Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026
Turgon wrote: » I think security jobs will take a clattering over the next five years. It's ballooned and the expense is unsustainable. Even if you are a top player in security any prevailing cuts will impact you one way or another and the market is awash with wannabies. If company budgets tighten they will try to do more with less, or hire less expensive people to do more. Try and get some private sector experience if you can before you jump into government work. I fear there will be many govt contractors hitting the streets over the next few years with a clearance and more or less the same sort of work experience. They will want private sector work.
Ahriakin wrote: » I completely disagree on the actual implementation side (not the many project managers who figured they'd become auditors and security managers for fun). It's extremely hard to find decent security engineers and they are in great demand over here, we've been hiring for over a year and managed to fill 3 spots. The increase in various mandated stds. aswell as the very public rash of breaches in the last year or so have majorly elevated demand. Security by it's nature can't go away, you don't have a network without it, and depending on your mgmts priorities neither can they pass mandatory audits. There are far more R&S candidates out there, that's where you will see the bloat.
phoeneous wrote: » I am! Tisoy for life. Mabuhay!
shodown wrote: » I'm from the US, I live in Baltimore. But I'm a student of how the global game of economics work in the world.
Turgon wrote: » I was contracting as a Network Architect for a Global CRM last year, we were busy expanding seats in the Philippenes call centre..they speak English and are cheap to hire. One can wind down the more expensive US operation along with the IT departments required to support it and expensive building leases for the US based staff.
onesaint wrote: » I don't think you'll find many arguments regarding the exodus of American business to the next cheap labor destination. Whats is interesting to see is the backlash that comes from it (or lack there of). On the security bubble note, I do agree that there is a boom with a bust somewhere on the horizon. However, seeing how "cyberwars" are just beginning to surface shows a need and position for skilled infosec people to fill.
Turgon wrote: » There are all kinds of arguments for and against offshoring.
Turgon wrote: » The cyberwar threat is real although in some quarters overhyped to sell products. There will be a need for skilled people in that area, unfortunately the avenues to get those skills seem to be narrowing. Many people try to move towards it but get quickly bogged down with the clerical and management aspects of the security empire.
onesaint wrote: » Agreed. It becomes quite an elaborate discussion once the pros and cons are weighed out. What makes you think the avenues for skill attainment are drying up? Although I think there is a lot of "fluff" out there, I also think there are some very good sources depending on how deep you dig and effort invested. Can you elaborate on why you see the apths narrowing (other than via clerical work)? Also, what sort of clerical and managerial aspects do you think cause these bogs?
Turgon wrote: » A lot of security work these days is a glorified tick box exercise that sucks up a lot of time and resources unnecessarily. Security is a very important field and I have encountered quite a lot of mediocrity out there. There is an over emphasis on process and paperwork that gets in the way of the mission of the enterprise and far too many people using security as a launching pad for furthering their careers, often without adequate security experience to begin with. It can create a lot of unnecessary work for operations staff who are already busy enough 24/7 keeping the company turning and burning and the customers happy, the people who pay the bills. I think companies have stopped listening to technologists to a large degree and the newly qualified semi skilled crowd have taken over creating an entire culture for themselves. If I suffer another pentest from someone who doesn't understand how TCP works I will scream.
Turgon wrote: » If you know your stuff technically there will certainly be work for you but a lot of security people are semi skilled at best.
Turgon wrote: » Security has peaked and we will see it rationalised the same as any other aspect of a business that has cost. Companies will also start to look at 3rd party SOC solutions more.
Ahriakin wrote: » It's not as Black & White as RS (not implying it takes more skill, but network level Infosec is the definitive grey-area, it's a different mindset...which is probably why you do see so many ineffective infosec engineers out there, they approach it just as the next hot thing without having that mindset).
cxzar20 wrote: » As the saying goes, if you can do your job then security isn't doing theirs
tpatt100 wrote: » I have read several times when studying for my CISSP and school that security should protect but it should not impede people from doing work that needs to be done.
Forsaken_GA wrote: » It'd be nice if most security people read the same things you did They're more concerned with what folks might do as opposed to what they can do (ie, their jobs)
Ahriakin wrote: » Yup, but that is true of any field, it's not security specific. Again I disagree. I think it's still on the ramp up, everything I see in the industry and everything I hear from our recruiters in regards to demand validates this. And Security is one of the last things you can outsource, to be effective it has to be heavily based on context, and that is something 3rd parties will lack. It's not as simple as making sure a tunnel is up, or a filter in place, effective security teams need an end to end understanding of not just the network but the company processes in general. How else can you make a call on whether certain events or flows are an issue or not? It's not as Black & White as RS (not implying it takes more skill, but network level Infosec is the definitive grey-area, it's a different mindset...which is probably why you do see so many ineffective infosec engineers out there, they approach it just as the next hot thing without having that mindset).
Turgon wrote: » If I suffer another pentest from someone who doesn't understand how TCP works I will scream.
docrice wrote: » I'm very curious as to exactly what "doesn't understand how TCP works" means. Are we talking about someone who doesn't know what a three-way handshake is and just pushes a button to run a port scan, or someone who doesn't know in-depth the different set of TCP options each common OS supports?
tpatt100 wrote: » Yeah at my old job they locked down the network strictly to requirements not realizing you can make exceptions to things that will break/ and or reduce productivity as long as you can prove that not implementing the change will not increase risk due to other precautions you have to take. So since they just ran things by the book Symantec admin panel did not work because Java was broken, permissions for users on their own profiles were all jacked up, etc etc. I spent hours trying to reverse engineer what ever registry changes were made because hardly anything worked.
Ahriakin wrote: » Yup, but that is true of any field, it's not security specific. I agree, and the security genre is no different.
phoeneous wrote: » Isn't Nortel still big in the voip arena?
Exclusively for TechExam members. Applies to boot camps starting before April 30, 2026.
