Cisco To Fire 10,000 People

phoeneous

NOC-Ninja wrote: »

are you from there?

I am!

Tisoy for life. Mabuhay!

shodown

NOC-Ninja wrote: »

are you from there?

I'm from the US, I live in Baltimore. But I'm a student of how the global game of economics work in the world.

onesaint

shodown wrote: »

I'm from the US, I live in Baltimore. But I'm a student of how the global game of economics work in the world.

+1

Although, Im often baffled by the moves that are made in the game.

Ahriakin

Turgon wrote: »

I think security jobs will take a clattering over the next five years. It's ballooned and the expense is unsustainable. Even if you are a top player in security any prevailing cuts will impact you one way or another and the market is awash with wannabies. If company budgets tighten they will try to do more with less, or hire less expensive people to do more. Try and get some private sector experience if you can before you jump into government work. I fear there will be many govt contractors hitting the streets over the next few years with a clearance and more or less the same sort of work experience. They will want private sector work.

I completely disagree on the actual implementation side (not the many project managers who figured they'd become auditors and security managers for fun). It's extremely hard to find decent security engineers and they are in great demand over here, we've been hiring for over a year and managed to fill 3 spots. The increase in various mandated stds. aswell as the very public rash of breaches in the last year or so have majorly elevated demand. Security by it's nature can't go away, you don't have a network without it, and depending on your mgmts priorities neither can they pass mandatory audits. There are far more R&S candidates out there, that's where you will see the bloat.

NOC-Ninja

Ahriakin wrote: »

I completely disagree on the actual implementation side (not the many project managers who figured they'd become auditors and security managers for fun). It's extremely hard to find decent security engineers and they are in great demand over here, we've been hiring for over a year and managed to fill 3 spots. The increase in various mandated stds. aswell as the very public rash of breaches in the last year or so have majorly elevated demand. Security by it's nature can't go away, you don't have a network without it, and depending on your mgmts priorities neither can they pass mandatory audits. There are far more R&S candidates out there, that's where you will see the bloat.

What requirements do they have for a security engineers?

In my work, we have 2 security engineers. The other one has a CCSP but he has probably 5 years experience with IDS, ASA, ASDM and IPS. The other one has no certifications at all but have the same years of experience.

I know 2 other security engineers that doesnt even know anything about networks and just kiss ass just to keep their jobs.

IMO a CCIE RS will be able to transition to security easily compare to a security engineer that doesnt have an IE. CCIE have network security part and deals with some security devices. You probably know that.

I believe that there will always be jobs for IE RS and IE-Sec even in the future. Its tough to find a IE RS or Security here in my location.

NOC-Ninja

phoeneous wrote: »

I am!

Tisoy for life. Mabuhay!

kabayan!

-DeXteR-

I'm Getting to hear a lot about Alcatel . And yes our company is planning to move to msp platform from cisco in coming days gradually .

Turgon

Ahriakin wrote: »

I completely disagree on the actual implementation side (not the many project managers who figured they'd become auditors and security managers for fun). It's extremely hard to find decent security engineers and they are in great demand over here, we've been hiring for over a year and managed to fill 3 spots. The increase in various mandated stds. aswell as the very public rash of breaches in the last year or so have majorly elevated demand. Security by it's nature can't go away, you don't have a network without it, and depending on your mgmts priorities neither can they pass mandatory audits. There are far more R&S candidates out there, that's where you will see the bloat.

Specialist implementors should remain employable. That certainly includes strong R&S professionals with enterprise experience and particularly service provider experience. We are looking and if you really can handle supporting a complex service provider infrastructure and do know your stuff regarding spanning-tree, VPLS, MPLS and far too many technologies to list, including ASA, ACE, FWSM, CSM, IPS, IDS, Checkpoint then you are very employable. While I see the need for audit, standards and process, without a few people somewhere in your organisation who deeply understand how things actually work you are a bit stuffed if you truly want to do security properly. Top implementers can be hard to find and one reasons is many have moved into the more clerical side of security work. If you know your stuff technically there will certainly be work for you but a lot of security people are semi skilled at best. Security has peaked and we will see it rationalised the same as any other aspect of a business that has cost. Companies will also start to look at 3rd party SOC solutions more. It's a quandry because I agree the demands are growing because of threats and compliance. I see people increasingly asked to wear different hats to consolidate costs which is fine for someone experienced like myself as security has been an inherent part of my job for years, as it should be for any R&S professional. Pentesting, BS7759 audits, PCI, firewall policys and standards which I author, etc etc. At the end of the day, head office looks for savings and if the corporate cost pie chart looks bad they will consolidate and axe jobs. If a large security department is expected to lose people on the clerical side, then the Harvard MBA exec will expect a technical person or two to go as well to keep the peace, because the department is getting smaller anyway, because 'technology will solve the problem', because they have never supported firewall clusters and are clueless on the risk and complexity of technical security work, and also partly because the need for technical security specialists has been somewhat obscured by all this security paperwork flying around.

Turgon

shodown wrote: »

I'm from the US, I live in Baltimore. But I'm a student of how the global game of economics work in the world.

I was contracting as a Network Architect for a Global CRM last year, we were busy expanding seats in the Philippenes call centre..they speak English and are cheap to hire. One can wind down the more expensive US operation along with the IT departments required to support it and expensive building leases for the US based staff.

onesaint

Turgon wrote: »

I was contracting as a Network Architect for a Global CRM last year, we were busy expanding seats in the Philippenes call centre..they speak English and are cheap to hire. One can wind down the more expensive US operation along with the IT departments required to support it and expensive building leases for the US based staff.

I don't think you'll find many arguments regarding the exodus of American business to the next cheap labor destination. Whats is interesting to see is the backlash that comes from it (or lack there of).

On the security bubble note, I do agree that there is a boom with a bust somewhere on the horizon. However, seeing how "cyberwars" are just beginning to surface shows a need and position for skilled infosec people to fill.

Turgon

onesaint wrote: »

I don't think you'll find many arguments regarding the exodus of American business to the next cheap labor destination. Whats is interesting to see is the backlash that comes from it (or lack there of).

On the security bubble note, I do agree that there is a boom with a bust somewhere on the horizon. However, seeing how "cyberwars" are just beginning to surface shows a need and position for skilled infosec people to fill.

There are all kinds of arguments for and against offshoring. The cyberwar threat is real although in some quarters overhyped to sell products. There will be a need for skilled people in that area, unfortunately the avenues to get those skills seem to be narrowing. Many people try to move towards it but get quickly bogged down with the clerical and management aspects of the security empire.

powerfool

Let's face it, there are a lot of people that get into IT because of commercials that they have seen that say you can come to our overpriced school for a year and walk out of here making boatloads of cash. Back in 2001-2003, displaced workers from the airline industry to received extra cash to do IT training, so there were lots of people doing A+, Network+, MCSA, and even MCSE and CCNA. These people had no IT background at all. I went to one of these schools because I thought that heading down a path to take seven exams would be more structured if I was going through a routine... when in reality, it was all self-study anyhow. At that time, 90% of my classmates were new to IT; several were security guards, one was a truck driver.... I applaud their courage to change their professions and make a better life, but they really were not cut out for IT. Out of all of us, two of us were already in IT... two of us attained our MCSEs, and two of us are in IT now (from those I have talked with).

When the economy is in the can... job changes can be even harder, and folks with a few pieces of paper are likely to be in for a rude awakening.

The same is true for security... there really is a shortage of qualified folks to do security... and there are a ton of unqualified and under qualified individuals in these roles right now. It will really be a correction in the job market. I think that the work that is being done is very important and becoming moreso, but companies need people that can actually do the work and think on their toes.

onesaint

Turgon wrote: »

There are all kinds of arguments for and against offshoring.

Agreed. It becomes quite an elaborate discussion once the pros and cons are weighed out.

Turgon wrote: »

The cyberwar threat is real although in some quarters overhyped to sell products. There will be a need for skilled people in that area, unfortunately the avenues to get those skills seem to be narrowing. Many people try to move towards it but get quickly bogged down with the clerical and management aspects of the security empire.

What makes you think the avenues for skill attainment are drying up? Although I think there is a lot of "fluff" out there, I also think there are some very good sources depending on how deep you dig and effort invested. Can you elaborate on why you see the apths narrowing (other than via clerical work)? Also, what sort of clerical and managerial aspects do you think cause these bogs?

Turgon

onesaint wrote: »

Agreed. It becomes quite an elaborate discussion once the pros and cons are weighed out.

What makes you think the avenues for skill attainment are drying up? Although I think there is a lot of "fluff" out there, I also think there are some very good sources depending on how deep you dig and effort invested. Can you elaborate on why you see the apths narrowing (other than via clerical work)? Also, what sort of clerical and managerial aspects do you think cause these bogs?

A lot of security work these days is a glorified tick box exercise that sucks up a lot of time and resources unnecessarily. Security is a very important field and I have encountered quite a lot of mediocrity out there. There is an over emphasis on process and paperwork that gets in the way of the mission of the enterprise and far too many people using security as a launching pad for furthering their careers, often without adequate security experience to begin with. It can create a lot of unnecessary work for operations staff who are already busy enough 24/7 keeping the company turning and burning and the customers happy, the people who pay the bills. I think companies have stopped listening to technologists to a large degree and the newly qualified semi skilled crowd have taken over creating an entire culture for themselves. If I suffer another pentest from someone who doesn't understand how TCP works I will scream.

shodown

Turgon wrote: »

A lot of security work these days is a glorified tick box exercise that sucks up a lot of time and resources unnecessarily. Security is a very important field and I have encountered quite a lot of mediocrity out there. There is an over emphasis on process and paperwork that gets in the way of the mission of the enterprise and far too many people using security as a launching pad for furthering their careers, often without adequate security experience to begin with. It can create a lot of unnecessary work for operations staff who are already busy enough 24/7 keeping the company turning and burning and the customers happy, the people who pay the bills. I think companies have stopped listening to technologists to a large degree and the newly qualified semi skilled crowd have taken over creating an entire culture for themselves. If I suffer another pentest from someone who doesn't understand how TCP works I will scream.

I complain about this to my wife every single day. Most IT "Professionals" hate being group in with the "IT worker". There is a huge difference in talent, skill, knowledge, and wisdom.

LoMo

I do wish there were more paths for us up and comers to learn and grow.

Ahriakin

Turgon wrote: »

If you know your stuff technically there will certainly be work for you but a lot of security people are semi skilled at best.

Yup, but that is true of any field, it's not security specific.

Turgon wrote: »

Security has peaked and we will see it rationalised the same as any other aspect of a business that has cost. Companies will also start to look at 3rd party SOC solutions more.

Again I disagree. I think it's still on the ramp up, everything I see in the industry and everything I hear from our recruiters in regards to demand validates this. And Security is one of the last things you can outsource, to be effective it has to be heavily based on context, and that is something 3rd parties will lack. It's not as simple as making sure a tunnel is up, or a filter in place, effective security teams need an end to end understanding of not just the network but the company processes in general. How else can you make a call on whether certain events or flows are an issue or not? It's not as Black & White as RS (not implying it takes more skill, but network level Infosec is the definitive grey-area, it's a different mindset...which is probably why you do see so many ineffective infosec engineers out there, they approach it just as the next hot thing without having that mindset).

Forsaken_GA

Ahriakin wrote: »

It's not as Black & White as RS (not implying it takes more skill, but network level Infosec is the definitive grey-area, it's a different mindset...which is probably why you do see so many ineffective infosec engineers out there, they approach it just as the next hot thing without having that mindset).

I agree with you. I absolutely loathe security, and we have dedicated security people, but some of the things they do, and some of the problems they overlook just boggle my head. I handle security issues as a by-product of my normal job functions, but I'd make a better security engineer than many of our dedicated security folks.

cxzar20

As the saying goes, if you can do your job then security isn't doing theirs

tpatt100

cxzar20 wrote: »

As the saying goes, if you can do your job then security isn't doing theirs

I have read several times when studying for my CISSP and school that security should protect but it should not impede people from doing work that needs to be done.

Forsaken_GA

tpatt100 wrote: »

I have read several times when studying for my CISSP and school that security should protect but it should not impede people from doing work that needs to be done.

It'd be nice if most security people read the same things you did They're more concerned with what folks might do as opposed to what they can do (ie, their jobs)

DevilWAH

In terms of security, I do work for a few big oil companys and Global Finance Banks, I can assure you there are still plenty of security jobs going. And none of these companys are looking to out sorce. Some seriously skilled security engineeering inhouse!

as with ever thing it depenes what you need. Yes medioca security is getting simpler and more tick a few boxes and generic. And fine for you average company, but I havent yet seen it going from the major companys.

its like anything, what a few years ago was thought of as "complex" is now run of the mill. but there will always be work for the top skill levels in security for as long as there are networks and computer systems around. Security has been an issue since the first network was built (no make that the first computer), and its not an issues that will sundly stop!

As for CISCO it's self, I think it will be around for a long while yet, I do think it needs to regroup, but I think its still at the front in terms of new tehnologies.

yes more and more compinies are starting to play a part in the field, but I don't see any of them breaking new gound. Just covering what has already been done (may be cheaper OK, and some times better), but the compinies who survice will be the ones that make the leap with new ideas and take the network industry forward, with the other following.

So can CISCO regroup and find that next golden egg that will keep them ahead of the game, or will one of the others get there first.

I remember not to long ago, a lot of people saying the same about intel and how AMD where snapping at there heels with product that where better and cheaper. For a while it did look like AMD might start to tip the balance, but Intel pulled it togather, got a few good products togather and pull away once more. And AMD are still playing catch up.

I dont think CISCO are struggling, but nither do i think they have the buffer they had even a few years back. They still have time to pull it out of the bag, but every day the competition is closing in.

tpatt100

Forsaken_GA wrote: »

It'd be nice if most security people read the same things you did They're more concerned with what folks might do as opposed to what they can do (ie, their jobs)

Yeah at my old job they locked down the network strictly to requirements not realizing you can make exceptions to things that will break/ and or reduce productivity as long as you can prove that not implementing the change will not increase risk due to other precautions you have to take.

So since they just ran things by the book Symantec admin panel did not work because Java was broken, permissions for users on their own profiles were all jacked up, etc etc. I spent hours trying to reverse engineer what ever registry changes were made because hardly anything worked.

snokerpoker

I heard about this. Sucks they are cutting off that many jobs!

chrisone

Ahriakin wrote: »

Yup, but that is true of any field, it's not security specific.




Again I disagree. I think it's still on the ramp up, everything I see in the industry and everything I hear from our recruiters in regards to demand validates this. And Security is one of the last things you can outsource, to be effective it has to be heavily based on context, and that is something 3rd parties will lack. It's not as simple as making sure a tunnel is up, or a filter in place, effective security teams need an end to end understanding of not just the network but the company processes in general. How else can you make a call on whether certain events or flows are an issue or not? It's not as Black & White as RS (not implying it takes more skill, but network level Infosec is the definitive grey-area, it's a different mindset...which is probably why you do see so many ineffective infosec engineers out there, they approach it just as the next hot thing without having that mindset).

I think security will always be in high demand and that is because the ever evolving nature of threats. Routing protocols rarely if ever change, look at the last time ospf and eigrp changed, it was for IPv6 and it still isnt used till this day. I feel security will be in high demand in the next 5 to 10 years due to all the high profiled hacks these last 3 years. You might have to thank lulzsec or anon if you get hired with a high pay salary for your security skills, paranoia is a motherfu...er lol

But thats just my opinion

docrice

Turgon wrote: »

If I suffer another pentest from someone who doesn't understand how TCP works I will scream.

I'm very curious as to exactly what "doesn't understand how TCP works" means. Are we talking about someone who doesn't know what a three-way handshake is and just pushes a button to run a port scan, or someone who doesn't know in-depth the different set of TCP options each common OS supports?

L0gicB0mb508

docrice wrote: »

I'm very curious as to exactly what "doesn't understand how TCP works" means. Are we talking about someone who doesn't know what a three-way handshake is and just pushes a button to run a port scan, or someone who doesn't know in-depth the different set of TCP options each common OS supports?

I can see what he is saying. I've met several infosec "professionals" that don't understand the concepts of networking or protocols. It does seem like people are jumping on the security bandwagon without ever being properly trained, or putting their time in. I would take some kids out of college that had the mindset than someone who has been in the field for years and doesn't have that security mindset however. Pentesting is a really good example of that. If you do not understand the underlying concepts of what you are doing, you do not need to be there. I find that a lot of security test people are just pushing a button these days.

instant000

With regards to previous comments on government contractors: there are some brilliant people, and there are some clueless fluff.

One guy had to be told what a "loopback address" was. .. another didn't know what "stateful" meant, and these are Network Security Engineers!

And I can echo the comments about there being lots of management fluff in organizations. Heck, there's one report we send out, that is basically a rehash of an email that already gets sent out. I was like huh? So, we send these emails so someone can process them, and make a job out of that? Are you kidding me?

And with regards to Vendor X, or Vendor Y, it doesn't really matter that much. If you understand how it really works, it's all about the syntax after that, as a previous poster stated. You had to have known that two of the first Cisco Certified Architects were hired away by HP, didn't you?
First 2 Cisco Certified Architects (CCAr) jump to HP Networking - Brad Reese
^^^ I like to read both positives and negatives. At best, Mr. Reese could be called a "realist" at worst, a "basher". One reason that I will read coverage from foxnews, msnbc, foreign countries, including the DPRK web site, is to get different slants on the same story ... no need to be unnecessarily misinformed because I let one point of view cloud my judgement.

binarysoul

Does Nortel rings a bell?

They too started this way and now all is left is dust!

higherho

tpatt100 wrote: »

Yeah at my old job they locked down the network strictly to requirements not realizing you can make exceptions to things that will break/ and or reduce productivity as long as you can prove that not implementing the change will not increase risk due to other precautions you have to take.

So since they just ran things by the book Symantec admin panel did not work because Java was broken, permissions for users on their own profiles were all jacked up, etc etc. I spent hours trying to reverse engineer what ever registry changes were made because hardly anything worked.

Sounds like they need to know how to STIG properly!