RE: Student-Degree valuable or not?

From: Ben Huntley (benh_at_steffian.com)
Date: 09/29/03

  • Next message: Cat Thrasher: "RE: PIX firewall and ICMP" 
    Date: Mon, 29 Sep 2003 12:49:20 -0400
To: "Security-Basics" <security-basics@securityfocus.com>

    keep in mind that no one can ever take the degree away from you. also, some of the salary numbers being tossed around this thread may apply regionally. for example, one of the first messages made reference to $30K being too much to ask for. if you live/work in the northeast (e.g. Boston, NYC) this number isn't enough for you to survive on, therefore, the pay scale is much higher (as well as the cost of living).

    as a developer, i can't really speak for those in the security administration field, however, most entry-level jobs for software companies that are hiring [programmers] locally (and yep, some are) start off in the 40-50 range and move up from there.

    -b

    -----Original Message-----
    From: vam [mailto:devnull001@fastmail.fm]
    Sent: Saturday, September 27, 2003 3:48 AM
    To: Security-Basics
    Subject: Re: Student-Degree valuable or not?

    I am 24, have a Masters in Networking, and have been studying info
    security exclusively for the past 4 years.. so felt like chiming in..

    Paul Ledin wrote:
    >
    > I've read the other poster's gloom and doom about H1Bs
    > and the mass IT outsourcing to the 3rd world, but IMHO
    > it's overblown. If everybody's outsourcing to
    > India(or whereever) then why are American IT job loss
    > projections over the next 10 years only like 10%?
    > It's not like it's some tightly guarded secret that a
    > 3rd world developer makes 1/10th what an American
    > does. If your good, you'll find work.
    >

    I agree. Also, imho, IT outsourcing has its limitations.

    My theory is that anything that's automate-able - something that an
    average Joe can learn from a textbook or two - can and perhaps should be
    outsourced to firms full of average Joes who can perhaps do it better
    for cheaper. Call centers, data entry jobs, web site design etc perhaps?
    But not cutting edge R&D! Correct me if I am wrong, but I can't imagine
    firms like @stake, ISS (X-force), or even SAS etc outsourcing to
    anywhere outside US..

    Further, US has, for years/decades, imported skilled labor in all sorts
    of areas, which works out pretty well for entrepreneurship/innovation..
      So you'll have network modeling statisticians with PhDs working with
    Avaya along side core C/system programmers over a next generation VoIP
    product. This can't happen in most 3rd world countries. And I don't
    think we can pursuade a good number of these folks (a significant
    fraction of whom are Not from India/China) to move to those countries
    even for comparable salaries, it just isn't the same lifestyle outthere.
    So, CEOs will have to work off of local limited talent (yes, very senior
    software engineers perhaps) over there if they chose to outsource core
    R&D teams too.

    How about Intellectual Property protection! I don;t think the concept of
    startups, where trade secrets mean everything, can exist for long in
    India/China. Piracy is rampant, and lawsuits almost never happen.
    Services model works best for them for exactly that reason, there's no
    innovation to protect.

    Same with selling stuff you create. The main sales offices will still
    always have to be in US/UK/France etc.

    I can think of a zillion other hurdles complete IT outsourcing will
    face.. it could still happen if CEOs remain short sighted and greedy,
    and the US govt and INS continues to 'ignore' this problem. Reducing the
    H1B cap as someone pointed out is like fueling outsourcing even more.
    Another mismanagement marvel - all highly skilled H1Bs are forced to
    leave US after 6 years to work with overseas companies that directly
    compete with US!? Companies could easily be given some good incentives
    in creating jobs in US versus outsourcing - tax relief etc. Ad infinitum..

    > As far as the security thing goes, I'm of the opinion
    > that in 4 years time the market will be swimming in
    > *security engineers*. Don't they make like $100K with
    > no experience? And unlimited frapachinos! ;-) I
    > definitely think that security knowledge is a must in
    > the IT field, but I'd be careful not to pigeonhole
    > yourself. I'm holding off till either (a) Teach
    > Yourself IT Security in 24 Hours is released, or (b)
    > that dude hawking learn Windoze98 CDs, *guarantees* me
    > that he will make me a security professional to make
    > my prediction final.
    >

    I don't think 'learn security in 24 days/hours' is possible (if that's
    what you meant is possible). A lot about security is not exact science
    or trivial. Writing exploits, reverse engineering, auditing binaries,
    forensics is not for everyone. Plus, its a dynamic field with almost no
    standards (how about the evolution of shellcodes, for example). So, its
    a nice niche to be in if you think you are good at it. :)

    Thanks,
    Vinay.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Cat Thrasher: "RE: PIX firewall and ICMP"

    Relevant Pages