Security Basics mailing list archives
Re: University Degree or CISSP
From: Mark Teicher <mht3 () earthlink net>
Date: Tue, 6 Sep 2005 17:42:29 -0400 (GMT-04:00)
comments inserted
-----Original Message----- From: techlists () securityfocus com, at () securityfocus com, comcast () securityfocus com, dot () securityfocus com, net () securityfocus com Sent: Sep 2, 2005 5:19 PM To: security-basics () securityfocus com Subject: Re: University Degree or CISSP Like anything, it depends. If you work for someone that sells your services to someone else, i.e. like a government contractor, the degree is almost mandatory. From the employers point of view, they can charge more for you depending on your educational level. The way salary range levels are calculated almost always take into account your educational level.
Actually not true, some people with a very slick bio and NSA IAM certification can probably expect to receive a a salary in the high 6 digit arena, those with more advanced degrees and can prove they have obtained certain level of certification in a particular product area (i.e. CCIE), with hands-on experience in the field can expect more. Those without degrees but have earned the street cred via publishing proof of concepts or exploits can be observed earning that kind of mind also. It sometimes helps if you attended a certain southern tech college, and had some good business sense.
It's not that having the bachelors degree is such a great plus; it's just that having anything less is considered a negative because the bachelors is just assumed.
Actually, not true, in the dot-com era, if you knew how to market your product and services really really well, one could be very successful, in today's economy, it is not what you know, it is who you know.
The value of a cert also depends on the employer/client. A lot of contracts specifically ask for CISSPs these days. I have a CISSP and don't even have such a great impression of the cert (as far as technical depth goes), but got it anyway because it does add value to a resume.
Not as many as one would think, most look for product specific. Anyone got Juniper Certifications? How about Extreme certifications ? How about EMC? If not, Go fish. It really depends on the organization one is pursuing to join and what is expected of the employee. If clear direction is not precisely provided by management or management is completely mystefied on how to grow a consulting practice beyond a one man cross your heart and pull a rabbit out the hat type of security consulting company.
Again, it is not what you know, but who you know, and how long before senior management figures out the pattern of employment is followed by two years of spending, traveling and not landing one gig > 100K in less than a 11 month time frame. Don't forget all those alliance deals, gossip and im'ing to former people. Slurping the ideas of others and taking claim of ownership is one thing to look for a potential candidate but actually pulling off the management speak claims is another.
Building a good security practice is tough work, especially with the various talent available today and all those credentials, degrees to choose from. Remember if more than 3 people in the group, split the group to cover the various states, always a good morale booster.
Current thread:
- RE: University Degree or CISSP Simon Borduas (Sep 01)
- <Possible follow-ups>
- Re: University Degree or CISSP techlists (Sep 06)
- Re: University Degree or CISSP Vladimir B. Kropotov (Sep 06)
- RE: University Degree or CISSP Hodges, Bob (Sep 06)
- RE: University Degree or CISSP Mark Teicher (Sep 06)
- Re: University Degree or CISSP Mark Teicher (Sep 07)
- University Degree or CISSP iredden (Sep 07)
- RE: University Degree or CISSP Mark Teicher (Sep 07)