Sorry my mistake. I should've said the book is geared more towards the CISSP exam. It's kind of naive to think that just by reading one book can pass that kind of exam. -dennis2(Dennis) @爱德华王子岛华人论坛:爱德华王子岛枫下论坛 The Rolia Forum of PEI

工作学习 / IT技术讨论 / IT 的方向 -smilin(drible); 2001-11-25 {3088} (#275061@0)
本文发表在 rolia.net 枫下论坛随着北美经济衰退, .COM泡沫的破灭, IT行业从去年的高温火暴急剧降温冷却, 不利的新闻还在一次次地雪上加霜. 失业的IT人在无奈中东突西撞, 在业的幸运儿大多也是战战兢兢, 似乎丢了加薪升职的砝码. 经济复苏还很渺茫, IT人也很渺茫.
在多伦多, 计算机从去年最好的职业,一变成为今年所谓的最差的, 大批的LAID OFF程序员找不到下家. 计算机学不得,计算机干不得了的说法对新移民是人人皆知了. 下了飞机直奔计算机学校的情景也不复存在了.

IT 业真的不能干了吗?

答:能

打开WORKPOLISH, MONSTER网站, 你会发现那么多职业里IT 技术类的职位数量仍然是绝对的高于任何其他职业需求. 而照去年比不同领域比例却发生了很大变化 JAVA, WEB-DEVELOPER的需求比去年减少60-70%, ARCHITECT/ANALYST 减 30%, UNIX,DATABASE,NETWORK管理减少5-10%, NETWORK SECURITY 需求有所增长(30%左右), MAINFRAM, AS/400没变化. 很多种职位空缺显然长期缺乏人才去填补.
对这些高级职位,我们的IT人为什么填补不上? 大原因有二: 1. 技术不过硬 2. 英语贫乏得不能被接受.

英语是所有新移民的难题, 通常半年到一年乃至更多时间都能够大体解决. 我指的是不至于影响工作的解决, 不是要一个说了20年30年中文的人说出乱真的英语. 尤其是高技术职位上,技术更重要!

关于技术
技术问题解决不了的难点:
1. 高傲自负: 不了解北美行情, 以为自己过去是什么什么角色, 没理由找不到工作. 而实际上掌握的知识和这里流行的技术有差距. 这样的心理导致时间浪费在劳而无功地发简历和没结果的面试上!
2. 定位低,没自信: 以为高技术复杂,学不了! 自己只是初级, 要很长时间才能到那样程度. 其实越高的技术用起来越方便.问题是你有没有机会能学到它. 这个心理使人永远也学不到高级水平,因为学到时,技术又出新的了,结果还是初级.现在的情况是入门级的职位少加之一窝蜂的在争, 高级职位还是不能填补.
3. 急功近利: 速成班结束就想工作,找不到就失去信心了. 去年的JAVA是个例子, 虽不乏成功者,但早已时过境迁了. 有云: 去年靠包装,今年靠实力. 这话一点不错! 其实,真正的实力就是铁饭碗.这点的解决稍后见本文
4. 盲目而没计划: JAVA火学JAVA,CNC,电工火就放弃计算机去学电工,CNC. 笔者断言, CNC和电工不久就过剩了!

解决:
1. 最重要的是自己知道自己现在会什么,自己的兴趣是什么.这要靠你自己了. 自己都不知道自己会什么,我看无药可救了.
2. 在此基础上分析市场,选择方向. 初来和已经来几年的都有好多人没弄清楚市场与方向. 这得靠多研究分析,问明白人. 如果找不到,笔者也愿意代劳帮你分析分析,以效薄力.(见后面联系方法)
3. 方向定了,全力猛攻:此既所谓的速成阶段（IT行业不用速成法不行,没有时间去积累它3年5载经验的. 说白了是句笑话,但5年前的经验到底有什么价值呢? 而且有的技术出来才半年呀). 以笔者看,必要的计算机基础知识加上你选定的一个领域的高技术的学习过程应该在半年以内, 也就是半年时间达到高级阶段,即是SERIOR的水平. 以AIX UNIX为例: 4-5个月的学习考认证和一个月的复习时间足够你应付任何AIX的技术面试了,除非考官有意刁难你. 学班是大多数人的选择, 多伦多的电脑学校很多, 但师资和教学环境常另人失望.家家都有金牌教师,到底谁是真正金牌? 这可难住了寻学校的学生了! 最好事先调查他们的毕业学生,还要调查你参加班的老师,虽然是同一所学校的同一门课, 聘请的老师不同, 教学质量肯定不同. 每闻有学不到真东西的学生的抱怨. 笔者在文章里对此不便公开评价.
4. 美化简历,包装, 加强面试技巧. 这点不用多说了吧!
5. 跟踪你所在领域的新东西, 通常靠INTERNET就够了, 这样就可以一直有能力找工作,直到成功!

EMAIL: solarisca@hotmail.com MSN MESSAGER 也是这个EMAIL, 如果找我可用MSN,比较方便.24小时开.更多精彩文章及讨论，请光临枫下论坛 rolia.net

Really good article, I am learning Network Security now, Call you now -security(Direction); 2001-11-25 (#275088@0)

我在看CET，IPSEC VPN，不知你在学什么？ -avacao(吃草的大老虎白白胖胖); 2001-11-25 (#275100@0)

我在一学校学IDS， PKI ，确实很好， HANDS-ON，建议你也到专业学校去，自己太慢了。 -security(Direction); 2001-11-25 (#275108@0)

介绍几个网站吧，谢谢。 -sillyboy(silly); 2001-11-25 (#275121@0)

www.cisco.com www.iss.net www.entrust.com www.checkpoint.com ... For a complete list, please send me an email -mouse2002(Mouse mouse); 2001-11-25 (#275162@0)
向你推荐一个IT北美创业者会员组， http://www.aimoo.com/soho 你可能在那里交到朋友。也可以加强和海外的联系，掌握最新动态和寻求最甲机会。 -linkfoxo(令狐大侠); 2002-1-18 {133} (#338411@0)
向你推荐一个IT北美创业者会员组， http://www.aimoo.com/soho 你可能在那里交到朋友。也可以加强和海外的联系，掌握最新动态和寻求最甲机会。

呵呵，我觉得学校太慢了，看上去你学得比较专业嘛，我只是带一点，HANDS-ON是什么意思，IDS听上去是CISCO的INTRUDING DETECTION SYSTEM，是吗？ -avacao(吃草的大老虎白白胖胖); 2001-11-25 {87} (#275127@0)
那到是属于CISCO QUALIFIED SPECIALIST-SECURITY的，学校什么价？以后不懂的能不能请教你啊？
我感觉我们是同学，因为目前SECURTY的培训班不多。 -bertha(seed); 2001-11-25 (#275292@0)

哥们儿，能EMAIL 我学校名称，多少费用和老师水平吗？我也想学 -bigmouser(Biggest Mouse); 2001-11-25 (#275329@0)

你在哪里，我的学校是在TORONTO。你感兴趣，我可以发给你。 -bertha(seed); 2001-11-25 (#275345@0)

really? I am here too, please send me an email and answer me questions, thanks -bigmouser(Biggest Mouse); 2001-11-25 (#275352@0)
也告诉我一下学SECURITY的学校,好吗?多谢 -evil(mm); 2001-11-27 (#277743@0)

能发我一份吗？谢谢！ -catfish_little(想飞); 2003-11-28 (#1489325@0)

可以问一声是什么学校吗？ -bertha(seed); 2001-11-25 (#275358@0)
我现在也想去一所好的学校学SECURITY,不知你那所学校如何？可否告知名称和收费情况，如何？多谢！ -evil(mm); 2001-11-27 (#277735@0)

Send me an Email, I will tell you one place -bigmouser(Biggest Mouse); 2001-11-27 (#277778@0)

吃草的大老虎白白胖胖, CISCO is very good, but for IDS and Security, it is nothing. ISS is the best one -security(Direction); 2001-11-25 (#275155@0)

没法子，既然上了贼船也退不回来了，可是我现在看CISCO的SECURITY的书就象看天书一般，有一种腾云驾雾不着地的感觉。有空一定跟你多学学：） -avacao(吃草的大老虎白白胖胖); 2001-11-25 (#275161@0)

我同意SECURITY 观点， CISCO the best is Router, but for security, I think you should go to school, only in this way, can you have a good future -mouse2002(Mouse mouse); 2001-11-25 (#275164@0)

其实我不需要懂很多原理，只要会在CISCO的ROUTER上设置和TROUBLE SHOOTING就可以了，因为我主要还是搞IP ROUTING啊，所以实践相对而言就很重要了 -avacao(吃草的大老虎白白胖胖); 2001-11-25 (#275172@0)

good, another one is studying network security, now I have Cisco MCNS , VPN Clinent and IDS Planning Guide, software copy. And like to share and exchange with your guys. -songl(风); 2001-11-25 (#275223@0)

呵呵，一本MCNS就够我看的，你的好东东可真不少。 -avacao(吃草的大老虎白白胖胖); 2001-11-25 (#275236@0)
嗨，风，你有没有QOS的书？ -avacao(吃草的大老虎白白胖胖); 2001-11-27 (#277202@0)

Please send me an email, I have all stuff about CISCO. -bigmouser(Biggest Mouse); 2001-11-27 (#277273@0)

我认为搞安全，理论没用，最好HANDS-ON 过关，这样才能在重视CANADIAN EXPERIENCE 的CANADA 以技术找到理想工作 -bigmouser(Biggest Mouse); 2001-11-25 (#275251@0)

谢谢你的EMAIL, BIGGEST MOUSE, 不愧为CCIE, 请指点一下多伦多的IT方向, 为何CCIE 不找工作? -mouse2002(Mouse mouse); 2001-11-25 (#275297@0)

Mouse 老弟，不要提CCIE 了，我刚来一个月，一公司给我6。5 万年薪，我嫌少，上周再问职务CLOSED，另一职务IDS 专家，他妈的7。5 万，我先在转安全了。 -bigmouser(Biggest Mouse); 2001-11-25 (#275323@0)
不能否认现在市场疲软，去年我在国内接到美国一家公司OFFER，15万US D，今年到加找了两月，愣没工作，CCIE找不到工作！真他妈倒霉，现在学安全，希望在这里找几个朋友，共同探讨北美形势，求发展！EMAIL 我！ -bigmouser(Biggest Mouse); 2001-11-26 (#276163@0)

很受打击 -avacao(吃草的大老虎白白胖胖); 2001-11-26 (#276173@0)

吃草的大老虎, 你现在干什么？为什么不是吃肉的老虎？ -bigmouser(Biggest Mouse); 2001-11-26 (#276176@0)

肉太贵了，我正打算去考CCIE lab，在磨磨蹭蹭地准备中，因为觉得CCIE找工作机会大一点，然后现在又对CCIP感了些兴趣，所以在看SECURITY的东西，当然主要只是了解一下各种配置而已。 -avacao(吃草的大老虎白白胖胖); 2001-11-26 (#276197@0)

白白胖胖的大老虎，请教个问题。CCIP是什么意思？ -bluebear(懒熊); 2001-11-28 (#278925@0)

cisco刚推出的一张中级证书，包括一门bsci(build scalable cisco internetwork)，有点想503的BSCN，但多了ISIS，一门QoS+multicast，一门任选（从cisco qualified specialist的科目中），其中QoS+multicast现在只是beta测试，没正式推出 -avacao(吃草的大老虎白白胖胖); 2001-11-29 (#280454@0)

多谢指教！顺便问一句，昨天的火锅去吃了吗？ -bluebear(懒熊); 2001-11-29 (#280749@0)

这个那谈得上是指教，昨天我去了呀，你呢？ -avacao(吃草的大老虎白白胖胖); 2001-11-29 (#280774@0)

我没去，知道的太晚了。 -bluebear(懒熊); 2001-11-30 (#281168@0)

大老鼠，可找到你了，我以为你去美国了哪，赶紧帮帮我，我不想做CCIE，找个工作就行了，给我发EMAIL，谢谢你！ -windy2002(大花猫); 2001-11-29 (#280274@0)
我的建议： -turnip(turnip); 2002-1-7 {477} (#326200@0)
我觉得很奇怪，为什么要拿程序员与系统管理员相比呢，根本就是两个不同领域的东西。还有就是，JAVA是程序员，但并不是程序员就是JAVA。如果做JAVA找不到工作，可以想办法转SAP ABAP/4 的Programming 呀。因为这都是在同一个领域(BUSINESS AREA)的东西。如果我是老板，还可以考虑。但如果说你本来是作JAVA的，要来应聘NETWORKING，又没有HANDS-ON的经验，那我根本都不会理你。
随便到JOB SERACH的网站上找一下，SAP programmer 和testing的人机会还是很多的。你能说JAVA和SECURITY就一定是IT的方向吗?太偏颇了吧。

You are not familiar with this area. -laofa(老乏); 2003-11-28 {571} (#1488732@0)
I had been an ABAP developer for 4 years (2 years in North American and 2 years in China). I came here 4 years ago. but 2 years ago I changed my career to SAP system admin. It is very hard for an experience ABAP to find a job now. How about the beginner? I have a friend who has been an ABAPer for 6 years (2 years in China, 4 years in Canada), he got lay off several month ago. he is now looking for job.

Don't wasting time and money for learning ABAP! No new system implementation again. All you need is some support. The ABAPers in the market is more than enough.
你是开电脑学校的吧? -laofa(老乏); 2003-11-28 (#1488768@0)

文章写的相当好，我认为今后IT 的方向确实是一个永恒而热门的主题，我准备去一个学校系统的学习。 -mouse2002(Mouse mouse); 2001-11-25 (#275159@0)

同意Mouse mouse的看法，现在也想去找个学校学习，但还苦于没有目标。有了目标，顺便告诉我一声好吗？谢了！ -bluebear(懒熊); 2001-11-28 (#278921@0)

喂，懒熊，赶紧学吧，你知道我的经历，就学安全，一定能成功！再冬眠，黄花菜都凉了！ -bigmouser(Biggest Mouse); 2001-11-28 (#279332@0)

冬天到了，本打算开始冬眠了。现在该醒醒了。。。你在多论多吗？ -bluebear(懒熊); 2001-11-29 (#279769@0)

是的，你哪？ -bigmouser(Biggest Mouse); 2001-11-29 (#280204@0)

太好了，我也是！可以有机会当面请教了：） EMAIL好吗？ lu8964@263.net -bluebear(懒熊); 2001-11-29 (#280229@0)

my opinion -sameway(sameway); 2001-11-26 {240} (#275384@0)
不是想驳斥你的想法，我同意你说的，4个月学aix足够了，要是我，两个月就行了，问题是你应聘的时候怎么写你的简历，难道要编工作经历去骗人，你这和去年学java骗工作有什么不同吗。我觉得最主要的是目前如何让老外承认你已有的水平。只是一家言，欢迎大家指正

I agreee with you, I dont think AIX,HPunix have the best future, although I am CCIE, I still think Network Security is the best future, CISCO is too tired, this is my own opinion, I hope we can become a friend -bigmouser(Biggest Mouse); 2001-11-26 (#275401@0)
一家之言胜过多家之言。 -simonsun(☆大河之恋); 2001-11-29 (#279878@0)
还是听大老鼠的吧，姜还是老的辣，CCIE 都转安全了，咱们也冲上去吧！ -windy2002(大花猫); 2001-11-29 (#280276@0)

彻底感觉这个帖子没起到什么警世的作用。如果把这么多的回帖中的"Network Security"改成Java, 是不是让人感到仿佛回到了去年？只怕明年的这个时候，一打打的"Network Security"高手又要探讨新的IT方向了。 -clinux(C/Linux); 2001-11-29 {24} (#280601@0)
速成只是治标，不能治本。

速成是不对的，但安全的方向是正确的，全世界就那末几个CCIE 吧，蚂蚁般的程序员，我个人认为这时永远的方向和IT 的方向！北美有几个CCIE+CISSP？？？ -security(Direction); 2001-11-29 (#280632@0)

薪水和难度有关系，和供求关系跟有关系成为CCIE的难度大还是做医生的难度大时间长？ -urfr(urfr); 2001-11-29 (#280635@0)

For time I believe a doctor is more longer, but for difficulities, no one doubt it is CCIE much more difficult than a doctor, 5000 CCIE all over the world, how many doctors in North Amercian? -security(Direction); 2001-11-29 (#280641@0)

If Cisco closed, what were you guys going to do? -iiop(㊣IIOP); 2001-11-29 (#280650@0)

then all of us will go your company, be JAVA again -windy2002(大花猫); 2001-11-29 (#280676@0)

CCIE应用领域只是通信的一部分，可是人人都要生病，所以医生多工资也不是很低。关键是供求关系。 -urfr(urfr); 2001-11-29 (#280669@0)

但是大家学IT 的不能都转医生啊，再说还需要很长时间 -windy2002(大花猫); 2001-11-29 (#280691@0)

可是CCIE的工资比普通医生高！ -urfr(urfr); 2001-11-29 (#280697@0)

为什么拿CCIE的工资和普通医生的比，不拿普通IT人士的工资和主治医师的比？ -clinux(C/Linux); 2001-11-29 (#280748@0)

CCIE学习时间短于医生，工资高于医生 -urfr(urfr); 2001-11-29 (#280755@0)

只怕。。。也短。 -clinux(C/Linux); 2001-11-29 (#280761@0)

前几年美国做VB的工资都比医生高。 -urfr(urfr); 2001-11-29 (#280756@0)

难度是使供求关系平衡的时间变长，但也可能过热，NSDQ都是大公司总体技术实力差吗？股票可以跌80%。 -urfr(urfr); 2001-11-29 (#280678@0)

厉害厉害，恐怕很多人还不知道CISSP为何物呢。 -avacao(吃草的大老虎白白胖胖); 2001-11-29 (#280637@0)
苹果先搞出了图形化的操作系统，而现在是Windows的天下。IT中没有“永远的方向”！更不会因为懂得人少就成了“安全的方向”。并不是要打击某一种观点，只想劝大家不要一窝蜂。 -clinux(C/Linux); 2001-11-29 (#280649@0)
Should be CISSP+CISA+CCIE -69.9k(就差那么一点); 2004-6-23 (#1776878@0)

In my opinion, to be a security expert needs stronger programming background, esp. C/C++ ... -dennis2(Dennis); 2001-11-30 {1807} (#280923@0)
本文发表在 rolia.net 枫下论坛Security problems are the result of software vulnerabilities, and software vulnerabilities are the result of bad programming practice. In Theo's words, vulnerabilities are the result of not knowing exactly the library interface (can't remember the exact words) and improper use of function calls (eg. using strcpy() instead of strncpy() etc.).

Last year around March, Mikeal Olsson from Enternet (a Sweden company that makes firewall product) discovered pasv ftp vulnerability from multiple firewall products. The way he discovered the vulnerability is kind of interesting: he was trying to implement a ftp proxy and then got stuck on passive ftp part - he was having a hard time to do it without vulnerabilities. Then he was curious about how other venders' implementations look like. Then it turned out that other venders didn't get it right either, most notably Checkpoint FW-1 and Cisco PIX. And I believe linux's iptables also had that vulnerability although it was out much later. Granted, FTP is a broken protocol, I just want to stress the importance of good programming background.

Another example would be the discovery of a remote root vulnerability in Gauntlet firewall. Actually the vulnerability was from an add-on product (iirc some kind of content screening) and not from the firewall itself but once exploited, the whole box is rooted. This was discovered when a security consultant was hired to do the security audit for a company.

I think these people can be qualified as security experts.

To get CISSP is not that hard, you just need to get the book "Handbook of Information Security Management" (I have an old e-edition of the book in case anybody wants). And we Chinese people are really good at exams. But even if we get CISSP, do we qualified as a security expert?更多精彩文章及讨论，请光临枫下论坛 rolia.net

You can say that two twice! But for those guys hunting jobs, it\\ -cornfield(玉米地); 2001-11-30 (#281172@0)

Youcan say that twice twice! But for those guys hunting jobs, it\ -cornfield(玉米地); 2001-11-30 (#281174@0)

what happend? -cornfield(玉米地); 2001-11-30 {158} (#281180@0)
I mean you are totally right. So I feel respect to a security expert though myself a programmer and know some network.

But for guys hunting for a job, it\

oh god! let me test. I think problem is one can not use someting like: single quote mark? what is going on? => what\ -cornfield(玉米地); 2001-11-30 (#281185@0)

Test again. I am a Chinese. => I\ -cornfield(玉米地); 2001-11-30 (#281190@0)

test one more time. I\ -cornfield(玉米地); 2001-11-30 (#281221@0)

At some points, I agree with iiop(㊣IIOP); most programmer dont have " a big picture" this is the truth, also, NO ONE can say that CCIE,CISSP is EASY, Not only Chinese, how many people all over the world have it? -bigmouser(Biggest Mouse); 2001-11-30 (#281193@0)

怎么说CCIE都是我现在的奋斗目标，经管现在工资不高，但拿OFFER的速度够快。 -avacao(吃草的大老虎白白胖胖); 2001-11-30 (#281202@0)

吃草的大老虎, you are my friend, I believe you will be a CCIE very soon! -bigmouser(Biggest Mouse); 2001-11-30 (#281222@0)

多谢多谢，以后有不懂的还有多向你请教呢。 -avacao(吃草的大老虎白白胖胖); 2001-11-30 (#281262@0)

I couldn't agree with you more. I'm not saying they are easy, I just say CISSP is not that hard compare to CCIE. -dennis2(Dennis); 2001-11-30 (#281385@0)

Test: I\ -cornfield(玉米地); 2001-11-30 (#281211@0)
我的意思是物以希为贵，市场决定一切。安全专家我是很敬畏的。CCIE也是，但我觉得很多事情不是难度和努力的关系。机会很重要，方向很重要。请管理员把我在这个主题下其他帖子删了。不知道为什么我不能用单引号。 -cornfield(玉米地); 2001-11-30 (#281218@0)
Dennis, CISSP only one book?? then you can imaigine millions people have it like MCSE, the truth is at least you need 200 books and this is CCIE in security field, do u know the total number all over the world?? -security(Direction); 2001-11-30 (#281255@0)

Sorry my mistake. I should've said the book is geared more towards the CISSP exam. It's kind of naive to think that just by reading one book can pass that kind of exam. -dennis2(Dennis); 2001-11-30 {548} (#281359@0)
Quoted from a post to firewall mailing list by Paul D. Robertson:

"I wouldn't take any certification at face value, just as I wouldn't take
any certified candidate at face value. My "CISSPs I've met who have a
clue" measurement is up almost to 50%. I think I've met two MCSEs who
really knew TCP/IP so far. I'm still searching for a clueless CCIE."

There is no doubt that CCIE is the most recognized certification in the industry and CISSP is not far behind it. I have nothing but respect to those who have those certifications.

I can all agree with you,YES, some new comer or somebody who has some basic network experience can go with Security, BUT for programmers should remain here until laid-off and then find another way -redwolf(大灰狼); 2001-11-30 (#281626@0)
I will land Canada next month. Is it so hard for me to find a CISCO job? I have 4 years experence on cisco/security in China -renren(chinaren); 2001-11-30 (#281957@0)
到底什么是security ? -netee(netee); 2001-12-1 {1192} (#282425@0)
本文发表在 rolia.net 枫下论坛先看一下到底有哪些'安全'相关的职位, 我在newsgroup和网上大概看了一下(除去一些带manager关键字的职位,大家也可以去搜一下), 主要有以下一些职位是比较'纯粹'的security position: Security Architect, Software Security Specialist, Network Security Specialist, Systems Audit/Security Officer.

Security Architect: 这种职位的一般职责是设计系统的安全策略,为整个企业的安全工作提供咨询,是相当senior的职位, 当然对技术,语言和交流的要求也会相当的高.
Software Security Specialist: 这些人应该有很强的软件开发和设计的背景, 但是对涉及安全的方面要特别在行.
Network Security Specialist: 这是CCIE们的强项, router/firewall/PKI..., 主要是在网络基础架构上来增强系统的安全性.
Systems Audit/Security Officer: 就是系统管理员了, 要时刻注意企业内部和外部是否有人干了什么值得注意的事情, 还要能够勤快地给系统打补丁.

但是这一类职位确实不多, 因为不像软件开发, 这不是劳动密集地行业, 一个企业有那么几个顶用地系统安全人员就应该够用了.

我觉得真正的安全专家应该和系统管理员还是有所区别的, 普通的系统管理员要对付的是普通的用户, 而专家们则要花更多心思来和黑客们较量, 这对于知识,经验和智商的要求不是一个层次的, 现在系统管理员不是很缺, 缺的是真正能够对付各种潜在敌人的专家, 我个人认为这不是上个什么'培训班'能够学出来的.更多精彩文章及讨论，请光临枫下论坛 rolia.net

Sounds reasonable, BUT no one know everything since his birth, I believe sucess comes with hard and smart working, time can prove everything! So keep going on security!@ -rabbit02(大白兔); 2001-12-2 (#283432@0)

good discuess, ^ -torontovictor(toronto); 2002-1-7 (#325365@0)
奇怪! -turnip(turnip); 2002-1-7 {478} (#326223@0)
我觉得很奇怪，为什么要拿程序员与系统管理员相比呢，根本就是两个不同领域的东西。还有就是，JAVA是程序员，但并不是程序员就是JAVA。如果做JAVA找不到工作，可以想办法转SAP ABAP/4 的Programming 呀。因为这都是在同一个领域(BUSINESS AREA)的东西。如果我是老板，还可以考虑。但如果说你本来是作JAVA的，要来应聘NETWORKING，又没有HANDS-ON的经验，那我根本都不会理你。
随便到JOB SERACH的网站上找一下，SAP programmer 和testing的人机会还是很多的。你能说JAVA和SECURITY就一定是IT的方向吗?太偏颇了吧。

Based on your o[inion, we can find that you really have no "big picture" in your head -smilin(drible); 2002-1-8 (#326471@0)

Excuse me, I can't understand what u mean by "no big picture"? There are a lot of areas you can study from, besides security and Java. -turnip(turnip); 2002-1-8 {442} (#327328@0)
If you are programmer, SAP ABAP/4 , perl, shell or Lotus, AS400 programming is more appropriate for you to adapt.
If you have a good IT support background, you can learn UNIX, Openview,
CA or iplanet server.
I don't think it is easy for a programmer to transfer to security. (You must have a very good background on Networking and system)
I mean, it is just my own opinion, not targeting on a particular person. You are too sensitive.
我想你是希望每个人都认同你的说法吧。我不否认security是IT的一个方向，但未必就是符合每个人的方向。我在国外工作三年， -turnip(turnip); 2002-1-8 {338} (#327411@0)
深刻体会到经验的重要性，还有个人的喜好与性格对工作的影响。一点异见，是希望对现在正考虑从java转行的朋友拓宽思路，更好地适应转换期。还有就是觉得，不管做什么，不应该一味地求热门，就算是大家认为烂菜了的东西，未必就找不到价值。找到自己喜欢又适合的专业能够不断地提高技术层次，也是有成就的。我所知道的一些consultants,做backup软件都能做一辈子的。

Yes, yourt opinion sounds good, however, you cannot deny the hot of security in Market now, can you say Java and programmers still hottest in current market? -smilin(drible); 2002-1-9 (#327957@0)

我的观点:只有转行的人才会直奔"最热门". -longchu(chu); 2002-1-9 {255} (#328136@0)
真正的专业人员首先会结合自己已经掌握的技术和经验, 决定自己的专业方向应该做什么改变. 安全方面基本上都是senior的职位, 如果连一个初级程序员的工作都找不到的人根本不用想.

如果以前干过系统管理员,技术支持或者涉及安全的咨询工作, 可以考虑想"安全"这个方向努力.

Corrrect, fully agree, this article is for new comers and some one who want to change his.her career -smilin(drible); 2002-1-10 (#329339@0)

但是转行也要考虑一下可行性, 我认为从非IT直接转到senior的职位目前没有可能. -longchu(chu); 2002-1-11 (#330259@0)

如果programming又热起来。那你是不是又改回programmer呢?如果永远都是在追求热门的东西，那你岂不是永远找不到定位?何况做IT security又何止一个cisco可做?ISO17799中那一点讲到了CISCO?反而是 -turnip(turnip); 2002-1-9 {292} (#328696@0)
对system development中的security有具体要求:比如说，user authentication specification, cryptographic control and specification, change control design, testing(ethical hacking and penetration testing)等等.我觉得t拓宽领域本来是很对的，但应该考虑从本领域向相关领域拓宽，而不是突然跳到另一个领域。
今天的monster.ca搜索结果：network security有45条记录，java 有123条。是谁把网络安全炒热起来的？ -ffff(ffff); 2002-1-9 (#328886@0)

Hi, my friend, your opinion is funny, yes, Java positions seems double than security, HOWEVER, howmany people in markets now( includes laid off) i think 1000-10000 times than security -smilin(drible); 2002-1-10 (#329342@0)
tell you a truth, one15dollar/Hr for Java, 20,000 Java experts apply! I am a recruiter, do u know what I do with these Java Guru, just throw them in Garbage! all of them have 10 yrs experience! -smilin(drible); 2002-1-10 (#329345@0)

首先网络安全的职位只有SENIOR才胜任，在一点似乎在这里已经基本达成一致意见。但JAVA呢？ -ffff(ffff); 2002-1-11 {273} (#330231@0)
请问JAVA是什么年代的产品，哪个JAVA GURU有十年JAVA经验？如果有十年编程经验的程序员完全可以用C++混饭吃了，有何必REBOOT转到网络安全上呢？如果你是RECRUITER，你应该明白，网络安全是SENIOR的位置，即使是大公司，所提供的职位也是有限的，小公司根本就不用雇这类人，找CONSULTANT就行了。
既然网络安全是SENIOR POSITION, 用JUNIOR JAVA的15DOLLAR/HR来比,未免有混淆视听之嫌。我认识的几个SENIOR JAVA，做EJB、SERVLET、JSP之类的东东，他们年薪没有少于五万的。 -ffff(ffff); 2002-1-11 (#330234@0)
Really ? 有些夸张了吧? -acezl(笨笨张); 2002-1-17 (#337978@0)
10 年java经验，有点夸张吧:))))) -travelworld(小李飞刀); 2003-4-3 (#1121438@0)

from 1993???? if someone said, he had 10 years experience, that means he doesn't have any! -laofa(老乏); 2003-11-28 (#1488758@0)

Network security 是很好一点，但毕竟需求量小。 -nking(Richme); 2003-12-2 {275} (#1495220@0)
一个上万的用户的公司，才两个搞安全的。希望大家在做决定时慎重再慎重。就是CCIE，因为正常情况下，工资较高，很多中小型公司也不敢要。可大公司又大多数都已有了。大家可以去xincon college 了解了解行情，有多少拿到CCIE的人，现在还在找工作。搞清楚后再作决定。否则既浪费时间，又浪费金钱。

Acctually, network security is a routine of network or system administrator. You have to know this if you are network/system admin -rina006(rina); 2003-12-2 (#1495487@0)

你是开电脑学校的吧? 多少钱一个学期? 一个学期几个月?忘了你的贴子提过4-5个月. -mengxiong(小熊); 2002-1-17 (#338168@0)

I love Canada! I have top level job here!!! -smilin(drible); 2002-11-16 (#858672@0)

recruiter is top level job? then I don't want to be top level. -laofa(老乏); 2003-11-28 (#1488760@0)

he works for 电脑学校 as part time. -laofa(老乏); 2003-11-28 (#1488772@0)
turnip 是开电脑学校的. -laofa(老乏); 2003-11-28 (#1488776@0)

Exactly! Well Said! -wfang01(Wayne); 2003-7-17 (#1289904@0)

Comments on your Unix senior level -bridge2k(bridge2k); 2003-12-2 {397} (#1494806@0)
Apperantly you have never been an Unix admin. Yes, you are right that you may get all those paper-skills in 4 month. But you may get screwed in your work.

Unix admin is not a job position only requiring the sysadmin knowledge. It is more involved with various projects, environments and devices, etc.

You won't get Unix admin position with your cert. This is 100% for sure.

Take care.

@PEI

Sorry my mistake. I should've said the book is geared more towards the CISSP exam. It's kind of naive to think that just by reading one book can pass that kind of exam.

Replies, comments and Discussions:

More Topics