The Work Thread

Arkandel

@Tinuviel said in The Work Thread:

To continue my point, but branch out a little, that's one of the biggest problems I have with the education system I work under. We're told to teach, rather than educate, and we reward memory rather than comprehension and understanding.

The educational system in Greece was terrible in that regard. I have friends who had to study History to get into university to study completely unrelated subjects (Accounting, for example) and had to painstakingly memorize completely trivial information - including the wording on the page.

The idea was that although officially if you conveyed all of the information from the source material the grader had to award full marks for it, in practice it was safer to quote "the book" so that was the goal. I had friends who had spent a year committing to memory things they admitted they mostly forgot within a month of writing their test.

And get this - they were advised against expressing their own opinions on the same tests because, once again, it was simply safer to memorize full lists of potential answers written by respected academics and quote those.

What a magnificent system that was. I had to also study and be tested in chemistry to study Computer Science because reasons.

Macha

Not a teacher. Finally have hope with an interview on Tuesday for a good job - and even better, working in the same place with a friend who is awesome and totally supporting me in this (she referred me)

Ghost

@Tyche said in The Work Thread:

@Ghost said in The Work Thread:

You have to upkeep the certificate with study/conventions/seminars or you lose it. So it's like a kind of bonding.

And pay $700 to pass go. It's a good racket.

Average CISSP salary is 122,300.

$700 of that is 0.5723630417007358.

To upkeep it you need 120 study credits across 3 years or retake the exam. $125 a year for ISC(2) membership, which is less than one of my cell phone bills.

I mean, if paying 0.57% of a 122,300 salary or $125/year (0.10220768601798855% of a $122,300 average salary) is a racket, then I suppose you're the smart one for opting out!

Tinuviel

@Ghost said in The Work Thread:

Average CISSP salary is 122,300.

If you're right in saying that more and more people will be going into security, will there be such a glut of people with this qualification that the salary will drop?

Carex

@Auspice said in The Work Thread:

Creativity isn't always 'on tap.'

I have a trick for that.
I keep a separate file of stuff related too but unlikely to fit into the book I'm working on. Things that are not so relevant that they should be in the book or scene ideas. I'll grab one of these random tangents to flesh out and get the juices flowing knowing that one day those random tangents might end up being in a second book or needed in a later chapter.

Some times you can't power through writer's block but you can go around it.

Ghost

@Tinuviel said in The Work Thread:

@Ghost said in The Work Thread:

Average CISSP salary is 122,300.

If you're right in saying that more and more people will be going into security, will there be such a glut of people with this qualification that the salary will drop?

Not likely, no. The majority of people working in cybersecurity are either skilled/experienced people without degrees/certs or college grads who dont have further certs. Focused cybersecurity roles like the CISSP and CEH (certified ethical hacker) are the top certs, and the number of people who hold those isn't skyrocketing.

The salary, despite continued growth in numbers, remains in the $85,000-145,000/USD range.

I've been watching job postings for a few years now and the new trent seems to be listing a Bachelors degree as desired but InfoSec certs like CISSP and GSEC as highly desired. So despite being biased I tell most anyone I hear who is looking to get into IT work to focus on Cloud Engineering and Cybersecurity, because old school server farm Ops work is on the decline and extensive technical controls are on the rise.

Tyche

@Ghost There are 87,000 certified just in the US. At $700 each that's 60 million dollars.
I'm way low balling this, by not including the rest of the world, fails, re-certification, membership fees.
That's what I mean by 'racket'.

Ghost

@Tyche Well, truth is the problem with degrees in IT is that a 40 year old who got a BS in Computer Science right after high school got a whole lotta training on Windows NT/2000.

Certs answer the problem of maintaining education that is current. You can get your A+, Security+, etc, but if you got your Security+ 10 years ago, it was based on tech that was prevalent at the time. A lot of certs are "One and done."

So the question becomes "How can a cert guarantee a certain level of CURRENT competence?" as well as "How can I prove that my cert PROVES my current level of competence?"

ISC(2) and some other certification boards are starting to answer that with certs that are more expensive to obtain, include vetting for experience within the industry, yearly dues into a bonding-type organization that you can get kicked out of for misbehaving, and requirements on yearly training/study to upkeep your cert.

It's really no different than board certification for doctors, pharmacists, etc. I dont feel that it's a racket at all, because to POSSESS and MAINTAIN a cert with a reputable certification board is worth its weight, and will currently put you ahead of people with Bachelor degrees.

silverfox

@Ghost

I really liked your thoughts on this.

Arkandel

@Ghost IT is different. I interview (and hire) TechOps on a regular basis, and their education or certifications can simply get people the interview. That's it, they get to walk in.

After that it'll be all based on how they can answer technical questions, how they troubleshoot problems, if they can effectively communicate different approaches and overall show they can respond to real situations our teams face on a regular basis.

But that approach definitely doesn't fit every field.

Ghost

@Arkandel Right, IT is very different.

I have interviewed people who, on paper, sound great: Bachelors degree, a long list of tech jargon (cloud, linux, shell scripting, Jenkins, automation, etc etc etc), and then you find out in the interview that they're right out of college, applied these tech skills in a training environment, or simply used preconfigured instructions. They don't really know the tech or how to admin it, but they touched it so I guess put it on the app, right?

Our IT hiring is the same way. The pecking order from my perspective is:

• Certs + Experience + College
• Certs + Experience
• College + Certs
• Experience/College

Tech training in India fucks everything up a bit, too. Their "colleges" include these internship programs where they don't really do a lot of out of the box thinking or creation of anything lasting. Not every person comes out of those internship programs with knowledge as to how to be an operator/admin of whatever process they own. No, instead these "internships" are listed as employment by some tech firm (included in the cost of the training) and the only thing I can see it is good for is to pad these resumes with employment history; despite the fact said employment was some cakewalk stuff.

So we get these Indian apps that are COLLEGE! SKILLS! EXPERIENCE! HALF THE SALARY! but then later find out that they were told to just shut up, follow instructions, and have lesser value.

This is why some firms are now regretting hardcore overnight Indian staffing or outsourcing their Ops to India.

Arkandel

@Ghost Yeah, my Indian interviews have typically gone very poorly. Not that NA candidates don't lie out of their teeth in their resumes because they do, and it's often because they just dragged widgets on a GUI which was using Jenkins/Ansible behind the scenes... yet that doesn't teach them either.

The issue I've had with Indian candidates is that they tend to be trained to be extremely specialized. My most extreme example is one candidate who seemed to only know what to do with mounting file systems and configuring fstab. That's it. No matter what I'd ask her to troubleshoot her go-to was to check fstab and/or restart the system.

Ghost

@Arkandel Agreed. Very specialized. Very focused on following specific instructions, not very flexible or adaptive. Very "Give me the instructions."

Very nice, very professional, but I'd say about 7/10 need specific instructions for everything. The other 3/10 are fucking amazing, but want $100k+ and Visa support right out the gate.

Macha

@Arkandel At first I read Jenkins/Ansible as Jensen Ackles and wondered wtf that was doing in a tech conversation

Derp

@Macha said in The Work Thread:

@Arkandel At first I read Jenkins/Ansible as Jensen Ackles and wondered wtf that was doing in a tech conversation

I read "conversation" as "convention" as was like "shit, I would go to that to see him be all hot and nerdy."

Auspice

@Derp said in The Work Thread:

@Macha said in The Work Thread:

@Arkandel At first I read Jenkins/Ansible as Jensen Ackles and wondered wtf that was doing in a tech conversation

I read "conversation" as "convention" as was like "shit, I would go to that to see him be all hot and nerdy."

SxSW.
His family's brewery generally gets involved in some fashion and he is usually present.

Alamias

@Macha

JinShei

Did my first module evaluation today of the modules I have taken over and run... Five students said they cannot think of anything I can improve. Apart from putting up powerpoints and doing more assignment work in class, they love my module!

Auspice

Two weeks ago, in a meeting to discuss the training materials:

Me: 'Do we need a section on the downstream reports? If so, I need copies of example reports and details on what you want in the guide.'
Them: 'We won't be including those at all since they're separate from the tool.'

Catching up on emails today, I'm going through one with a bunch of line items on questions re: the materials (have these edits been made, this needs to be added, where is.... etc.).
Final line item:
'Where is the section on the downstream reports?'

Derp

@Auspice said in The Work Thread:

That table has some nice rotation on it.