The problem seems to steam from the fact that there are so many new technologies rising up all the time. I mean C# for instance is about 2 years old (or less maybe??). Two years experience for production work is crazy. The argument back is that using such a baby technology is crazy too but Java was a high flyer very early on too. But that is off the point of security, yes!?!. My point is that while experience in the given technology might be low, experience in the industry MUST be high and the background solid. I,like many of you I'm sure, deal with live critical servers and words like downtime do not exist in our lives. They can't. That mentality comes from experience. The technology or products I use today might be new and my experience with them might be two hours to two years but my industry experience is high and the professional conduct and handling of a situation comes from that. I have found that these new book readers (21 day experts) miss the most obvious point. They do not see the difference between a LIVE system and a standalone or home system. They have no concept of what a 'critical server/service' is, it's real value.
In security that is not acceptable. The CISSP exam requires three years experience before you even get to sit the exam, for a reason. In an interview for a job you should be able to tell very quickly the real experience level of the candidate. If that experience is valid then I don't care if they are from Mars. Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 -----Original Message----- From: Paul Hosking [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 00:52 To: Meritt James Cc: [EMAIL PROTECTED] Subject: Re: Status Of The IT Talent Pool On Tue, 2002-07-16 at 16:33, Meritt James wrote: > Hay dudes - I didn't write the article! See the last line "Read more > online: Knowledge At Wharton,7/15/02"? Poor James - let loose a flaming maelstrom. :) If memory serves me right, a very similar report was noted on this list last year (I seem to remember the ITAA and H-1B visas were also featured). It sounded really upbeat... infosec was the place to find IT work! Then came the flood of replies that had a similar theme: where's the jobs? It was such a flood that our list moderator ended up announcing that the subject was closed and posting a nice summery of the comments being made. I would have to agree. My own experience has largely been people who are interested in my skill set - but just not quite ready to actually hire. At least not just yet. Maybe in a few months. Or six. -- .: Paul Hosking . [EMAIL PROTECTED] .: InfoSec . 408.829.9402 .: PGP KeyID: 0x42F93AE9 .: 7B86 4F79 E496 2775 7945 FA81 8D94 196D 42F9 3AE9