Re: Contract Rates & CISSP or not

["R. DuFresne" <dufresne () sysinfo com>]

Of course, I met a few CISSP's that lacked cluelessness over the past fre
years.  Yet, I have been in the same boat as you, and even when dealing
with others tasked and supposed to be clued in the security realm of IT.

Thanks,

Ron DuFresne

On Fri, 23 Nov 2001, David Hawley wrote:

> There was a great deal of interest on these two topics on a
> securityfocus.com list, so it made sense to share this information with you
> all.  My first question is at the BOTTOM of this posting, and is about
> consulting/contract rates
> Not the Agency or Corporations billing rate, but the take home W2 or 1099
> rate we see on the check (no distinction was made between W2 and 1099, but
> you can assume ~15%+-).  I conducted this survey because the SANS and DICE
> Salary Surveys don't seem to reflect the effects of the bursting of the
> dot.com bubble yet.   Just ABOVE that posting is the summary of responses
> (there were about 20 so far), and the question about CISSP.  The final
> email, at the top, is the summary of the replies about the need for a CISSP
> cert.
>
> If anyone wants to send me any feedback, or input they have I promise not to
> expose their name to the list, just as
> promised when conducting the other two surveys.  However am willing to
> summarize to the list if there is a lot of interest.
>
>
> ----------------------------------------------------------------------------
> ---------------------------------------------------------------------
> One of the main reasons for the CISSP, is the abysmal awareness of what we
> do amongst not only HR folks, but even our counterparts in the IT/MIS
> Industry.  When we get together *we* KNOW who knows what they are talking
> about, but how in the heck would HR Folks, or even most IT/MIS Managers?  On
> most of the contracts that I have held since forming UNIX & NT NETWORK
> SECURITY, LLC in 1995 I was generally the only one who had the big picture
> (not all mind you, at one of my contracts, was only one wheel in a big
> security machine).  So to repeat, it's used by folks that don't understand
> what we do.
> Another reason, of course, is standardization.  Some of us may focus on one
> area or another, it takes a long time to have "done it all" as they say.
> Having a CISSP would give one the broad knowledge to head into a contract in
> a new area without having to reinvent the wheel.  For example if you had
> been doing firewalls for 2 years, and were hired to write security policy on
> a new gig you would already be aware of the terms we all use, and who the
> players are in that area, so that we can build on a common knowledge base.
> Another good point that was brought up was that for someone doing hands on
> work, such as installing C2, a VPN, or a one time password system it was
> less important.  For managers, policy writers, team leads it would be more
> in demand.
> Lastly we come full circle back to rates, and employability.  A number of
> people (especially those with a CISSP) it was felt that in a situation where
> there were two candidates, who were equal in all other respects the one with
> the CISSP would probably be hired.  I was actually writing a long quasi
> white paper on "Why I DON'T have a CISSP", to be used with employers,  when
> it dawned on me that I would be better serving our Industry as a whole to
> join forces with those who hold one, rather than to "fight city hall".  If I
> can help out in any way please let me know.
> Cheers, David
> David Hawley --- Future CISSP :)
>
>
> David R. Hawley CEO/Chief Consultant - UNIX & NT Network Security, LLC.
> drh () 123netsecurity com
> www.123netsecurity.com
>
> NOTE: Rhino Bomd was the alias I was using on my Yahoo account. ~drh~
>
> -----Original Message-----
> From: Rhino Bomd [mailto:rhino007_us () yahoo com]
> Sent: Wednesday, November 21, 2001 2:21 PM
> To:   securityjobs () securityfocus com
> Subject:      RE: Rate's for contractors & employees
>
>
> Folks,
> Was *swamped* with responses.  Thanks!  So there seems to be enough
> interest that I will summarize, for all rather than reply to 20 folks.
> Won't
> blow anyone's anonymity, as promised.
>
> Some folks are still making the big bucks we used to charge 18 months ago,
> especially with clients they had worked for in the past.
>
> But a lot have had to take 20% or more cuts.  The standard range seems to be
> pretty consistent at $60-$95, sometimes up to $125/hr,
> those who were getting more than $90 mostly said that the work was sporadic.
>
> While I have the floor, I have one more survey question.  The deal is the
> same I won't pass on anyone's name or answers, specifically, but will
> summarize if the response is great.  Here is the question:
>
> 1)    How much difference does the CISSP make in getting hired?
>
> Came up through the ranks, paying my dues at Sun Micro, supporting Sun
> Federal when Sun was very small startup firm.  Was there when the first
> Internet virus hit (the Internet WORM), supported C2 & B1, have worked with
> all kinds of firewalls, routers, written policy,  PKI, network management,
> VPN, C2 audits, handled intrusion detection, post mortem, SSL, encryption,
> etc., etc.  just don't want to spend thousands of dollars for some training
> that is fully redundant to my experience... unless it makes it much easier
> to get hired.
>
>
> David Hawley
> UNIX & NT Network Security, LLC.
> drh () 123netsecurity com
> www.123netsecurity.com
>
> -----Original Message-----
> From: Rhino Bomd [mailto:rhino007_us () yahoo com]
> Sent: Wednesday, November 21, 2001 8:18 AM
> To:   securityjobs () securityfocus com
> Subject:      Rate's for contractors & employees
>
>
> I have been out of touch with the rates question for a while.  When one
> looks
> at the DICE Salary Survey it indicates that the mean rate is
> Something like $75/hr for all contract work.  Of course we in the security
> field should be doing better... but the recruiters I talk to tell me that
> people
> are going out for half what they did 18 months ago.  I tend to discount what
> they say, because their job it to talk us down in price, and their Clients
> up in
> price, at all times.  So I'm taking my own informal survey.  I can promise
> that
> anyone who responds directly to me will remain anonymous.  Specifically what
> are the rates for someone who has (cumulative) had over 20 years of Industry
> experience, 25 years of security experience, 6 years of computer and network
> security consulting, and 15 years of UNIX experience.  This kind of
> background used
> to bring in between $110/hr - $200/hr, depending on length of contract, and
> level of responsibility.
>
> David Hawley
> UNIX & NT Network Security, LLC.
> drh () 123netsecurity com
> www.123netsecurity.com
>
>
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards