While I disagree with the harshness of Adrian's posting, I have to say that I do agree with the crux of his argument. No - not the part about firing people before Christmas.
The part I have to say that I absolutely agree with him about is that people who just know R/S and only R/S really do need to pick up additional skills on the market. Although even I would never have said it the way Adrian said it (and anybody who knows me knows that I don't mince words), the fact of the matter is that R/S is indeed a tremendously saturated skillset and people who know only that are living on borrowed time. Let's face it, loads of ISP's are going bankrupt and enterprises are no longer building out networks, so the fact is the world just doesn't need as many R/S guys as it used to. ""Kevin C McCarty"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Brian, > > Adrian, is lacking in couth/class/tact that is for sure. Maybe he can;t > find that in /root/home/manners. He is the depiction of dangerous when > it comes to security. I really doubt that the level he plays on covers > anything important, after all, any security person knows that indeed > Checkpoint does suck. If you wake up in the morning and have to check the > CERT advisories on your product I wouldn't use it. I forget the number > of actual holes and snippets of code that would cause compromise, but the > Black Hat community tore it up nicely. Honestly if his consulting > company offered a Checkpoint solution I would think about how valuable my > solution would be compared to the actual cost of my data and the time I > would need to find another job after the SAN and all Raids were wiped, and > I was facing legal incriminations from an invalidated contract stating I > would "secure" my clients Enterprise. > > > > Maybe Adrian ought to start his own religion, no wait, someone already did > that. Wasn't it WANG or something like that? > > > Firing people because they don;t know software that is GNU/OpenSource is > ridiculous. Maybe they used HP Openview instead of nmap. What expert in > his right mind would have a FW do http load balancing? Sounds like > mister groovy security guy needs to take a few steps back and see how > stupid he sounds. Maybe we should give him a break. Sounds like he's > pissed cause he started 30k less than the gang of four and realized he was > duped into doing his bosses dirty work, that way if the former 4 sue the > company the boss is not to blame. > > Come on Adrian, use a real mail address. > > > I started the flame on this one, didn't I ? > > > Thanks-- > > Kevin McCarty > > Computer Sciences Corporation > Defense Sector > > "Obstacles are those annoying little bumps that occur when you take your > eyes off your goals" > > Henry Ford > > > > > "Brian T. Albert" > Sent by: nobody > 12/09/2002 03:37 PM > Please respond to "Brian T. Albert" > > > To: "adrian jones" , "elping" , > "Louis Young" , , > > cc: "Chuck Church" > Subject: RE: Hello (long response) > > > Sounds like your boss should be doing the house cleaning and not you. > Instead of firing 4 CCIEs, maybe because your God's gift to networking you > should mentor, train, and teach instead of strut around with your nose up > in > the air. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > adrian jones > Sent: Monday, December 09, 2002 3:17 PM > To: elping; Louis Young; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Cc: Chuck Church; Security > Subject: Re: Hello (long response) > > > Elping, > Please do NOT make any statements regarding CheckPoint Firewall without > knowing all the facts. I've been working with both Checkpoint and Pix > firewalls. I > even build a few "franken" pix firewalls so that I can learn as much as I > can about > Cisco Pix firewalls. The "franken" pix firewall actually help me landed > my > current job > that pays 100k/year. Both CheckPoint and Pix firewalls have its strength > and > weaknesses. I agree that Cisco TAC is much superior than CheckPoint > support. > The "no text configuration" that you refer to in CheckPoint, you must be > refered to > running CheckPoint on Winblows platforms. NEVER RUN FIREWALL ON A > GENERAL PURPOSE OPERATING SYSTEM. If you worry about cost, check out > CheckPoint SecurePlatform. If you are "unix" literate, does the term > "tcpdump" > mean anything to you? That's how you troubleshoot my friend. > Now if you are talking about cost, Cisco Pix will beat CheckPoint by a > long > shot in > term of performance for your $. However, for a small/medium business, > Checkpoint > does come with a lot of features such as URL filtering (native), http load > balancing, > etc which Pix doesn't have (without 3rd party products). For enterprise > environment, > CheckPoint does come with ClusterXL (aka, load-sharing or Active/Active > Firewall), > which again, Pix doesn't support. Last but not least, CheckPoint does > have > a very nice Management piece called "provider-1" that Cisco Pix doesn't > have. > I do have to say that the price for CP products is totally "outrageous"; > however, CP > is a good product. > In terms of hardware product, you can run CheckPoint on Nokia Platforms > which is > very stable and proven product. New version of Nokia firewalls do come > with > Flash instead of hard-drive so that the reliability is very high. Nokia > is > a big partner > with CP. You can get CP support if you purchase Nokia firewalls from > Nokia. > Nokia > TAC is just as good as Cisco TAC. > I've completed my first week at my new job as a Security Engineer and I am > amazed > at the # of Cisco Certified folks at my company that are completely > incompetent and > downright clueless at what they can do. We are a consulting company and > being in > the consulting business, you are forced to know pretty much about > everything. > I have a couple of CCIEs in the office came to me and ask me how to > restart > sendmail and postfix (we are a linux shop) in linux. Another CCIE asked > me > how to > use "nmap" in unix. The last one is down right funny, one CCIE asked how > to > start > Apache in Solaris. It just seems to me like R&S are all they know and > nothing else. > We also do R&S here but at these times, demands for those have not been > that > great. Therefore, we have to branch into other things such as Security > (PIX, > CheckPoint, Wireless, IDS, etc...) > I brought these issues to my boss attention last wednesday and on thursay > he > > ordered me to 'clean' house. The first thing I did was to send "pink" > slips > to all > > 4 CCIEs in the group and told them that they are fired because they don't > know > > anything other than R&S. They were making $130k/year and sucking almost > all > of > > our budget. > > My advice to everyone out there is to keeping learning other things in > addition to > > the R&S. The market for CCIEs is not as good as it used to be. You > better > know > > other things especially Unix and Firewalls than just merely R&S. There > will > be lot > > of good peopel competing for the same jobs and the only way you can show > the > > potential employers that you are better than the other guy is by showing > them that > > you know other things not just R&S. > > Just my .02c. > > Adrian > > > > elping wrote: > I work with the checpoint firewall ...and let me tell you they are gui > based > and very > easy to coinfigure...but do they suck.....ther is no text configuration . > the debugging > sucks...and most of the times i have called checpoint for support ..i have > done everything by the book...and > they suggest reboot ....sucks .. > > 98 perfecnt of the time they suggest to stop the engine and restart it .. > anyways i think anything that has a hardrive sucks ... > > > i predict they (checkpoint) will die soon if they do not come out with a > hardware product....... > > > > Louis Young wrote: > > > if the topic of security comes,not actually only one vendor of cisco > systems,there are many other options. > > netscreen,checkpoint,etc. > > why stick with cisco,just coz it is stronger?I don't think so :) > > > > ----- Original Message ----- > > From: "Chuck Church" > > To: "Louis Young" ; "Security" > > Sent: Sunday, December 08, 2002 11:22 PM > > Subject: Re: Hello > > > > > Couple reasons actually. I've worked with PIXs and VPN in the past, > and > > > would like to really become stronger in the technology, especially the > IDS > > > and AAA stuff. The R&S hasn't been the 'pot of gold' that it once was, > so > > > I'm still under-employed (only working part time) currently. So > between > > > wanting to further my skills and having the available time to do it, > here I > > > am! > > > > > > Thanks, > > > > > > Chuck Church > > > CCIE #8776, MCNE, MCSE > > > > > > > > > ----- Original Message ----- > > > From: "Louis Young" > > > To: "Chuck Church" ; "Security" > > > > > > Sent: Sunday, December 08, 2002 9:53 AM > > > Subject: Re: Hello > > > > > > > > > > Hi,having seen your active behavior in R/S list for a long time :) > > > > why think about security? > > > > > > > > > > > > > > > > Regards, > > > > Louis > > > > > > > > ----- Original Message ----- > > > > From: "Chuck Church" > > > > To: "Security" > > > > Sent: Sunday, December 08, 2002 12:17 PM > > > > Subject: Hello > > > > > > > > > > > > > All, > > > > > > > > > > I just thought I'd introduce myself. I'm thinking pretty hard > about > > > > > going for the CCIE Security. My current CCIE is R&S. Haven't seen > any > > > > > messages since I joined yesterday, just wondering if there's many > people > > > on > > > > > this list. > > > > > > > > > > Thanks, > > > > > > > > > > Chuck Church > > > > > CCIE #8776, MCNE, MCSE > > > --------------------------------- > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58860&t=58843 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
