Re: Contract Rates??



Off the top of my head, I can think of a few reasons:

1. Economic state of US

2. China outpaces all other countries in network attacks that target
both client-side and perimeter. That means they have much more real
world experience across the board.
(Brief article:
http://features.csmonitor.com/innovation/2009/10/01/state-of-the-internet-most-attacks-from-china-s-korea-is-fastest/)

3. Larger number of foreign, well educated and skilled computer
scientists are entering an already crowded software market.

4. The few US trained network security specialists lost the monopoly on
network penetration years ago and the economic slowdown makes it
obvious.

5. Chinese experience in network penetration has put their penetration
systems through more iterations. My guess is that the level of their
penetration software and skill sets are advanced enough to cut costs
immensely.

I guess global market sums it up, and mix-in the advancements in
penetration system software. One-click, and all network computers go
through penetration tests. No more 'black-art' to it, it's all processed
now.


On Fri, 2009-10-02 at 10:57 -0400, Jon Kibler wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

Question: Is the market for SENIOR security architects and and penetration
testers fully saturated or is there a lot of unemployed senior level security
consultants?

The reason I ask, is, I am being inundated by head hunters and job shops looking
for senior level security consultants (10-15+ years of experience) at rates of
$35 to $45 per hour for architects and $25 to $35 per hour for penetration
testers. From the job descriptions, expected knowledge and skills, these appear
to really be senior level consulting contracts.

These rates seem to be absurdly low. In perspective, I was making $40/hr in the
early 1980s. One of my colleagues with only 5 years of experience, who works
full time for a software house, echoed my sentiments, "Dude, I was making more
than that while still in grad school in 2003 doing pen testing on the side!"

A year ago, both pen tester and architect contract rates were in the $75 to $150
per hour range, and some pen tester rates were even higher. Can anyone explain
what is going on here?

The one observation I will add is that most of the low rates seem to be coming
from either off-shore companies, or the on-shore face of an off-shore company.
Are they simply bidding on and winning a bunch of contracts by low-balling the
rate, and then struggling to find people to staff the jobs?

I would really like to get some other perspective on what is going on here.

Finally, I will add that there are still organizations looking for contractors
at reasonable rates, but they seem to have become a small minority.

TIA for all feedback!

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrGFPEACgkQUVxQRc85QlO6eACcCM54V9Rj+BSihwXAwY0i7dRS
9YkAn3MnC0HNdOOcgYPXUGdMzbQxMd16
=zGB+
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • [Suspected Spam]Re: Conficker (and friends) v.s. Penetration Testing
    ... their network with PDF and the reverse http connection. ... The customer implemented our recommendations and when we ... Conficker v.s. Penetration Testing ... scanners and other technology. ...
    (Pen-Test)
  • Re: Conficker (and friends) v.s. Penetration Testing
    ... their network with PDF and the reverse http connection. ... The customer implemented our recommendations and when we ... Conficker v.s. Penetration Testing ...
    (Pen-Test)
  • Re: Conficker (and friends) v.s. Penetration Testing
    ... we recently performed a penetration test for one of our ... into our customers network within 15 minutes of starting the project. ... security of the technology that they install. ... Continuing with the pdf customer... ...
    (Pen-Test)
  • Conficker (and friends) v.s. Penetration Testing
    ... The fact is that if people managed their networks properly that worms would not be able to spread, or at least not so quickly and on such a wide scale. ... we recently performed a penetration test for one of our customers. ... That is to say that we were able to hack into our customers network within 15 minutes of starting the project. ... Most people _try_ to protect their networks with anti-virus scanners and other technology. ...
    (Pen-Test)
  • Re: Industry Standard Security and guest wifi access best practice
    ... After being shown products which can broadcast in both open mode and ... employed for obvious reasons. ... garden setup on the unsecured network i.e. a non-wpa phone could be ... John Navas FAQ for Wi-Fi: ...
    (alt.internet.wireless)