|
If I had to do it all over again? I'd tell my 'good friend' to go screw himself when he asked me to cosign a 500/mo loan for him. I would have stayed broken up with my ex the first time. AND I'd have taken that warehouse job driving a forklift all day for $19/hr. But that's not going to matter much to you, unless you decide to divorce your wife, liquidate your kids' college fund, and quit your job. (Don't do this.) To contribute: I know security dudes that make absolute BANK at financial/healthcare institutions. Granted they're damned good at what they do and love every minute of it, so the potential is definitely there.
|
#
?
May 18, 2010 08:14
|
|
|
|
| # ? May 5, 2024 19:07 |
|
|
shredswithpiks posted:What kind of IT stuff are you thinking about - networking? Server admin? IT helpdesk? Desktop/client services? Application/middleware admin? Probably networking or system administrator. I would not mind working a helpdesk position for a few years if that would help get me some required experience in the field or my foot in the door at a good company. Here is an example of a certificate program http://www.umassonline.net/degrees/Online-Certificate-Data-Telecommunications.cfm Is something like this worth doing/required to get into the industry?
|
|
#
?
May 18, 2010 15:59
|
|
|
damage path posted:Probably networking or system administrator. I would not mind working a helpdesk position for a few years if that would help get me some required experience in the field or my foot in the door at a good company. Not really, if you don't want to do an actual degree, which is by no means necessary to do helpdesk work, look at A+, network+ etc. If you are not stupid you can progress from helpdesk, having problem solving skills, being able to think things through are so much more important than any cert.
|
|
#
?
May 18, 2010 16:03
|
|
|
unixbeard posted:So you either have an organization that pays lipservice to security but rarely comes close to required investment (most corporates), or organizations that spend heaps of money but still get owned all the time (govt/defence, banks etc). It's frustrating if you actually would like to see effective security measures. A lot of security problems are people problems and un-resolvable through technology. I'm pretty realistic about recommendations though and give a breakdown of ideal, next-best, best-value, bare minimum, and no action costs and consequences. Security is the least regimented of the IT subfields though and is about the closest you could get to a meritocracy of sorts in private industry.
|
|
#
?
May 18, 2010 17:44
|
|
|
yeah i just find it boring to be honest, you don't actually do anything, just talk and write some documents for people who deep down would rather be doing something else. And there is an entire cottage industry of showing just how ineffective security measures are when put into real operational environments. The money can be nice but after a few years the novelty of that wears off. It makes me feel a bit like Sisyphus, and don't really derive any satisfaction or fulfillment from it. But that's just me and I've been doing it for a while and if you do anything for too long it ultimately gets boring. It's probably no worse than any other area and there is always demand for good people. I am probably going to get back into development because I still find it interesting and it provides a semblance of technical challenge, beyond mastering Microsoft office. Whinging about jobs itt
|
|
#
?
May 18, 2010 23:55
|
|
|
I kind of fell into development from the hard sciences (I became very ill while a student, had learned some perl and unix on the university's machines, needed to make money and hey, hello there .com boom). If I could do it all over again, I'd probably have switched majors to CS instead of the science I eventually got my degree in. Hasn't held me back in most of my jobs, but there are some things that I look at and think "gosh, if I'd actually had a course in algorithms this might be easier to solve" or similar. Sorta feeling plateaued, honestly. I've been doing development for about ten, eleven years now and have been doing senior-level roles since 2004/2005. Writing code is still enjoyable, but the corporate grind that makes up half my time these days is a little less exciting. Which path to take forward is kind of up in the air to me at the moment. I like what I'm doing well enough that I could see myself doing it more or less happily for another ten years. Maybe I should get a MSCS and shoot for coding gigs in different subfields for variety's sake, or to go to more of an architect level. Maybe I should get an MBA or MEngMgmt and move towards management (I'm a bit more of a people person than the average cubicle dweller, imho).
|
|
#
?
May 19, 2010 00:33
|
|
|
necrobobsledder posted:This is why you get out of security and into business development or operations management consulting, which for these accounts will get you into the $200-$400k range instead of the piddling $150k range of most security consultants for a much more comprehensive consultation on how information security fits into the business's operations. Teach me how to become a $400k consultant.
|
|
#
?
May 19, 2010 13:29
|
|
|
shredswithpiks posted:Teach me how to become a $400k consultant. become an $800k consultant then move to IT
|
|
#
?
May 19, 2010 13:32
|
|
|
Shalinor posted:Wait, is there some catch here? Are they going to ship you off to some odd location, or would you be free to graduate and then just pick a metropolitan area you like (say, Washington), and bingo, job? A guaranteed government job post-grad would be seen as a perk for many, not a downside. No, you aren't forced to work anywhere (unlike the similar yet far worse program called the DOD Information Assurance Scholarship Program). You have to find a job, however, and they will find one for you if you aren't successful in your search. The majority of the jobs are in DC, but really anywhere that has an information security posting also works. The feds like SFS students because they are guaranteed employees and they can direct hire (which they aren't allowed to do with normal people applying). There is very little downside except that many fed agencies pay lower than industry salaries initially. GregNorc posted:Did anyone do SFS? I've been considering it, would love to hear from anyone who did it. (Especially since CERT and MITRE, in addition to being FFRDCs, are both places I'd considered applying to out of undergrad...) PM me.
|
|
#
?
May 19, 2010 15:15
|
|
|
unixbeard posted:become an $800k consultant then move to IT   When I got out of the Marines, I was deadset on getting an MIS degree or computer science degree and working in IT for the rest of my life. However, while trying to find an IT job in Baton Rouge, it seemed like they wanted you to know everything (Novell, Windows NT, Unix, AND Apple networking) but were offering crap wages like $9 or $11 an hour. So I got my industrial engineering degree and I never have to worry about getting new certs or going back to school again if I really don't want to. Thank god I switched.
|
|
#
?
May 19, 2010 19:21
|
|
|
Jagershot posted:
You should look for a Systems position and not a Helpdesk position if you don't want to make $11/hr. The problem with IT is some people think Helpdesk and System Administration are the same roles; specifically, help desk jockeys that maybe login to a server every couple weeks think they are System/Network admins when they are not. I do System Administration, and I never answer Help Desk tickets for user problems; that is for tier 1 help desk staff. If you're doing that then you're probably making bad wages. There is plenty of documentation on salaries of system administrators, specifically publications by SAGE and other groups, and you will be hard pressed to find them making $11/hr. Edit: SAGE Annual Salary Survey from 2005-2006 three fucked around with this message at 20:31 on May 19, 2010 |
|
#
?
May 19, 2010 20:28
|
|
|
three posted:You should look for a Systems position and not a Helpdesk position if you don't want to make $11/hr. A lot of those positions *were* systems positions. It was insane how much they wanted you to know, and how little they wanted to pay people in return. It was just a really crappy market for IT in that area. Now I make well over $50k a year as an engineer, with ridiculous vacation time and benefits.
|
|
#
?
May 19, 2010 23:09
|
|
|
three posted:I do System Administration, and I never answer Help Desk tickets for user problems; that is for tier 1 help desk staff. If you're doing that then you're probably making bad wages. Or your company has a terrible tier 1 staff and instead of fixing employment issues they make sysadmins do all the simple crap those idiots can't seem to figure out.
|
|
#
?
May 20, 2010 00:34
|
|
|
12 years in IT. Went from data processing (high volume printing / mail merging) and defacto administrator at 18 to Small/Medium Business consulting (deploying servers, firewalls, etc). I was MCSE certified around late '99. I made buckets of money during the dotcom-boom at my 3rd IT job. I spent/drank every penny I made and had a pretty rough time finding high paying jobs post-dotcom-crash, post-9/11. I've worked my way back up in the last few years, though. Currently, I love my job. I get to plan every step of a network deployment or upgrade. I get to play with and learn all the latest MS and Sonicwall stuff. If I had it all to go over again, I would have gotten into Cisco instead of MS. The worst part about my job is having to deal with end users. I hate having to sit down at their desk and copy their enormous profiles around and save their itunes libraries, desktop backgrounds, and NK2 files. I hate having to explain to them how the thing I am working on isn't causing some other random problem. There's always an end user connected to he server I'm deploying. If I had started down the Cisco path, I would probably be a network engineer somewhere doing router, switch, and firewall configs exclusively. In my experience, they rarely deal with end users and software problems.
|
|
#
?
May 20, 2010 01:12
|
|
|
shredswithpiks posted:Teach me how to become a $400k consultant. Oh, and because you'd be on 1099, you'd only get like $250k after taxes  I'm nowhere near that level yet, but a lot of colleagues I know are.
|
|
#
?
May 20, 2010 01:33
|
|
|
necrobobsledder posted:You can do higher-level consulting for IT with mostly finance customers, which you get into by holding down a job where you actually get to talk to these people and get on a first-name basis with a few of them. There is only a payoff if you know the right people and have the sort of experience that would appeal to people at the CTO level or so in the Fortune 500. This means forget about getting better at your technical skills if you want to skip the bullshit for paydirt. But I've always thought if I didn't give a drat about much besides money, I wouldn't be in IT whatsoever. I love high-level existentialist IT consulting nonsense. What would be a better career path to get started in this direction? System admin/architecture, or info security? In my company it's obvious that our high level architecture guys make lots of money for doing nothing technical, but I don't know if that's the same everywhere. I'm looking to switch jobs soon...
|
|
#
?
May 20, 2010 02:12
|
|
|
I spent my college years working seasonal jobs at ski resorts and fishing lodges in Utah, so I don't have a degree. Once I returned to the real world, a friend and I started a freight brokerage. All you needed to start was a phone and a fax machine. We did ok for a while, then there was a trucker strike, then the slow season hit. But before that we had bought a computer for the business. When things were slow, we learned how to optimize the autoexec.bat and config.sys to make the games run properly (it was all about memory management). Next thing you know, I've 19 years of IT experience. I've been in management, run my own consulting business, and am just now learning to program. What I love about the work is coming up with solutions. Fixing problems. I know that IT is not the end-all be-all, but being able to streamline things, fix broken things, and help people do their jobs better is what I love doing. If you don't have that opportunity in your job, you're in the wrong place, or have the wrong attitude.
|
|
#
?
May 20, 2010 03:32
|
|
|
LowJack posted:Started at 22, been in the business for 8 years. I love my job in IT, I work as an Operations Technician in the NOC for a small colo/ISP. It's only my first job in IT but it has been great so far. I'm hoping when I get done using this as a leapfrog I don't want to  everyday.
|
|
#
?
May 22, 2010 04:39
|
|
|
If I have to do it all over again.....no non-profits. I'd probably stick with more university-based work instead of branching out to district libraries where their motto is 'fix it now, but make everything exactly the same so we don't have to do anything.' Just curious: what is database management, and does it pay fairly well? I keep hearing that people with degrees focusing on minutia and detail do well with database management, and wanted to explore that option. Any advice would help, as right now I'm just finishing up my Masters and getting a cert in technical writing.
|
|
#
?
May 29, 2010 17:40
|
|
|
I've been approached about a job in Medical Informatics. Does anyone have any thoughts on the field?
|
|
#
?
May 29, 2010 19:24
|
|
|
Anyone done entry level security consulting (eg Nothrop, PwC, etc)? Did you actually get to make sites more _secure_ or just more compliant?
|
|
#
?
May 29, 2010 21:16
|
|
|
GregNorc posted:Anyone done entry level security consulting (eg Nothrop, PwC, etc)? If I was a guessing man I'd guess the latter...
|
|
#
?
May 29, 2010 22:22
|
|
|
Mad Doctor Cthulhu posted:
http://en.wikipedia.org/wiki/Database_administrator ? Certain DBAs (e.g. Oracle) usually get paid pretty well and I've heard it is a good gig.
|
|
#
?
May 29, 2010 22:40
|
|
|
GregNorc posted:Anyone done entry level security consulting (eg Nothrop, PwC, etc)? If you're consulting, you're not actually doing anything. You'll spend a poo poo ton of time in meetings and making suggestions which the company will probably end up ignoring even though they're paying a fortune for the consulting services. You might get to run some network scanners, but I hope you like PowerPoint.
|
|
#
?
May 29, 2010 23:21
|
|
|
skipdogg posted:If you're consulting, you're not actually doing anything. You'll spend a poo poo ton of time in meetings and making suggestions which the company will probably end up ignoring even though they're paying a fortune for the consulting services. You might get to run some network scanners, but I hope you like PowerPoint. Doesn't somebody have to do the actual pentest? Or is everyone just looking to be HIPPA/SOX/whatever compliant? There's NO market for an ACTUAL, thorough pentest?
|
|
#
?
May 29, 2010 23:37
|
|
|
GregNorc posted:Doesn't somebody have to do the actual pentest? Or is everyone just looking to be HIPPA/SOX/whatever compliant? There's NO market for an ACTUAL, thorough pentest? I'm not a consultant, and have no desire to be one, but we had to get audited for ISO something or other. We had a guy from one of the big 4 show up early Monday morning, CISSP an all that jazz. I'm sure he flew in Sunday night. He was older, and looked even older than he was. He setup show in a spare office, made a big show of securing his laptops to the desk with security cables since he was a security guy. Here's what he did. He had 2 laptops. 1 an old MacBook running KisMet scanning for wireless networks, the other ran against our internal network. It was probably Nessus or something like that. That was his 'pentest'. He spent the rest of his time on conference calls and writing up reports. The rest was all done remotely. Also as a consultant you're not going to be fixing anything. You don't usually have access to clients networks. You'll be writing a report and they might do something about it.
|
|
#
?
May 30, 2010 02:46
|
|
|
Luna posted:I've been approached about a job in Medical Informatics. Does anyone have any thoughts on the field? Good choice for long-term job availability. The field is going to have massive growth over the next five years as Medicare incentives and requirements for EMRs go into place. Downsides: -Have to deal with doctors with legendary stubbornness -Have to deal with enormously complicated highly specialized software which will have you jumping through hoops -gently caress-ups can kill people
|
|
#
?
May 30, 2010 08:27
|
|
|
Anyone worked high school IT? There's an opening for a helpdesk position at a local private (rich) all-girls high school near me and I'm wondering if it'll be interesting or if I'll want to kill myself after daddy's little angel makes her computer useless for the 5th time because she was browsing sites littered with malware. I am fairly new to IT, so I don't mind doing helpdesk, but I do want an environment where I can learn a lot while I pick up some more certs. Science fucked around with this message at 17:18 on May 30, 2010 |
|
#
?
May 30, 2010 13:21
|
|
|
Namlemez posted:http://en.wikipedia.org/wiki/Database_administrator ? Certain DBAs (e.g. Oracle) usually get paid pretty well and I've heard it is a good gig. For what it's worth, DBA positions at my company start at 56k/year (although we don't currently have anyone making less than 70k, I believe).
|
|
#
?
May 30, 2010 15:53
|
|
|
Zhentar posted:Good choice for long-term job availability. The field is going to have massive growth over the next five years as Medicare incentives and requirements for EMRs go into place. Also, like any organization who does not derive profit directly from technology, you will always be seen as a cost center. I might be biased, but I'd look into security. It's a field that really lends itself to self study, and has a broad range of jobs... some people go in with nothing but a HS diploma, others do full PhDs on it. However, it is a large field and you're probably not going to learn enough unless you have a passion, but really you shouldn't do something unless you have a passion for it anyways IMHO.
|
|
#
?
May 30, 2010 16:11
|
|
|
GregNorc posted:I might be biased, but I'd look into security. It's a field that really lends itself to self study, and has a broad range of jobs... some people go in with nothing but a HS diploma, others do full PhDs on it. However, it is a large field and you're probably not going to learn enough unless you have a passion, but really you shouldn't do something unless you have a passion for it anyways IMHO. As a counterbalance to this: I've found these security consulting jobs to be fairly rare and ridiculously experience-based. They rely entirely on gigantic corporations like Northrop Grumman throwing money at things they don't understand and I don't know if I could deal with the impostor syndrome caused by making $80k a year doing stuff that I learned in a few weeks of my free time. We had one of NG's chief security guys attend a talk and it became readily apparent that he knew very little beyond how to use some basic tools but was awesome at playing it up and making it seem like he was in control. Just my experience
|
|
#
?
May 31, 2010 15:34
|
|
|
GregNorc posted:Also, like any organization who does not derive profit directly from technology, you will always be seen as a cost center. A lot of bigger organizations are looking at IT as an investment that will save money for them in the long run. They're not afraid to spend some huge bucks on a complete EMR. Those are the huge organizations, though. Small practices (where things are heating up the most because of Medicare and Medicaid requirements) are still pretty skeptical of electronic records. Mostly, doctors seem to hate change. But that said, medical informatics is a super hot field, and will be for the next several years. I've been with an EMR vendor for about 5 years now and am about halfway through an MS in the subject. It's amazing how many quality job opportunities there really are, given the general economic conditions right now. Also, Luna... Where you "approached by" Epic?
|
|
#
?
May 31, 2010 16:58
|
|
|
Mobius posted:Mostly, doctors seem to hate change. I went to a doctors appointment, and when he found out I studied computer science he told me 'hey this software we have to use is a piece of poo poo. If you came up with something better you'd make squids of money, but that tends to involve lots of collaboration with doctors... problem is all we've got available are bureaucrats rather than doctors who actually know what they want...'. He told this to me while he rebooted the PC because it had crashed the moment I entered the room.  I'm currently studying computer science, yet nowhere around seems to want even basic helpdesk support. I'm graduating next year and everywhere wants huge amounts of experience for 'grad' positions. The way all those job ads go it sounds like they want an experienced candidate who they can pay graduate rates. I've tried applying for internships and vacation work, but nowhere seems to want computer science students even for a few weeks. I'm assuming my best bet now is to study up and take the CCNA and/or the MCSE, simply because aside from a stroke of luck/nepotism getting my foot in the door I'm going to have a hard time finding a full time job on my degree alone.
|
|
#
?
May 31, 2010 17:45
|
|
|
Mobius posted:A lot of bigger organizations are looking at IT as an investment that will save money for them in the long run. In my experience most organizations view IT similar to the way they view utilities. Every large company pretty much has an IT department, so it's lost the "competitive advantage that makes us awesome compared to everyone else" image. Now management's all about minimizing the cost of IT support and solutions, however business critical IT might be. GregNorc posted:I might be biased, but I'd look into security. Oh hey, I'm in the process of making a lateral move from sysadmin to security. The best reasoning someone gave me was the idea that Operating Systems (and programming languages, too) are kinda like fads and change every few years and your experience tends to expire if the technology expires. So, if you have years of sysadmining Solaris and the company decides to go all Windows (because some consultant said it was a good idea and management said "yay sounds good") then you could be screwed, depending on how nice management is. But security will always have a role regardless of the underlying technology.
|
|
#
?
May 31, 2010 18:08
|
|
|
shredswithpiks posted:In my experience most organizations view IT similar to the way they view utilities. Every large company pretty much has an IT department, so it's lost the "competitive advantage that makes us awesome compared to everyone else" image. Now management's all about minimizing the cost of IT support and solutions, however business critical IT might be. A growing number of healthcare organizations are approaching electronic medical record systems as an operations project, rather than an IT project. In these cases, they're looking at it as a way to change the way they do business, rather than just an IT project. Those are the ones that are most successful, less likely to skimp on the project, and are where informaticians are most valued. If you're talking traditional IT, helpdesk roles, and similar, then you're probably right. But that's not what I'm talking about here -- these organizations are not so much looking for Windows guys and Unix guys and DBAs, they're looking for people that can bridge the gap between healthcare operations and IT. They need people that can help apply IT to simulatneously improve care and lower costs. That's where the demand for good people is.
|
|
#
?
May 31, 2010 19:12
|
|
|
Holy Diver posted:We had one of NG's chief security guys attend a talk and it became readily apparent that he knew very little beyond how to use some basic tools but was awesome at playing it up and making it seem like he was in control. This is pretty much par for the course. All you really need is to know what the other people don't know and to sound confident. If you know they don't know anything about security, you can say whatever you want that is vaguely realistic, and they will go along. Even if they're still not sure, you're the security pro getting paid thousands, and they don't have the capability to refute in any meaningful way. It's fine if you actually have honest, ethical people (after all they are paying for your specialist expertise) but the security industry has been swamped by people like the above who can talk it up and cover their rear end long enough till they get their cheque. A way to think about the realpolitik of security goes like this: You have an organisation that produces object x, and that organisation as a whole is incentivized around its production. Everybody wants to get it done and out there, and in many cases there are direct financial benefits for doing so on an individual level. If you are the person seen to be holding back that production, even though it may be in the long term best interest of the organisation, you're not going to be winning friends and influencing people. shredswithpiks posted:The best reasoning someone gave me was the idea that Operating Systems (and programming languages, too) are kinda like fads and change every few years and your experience tends to expire if the technology expires Security ranks just below web development in terms of fads. Operating systems and languages last way way longer, there's plenty of companies out there still running mainframes and COBOL apps. I do think security can be a fine career, and people with a good technical understanding who can talk about it on a low and high level can do very well. Technical people often aren't good communicators, which is why people like in the example above (who was a good communicator) can trounce them. If you want to work in a corporate environment you need to build communication skills. I got sent on a bunch of hokey-rear end "soft skill" courses by my company but they turned out to have been invaluable. Do a toastmasters course if you can't swing it through work. Also never be afraid to say "I dont know". When you admit you don't know and get people to explain it to you, its very hard for them to deceive you. How they respond when you say "I don't know" can also be very telling about their character, it can be a good way to suss people out. unixbeard fucked around with this message at 20:06 on May 31, 2010 |
|
#
?
May 31, 2010 19:57
|
|
|
GregNorc posted:Anyone done entry level security consulting (eg Nothrop, PwC, etc)? If you want to work in security and get a chance at a gig like this you should jump all over it. Entry level anything is going to suck, but you can use it to build valuable experience and knowledge, and you get something on your CV with "security" in it, which is very important when you want to take the next step. Once you have a few years experience the job finding process gets way easier.
|
|
#
?
May 31, 2010 20:04
|
|
|
The trend toward domain experts that are also knowledgeable in IT is consistent across everything in business. The amount of experience you need to be reasonably competent at both combined together would imply that you should get paid at least 2x as much as those with equivalent experience to about half. However, I don't think that I'd get paid $200k to be able to bridge healthcare operations and IT when with 6 years in healthcare + 8 years simultaneous in IT systems management to be competent enough to bridge them. Sources? Because I was offered only $85k to do it in some hokey ho-hum area of the country to basically bridge their operations with modern, cutting edge tools that I wrote and specced out. This is where consultants come in - they can fill roles that don't readily exist as FTEs (in theory). Security is the weird area of IT where you have superexperts and superincompetent folks. So certs become more of a necessity there than anywhere else IMO partly because the big dogs want reputable people and will take Sigma Six and CISSP crap above "I wrote half the poo poo that's in Phrack, idiots" because of marketing of these certs, more or less.
|
|
#
?
May 31, 2010 20:06
|
|
|
Mobius posted:Also, Luna... Where you "approached by" Epic? I'm not sure who Epic is but no, my wife works in healthcare and was asked to have me submit my resume for the position. It seems like an opportunity worth looking into. I live in a very rural area some jobs don't become available often.
|
|
#
?
May 31, 2010 22:00
|
|
|
|
| # ? May 5, 2024 19:07 |
|
|
Luna posted:I'm not sure who Epic is but no, my wife works in healthcare and was asked to have me submit my resume for the position. Ah, okay. Epic is an electronic medical record vendor - the one I work for. We do a lot of active recruiting, so when you said you were "approached" for a job in medical informatics, it rang a bell. Do you know much about the position?
|
|
#
?
May 31, 2010 22:23
|
|