While I have seen some pretty good answers on this thread, I think it all
boils down to commercial industry and government agencies alike getting to
the point where they have enough history with the service to gain some
measure of comfort prior to making the plunge into outsourcing this
activity. In time they will get more comfortable with it. Until then, you
will see ISP's adding this as another profit stream, but not doing an
outstanding job of it. History has shown that they do one thing very well,
providing access. The concept of denial of access will take along time for
them to make the shift in the thought process.
We are entering the stage where there will be many small companies formed to
serve the immediate consumer needs, but there is going to be a weeding out
process over time, and the cream will rise to the top so to speak. Those
companies that are positioned to take advantage of the opportunities, and
have the staff and capital to do it "Right" will reap the benefits in the
long run.
Who will buy this service? Those that are either extremely visionary and
decisive, or those forced into it due to economic factors and lack of
skilled labor. With demand growing at a much faster rate than supply of
experts, it will be years before the trend begins to reverse itself.
> -----Original Message-----
> From: Adam Pendleton [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, August 22, 2000 2:28 PM
> To: '[EMAIL PROTECTED]'; J Weismann;
> [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Online Security Services and Continous Risk Management
>
> As someone who is getting into this business the easy answer is yes, we do
> have the same problem. At the same time, consider this. If twenty
> companies are looking to fill 2 positions each for security people than
> you
> have a demand of 40 jobs. Let's say that there are 10 security people
> available for hire. That's a pretty big job shortage, and the chances of
> any one company filling their entire security staff is small. However, if
> each of those 20 companies hires one online security company, which only
> needs 5 security people to manage those 20 companies, then you have a job
> surplus. So while you still have problems finding people to fill security
> positions, the total number of jobs that need filling are less than the
> total would be if each company was doing security in-house.
>
>
> Adam H. Pendleton
> INFOSEC Engineer
> Corbett Technologies, Inc.
> Alexandria, Virginia
> USA
>
> Work:
> http://www.corbett-tech.com
>
> Fun:
> http://www.randjonline.net
>
> Si hoc legere scis nimium eruditionis habes.
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, August 22, 2000 1:40 PM
> > To: J Weismann; [EMAIL PROTECTED];
> > [EMAIL PROTECTED]
> > Subject: Re: Online Security Services and Continous Risk Management
> >
> >
> > Let's get back on topic here.. I tried to prevent this thread
> > from going
> > down the path of the hiring process. Regardless of the fact, it is
> > consultant's market out there. For some of us, it is what we
> > bring to the
> > table and how an organization can maximize their ROI on that
> > person. But
> > that is other discussion on drive, philosophy and such, that
> > I don't want
> > to go into.
> >
> > I was a NOC monkey and sys admin for a long time, and I
> > really enjoyed the
> > fast pace thrill of ripping a Telco provider apart or
> > answering 15 lines at
> > once, resetting 50 or so routers at once after a OC-3 routing
> > flap. Hey,
> > but that was a long time ago.
> >
> > Online Security Service are promoting the fact, that business
> > can't hire
> > the staff, or retain them long enough to ensure that all the security
> > vulnerabilities are being addressed. So therefore, aren't the online
> > security services having the same problem hiring qualified help??
> >
> > /mark
> >
> > At 01:35 PM 8/22/00 -0400, J Weismann wrote:
> >
> > >Actually chief, I just interviewed for a job in a NOC center
> > in Boston
> > >monitoring firewall trafic and data coming in and out of web
> > servers, F5
> > >load balancers, routers, etc. Seems to me that although I
> > got a CCNA and
> > >some Raptor XP, they still want me even though I don't know
> > Checkpoint or
> > >Unix. It truly is all about the interview and sadly how well you can
> > >convince them of your skills. I am not saying my skills are
> > subpar, or
> > >that I won't learn anything new, just that with so few
> > people willing to
> > >jump into network monitoring and/or security, some companies
> > will hire on
> > >whomever that can meet some of their critera. It truly is a
> > buyers market
> > >out there for people who are hungry to learn. They were
> > going to pay for
> > >my CCIE training even though it could run upwards of 15k or more.
> > >
> > >
> > >In conclusion, check with past and current customers of the service
> > >provider to see how they fare. If they don't provide you
> > with numbers with
> > >some, I would not go with them. Most folk in the industry
> > will gladly tell
> > >you of those that are happy with them and the service they provide...
> > >
> > >
> > >"Layer 4 and up is for End Users"
> > > -Anonymous CCNA
> > >
> > >
> > >
> > >
> > >>
> > >> Regardless of how they store the information on your
> > network there
> > >>still needs to be some access granted. A company like this
> > would have to
> > >>have a pretty stringent hiring process and background check
> > at the minimum
> > >>as well as good logging of who accesses client company
> > information. I
> > >>suspect that they could be held liable if information they
> > have on your
> > >>network is used to break into your network. I thought
> > NetworkICE offered
> > >>those type of services as well as their Intrusion Detection
> > products. If
> > >>not it would be a good field for you guys to get into. You
> > could progress
> > >>from vendor support to installs to intrusion detection
> > consulting. A good
> > >>way to capitolize on existing talent.
> > >>
> > >>
> > >>Regards,
> > >>Jeffery Gieser
> > >>
> > >>-
> > >>[To unsubscribe, send mail to [EMAIL PROTECTED] with
> > >>"unsubscribe firewalls" in the body of the message.]
> > >
> > >
> > >
> > >
> > >_____________________________________________________________
> > ___________
> > >Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
