Options
CISSP or aspiring CISSP's looking for a DoD or commercial job
Before I give you a run-down on how my job prospects are going, I willl give a Reader's Digest version of my experience...
I used to work for the US Government directly as a Foreign Service Information Management Officer at a few US Embassies. I've gone DoD contractor since then. Most people I know who tried to get in line with the DoD 8570 requirements, both GS and contractors, got their CISSPs back in late 2010, or they get the ISSM's to extend every six months. The rest of us didn't have to be CISSP's for our jobs, but those who have the skills and work in security are a little short-sighted if they work in the contractor world and don't seek additional certs. CISSP is not a free pass, but those who know its value outside of DoD 8570 savvy understand that anyone who takes and passes this test likely went through their own and quite personal 'crucible.'
When contracts end, those with the skills and without the certs can and do find themselves jobless for extended periods. If you do anything IA for the government, recruiters and HR won't even give you the time of day for senior positions without the CISSP, CCIE, or PMP certifications. I am working but silently on the lookout again, and I am finding that staffing companies who bid on DoD contracts are cutting themselves to the bone to compete with others. They collect CV's for jobs they don't yet have so they can legitimately bid on said contracts, then IF they get the win, they re-advertise the position and seriously offer low pay, and try to tell me that what they are offering is the 'industry standard.' Show me a CISSP who will work for $30 an hour as a 1099 DoD contractor, and I will show you someone who does it to feed his/her family while looking for another position at least 5 minutes of every working hour, and every waking moment at home.
Even I am limited in my abilities to be completely marketable, as my Master's degree in East European History and two Bachelors in History and English get me nowhere. A CISSP gets my foot in the door, but there are jobs outside of DoD where they also want a technical degree. I want to break into the commercial world BIG-TIME. CISO is the way to go for those who are motivated, or owning your own consulting business is also a good idea for those who are motivated AND have the Hustle gene. I have that hustle, but need to pad my bank account a little better before I take 'The Nestea Plunge' as I have a wife and a dog to feed.
In my very HUMBLE Opinion, I believe that FLAME virus is a game-changer. My own personal beliefs about whether a nation-state (if responsible) should have opened such a Pandora's Box aside, using a virus that has its own database, and does all that Kapersky labs says, then FLAME alone will call the very nature of TCP/IP security into question. Our job will be to shore up faith in a system that can work if businesses and other entities follow their policies, or enact new and more effective policies and procedures.
In IA, we are all used to damage-control with no budget. I suspect budgets will be approved, and that Mr. Tipton going CBT to increase availablity to CISSP and SSCP was a sound and reasonable idea. This world needs a lot more of us, and FAST. Our baseline salaries may falter with an exponentially increased influx of CISSP's, but that is a danger for any position if one thinks about it. Besides, those of us who have the drive and initiative can make a name for ourselves and find the wealth...it's out there!
I used to work for the US Government directly as a Foreign Service Information Management Officer at a few US Embassies. I've gone DoD contractor since then. Most people I know who tried to get in line with the DoD 8570 requirements, both GS and contractors, got their CISSPs back in late 2010, or they get the ISSM's to extend every six months. The rest of us didn't have to be CISSP's for our jobs, but those who have the skills and work in security are a little short-sighted if they work in the contractor world and don't seek additional certs. CISSP is not a free pass, but those who know its value outside of DoD 8570 savvy understand that anyone who takes and passes this test likely went through their own and quite personal 'crucible.'
When contracts end, those with the skills and without the certs can and do find themselves jobless for extended periods. If you do anything IA for the government, recruiters and HR won't even give you the time of day for senior positions without the CISSP, CCIE, or PMP certifications. I am working but silently on the lookout again, and I am finding that staffing companies who bid on DoD contracts are cutting themselves to the bone to compete with others. They collect CV's for jobs they don't yet have so they can legitimately bid on said contracts, then IF they get the win, they re-advertise the position and seriously offer low pay, and try to tell me that what they are offering is the 'industry standard.' Show me a CISSP who will work for $30 an hour as a 1099 DoD contractor, and I will show you someone who does it to feed his/her family while looking for another position at least 5 minutes of every working hour, and every waking moment at home.
Even I am limited in my abilities to be completely marketable, as my Master's degree in East European History and two Bachelors in History and English get me nowhere. A CISSP gets my foot in the door, but there are jobs outside of DoD where they also want a technical degree. I want to break into the commercial world BIG-TIME. CISO is the way to go for those who are motivated, or owning your own consulting business is also a good idea for those who are motivated AND have the Hustle gene. I have that hustle, but need to pad my bank account a little better before I take 'The Nestea Plunge' as I have a wife and a dog to feed.
In my very HUMBLE Opinion, I believe that FLAME virus is a game-changer. My own personal beliefs about whether a nation-state (if responsible) should have opened such a Pandora's Box aside, using a virus that has its own database, and does all that Kapersky labs says, then FLAME alone will call the very nature of TCP/IP security into question. Our job will be to shore up faith in a system that can work if businesses and other entities follow their policies, or enact new and more effective policies and procedures.
In IA, we are all used to damage-control with no budget. I suspect budgets will be approved, and that Mr. Tipton going CBT to increase availablity to CISSP and SSCP was a sound and reasonable idea. This world needs a lot more of us, and FAST. Our baseline salaries may falter with an exponentially increased influx of CISSP's, but that is a danger for any position if one thinks about it. Besides, those of us who have the drive and initiative can make a name for ourselves and find the wealth...it's out there!
Comments
-
Options
nomadically
Member Posts: 26 ■□□□□□□□□□
Nice write up Kalkan,
I'm currently working in the Dept of State / Foreign Service. I've worked several years overseas supporting U.S. Consulates and Embassies as an IMS/ISO/IMO. I respect your goal of leaving it and going the commerical route. Times are tough but the world will always need those focused on IT security. It's just getting the rest of the world to understand that. I was a contractor before going Fed and left that life back in the late 90's due to some of the same points you mentioned.
Keep fighting the good fight! -
Options
kalkan999
Member Posts: 269 ■■■■□□□□□□
nomadically wrote: »Nice write up Kalkan,
I'm currently working in the Dept of State / Foreign Service. I've worked several years overseas supporting U.S. Consulates and Embassies as an IMS/ISO/IMO. I respect your goal of leaving it and going the commerical route. Times are tough but the world will always need those focused on IT security. It's just getting the rest of the world to understand that. I was a contractor before going Fed and left that life back in the late 90's due to some of the same points you mentioned.
Keep fighting the good fight!
I maintain regular contact with my fellow IMS buddies from my class. It's now 11 years later and I hear horror stories about how they are losing their benefits, the rift between specialist and generalist has wideneed once again, at least sporadically, and that EVERYONE misses Colin Powell...He was truly our Rock Star. I was hired under the Diplomatic Readiness Initiative, but I saw the writing on the wall beginning with Condi Rice...I had hoped that Clinton would have put things right, but I know that so many of you are stuck at FS-4 positions, while only a couple fast-tracked to FS-3. Funding for training for IMS is almost dried up, from what I understand, so CISSP is almost a self-study endeavor for a lot of people I know. It is for this reason that I am HAPPY that CISSP has gone CBT and that more people can take it, to include some VERY sharp FSN's who worked for me when I was an ISO/ISSO.
To me, nomadically, you and others like you are 'fighting the good fight.' I have some FANTASTIC memories of places I visited and Embassies I was assigned whether TDY or permanently stationed. -
Optionsnomadically
Member Posts: 26 ■□□□□□□□□□
I was one of the lucky ones that reached FS-3 last year. Unfortunately, the IMSes still have some of the longest time in-grade and lowest percentages, compared to generalists, when it comes to promotions (15% of my IMS colleagues were promoted compared to 65% of the generalists in the FS4-3 jump) . I was comtemplating moving back into private industry if I didn't make the jump to 03 last year. The benefits of travel and working with fantastic FSN/LESes around the world, are what's kept me in the Service this far. Now I'll have to decide if the wait for another promotion, whether its a couple years or 10 years is going to be worth it.. And you're right, there's only a handful of CISSPs in the Department right now. Luckily I know a couple for my endorsement. We'll see if the CBT opens it up for more people to take. I had to wait till I returned to the U.S. before I could schedule time, take a course and the exam. Luckily it all worked out but your right, it was mainly a self-study endeavour.
-
Options
rwmidl
Member Posts: 807 ■■■■■■□□□□
Interesting thread. I've applied twice for IMS positions but never have gotten the invite to the OA's. This is interesting to me to read you guys thoughts on it!CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS -
Options
Jacob18
Member Posts: 26 ■□□□□□□□□□
@kalkan
I've been saying for awhile that FLAME is a game changer. I believe it is similiar to the change in cryptography once the government let the cat out of the bag. Immediately afterwards universities, researchers, and others had something to work with in the field. Cryptography exploded in both knowledge and use. Flame has also given researchers, governments, criminals, and many others something to tinker with, modify and improve.
Detection systems will also evolve in response to flame and what will surely follow. Hoover wished he had this....
The security field just became more complicated and interesting. Shorthanded indeed. But, the best will rise to the top and probably be paid in accordance (pun intended). It's going to fun to watch and hopefully participate in the field. How do you catch programs like this to prevent damage? Imagine what flame could do in the financial, political, or government sectors. Although, we've seen a hint, more will follow. Just my thoughts. -
Options
spicy ahi
Member Posts: 413 ■■□□□□□□□□
Couldn't have said it better myself. And thanks for revealing my career gameplan to everyone.
Spicy :cool: Mentor the future! Be a CyberPatriot!
