & CISSP or not Darren Reed (Nov 26)
- Re: Contract Rates & CISSP or not Crispin Cowan (Nov 27)
- Re: Contract Rates & CISSP or not Drew - Home (Nov 28)
- Re: Contract Rates & CISSP or not Crispin Cowan (Nov 29)
- Re: Contract Rates & CISSP or not Harry Tabak (Nov 28)
- Re: Contract Rates & CISSP or not Darren Reed (Nov 28)
- Re: Contract Rates & CISSP or not Adam Shostack (Nov 29)
- Re: Contract Rates & CISSP or not R. DuFresne (Nov 25)
- RE: Contract Rates & CISSP or not David Hawley (Nov 28)
- Re: Contract Rates & CISSP or not Andy Nold (Nov 29)
- Re: Contract Rates & CISSP or not Darren Reed (Nov 29)
- Re: Contract Rates & CISSP or not Andy Nold (Nov 30)
- Re: Contract Rates & CISSP or not Darren Reed (Nov 30)