North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: How to get better security people
On Tue, 26 Mar 2002, Avleen Vig wrote: > On Tue, 26 Mar 2002, LeBlanc, Jason wrote: > > On that note, Etrade layed off their entire net sec team a few months back. > > I don't trade there no more. ;) > > Fewer and fewer companies are paying attention to network security with > the right mindset. They all want peopl who have been in the field for > 7-10+ years, with 10+ years of general systems admin skills. I attended my first IETF meeting in 1991. There were 384 attendees. There are very few people who really have 10+ years experience in this industry. If I was looking for top security talent, what would I ask for whether I was hiring directly or outsourcing? Do I want a bunch of ex-miltary, ex-law enforcement, ex-banker, lots of certifications (CISSP, GIAC) none of which have existed for 10 years, published papers, can answer tricky questions about checkpoint firewalls (why is a confusing firewall configuration a good thing?), a college degree in crypto, big 5 accounting firm (or is that now big 4 accounting firm)? The problem right now is if you advertise for a job, you will get blasted with literally tens of thousands of resumes. What should I be telling the HR department to look for? Likewise, if I was going to outsource. What should I be looking for in a security management provider? The best information security person I've ever met/worked with/etc was at Disney Imagineering. I've yet to find anyone at a security consulting firm or other company that came close to matching him.