其實萬頭只係最低工資⋯
34.5 x 10 x 365.25 / 12
= 10,500
做緊 (IT) Security 你問我答到就答。
情人芝士
154 回覆
2 Like
17 Dislike
做緊product support
想問下呢行仲有咩其他工種
想問下呢行仲有咩其他工種
做緊network and support 大約6年,想轉去security 方面發展,請問條路可以點行。
Offensive (red team)
Defensive (blue team)
Policy/control
Role就sales, presales, postsales, soc, analyst
Vendor, var/mssp/si, client, consulting
仲有少量pm, R&D/developer香港應該冇乜
Defensive (blue team)
Policy/control
Role就sales, presales, postsales, soc, analyst
Vendor, var/mssp/si, client, consulting
仲有少量pm, R&D/developer香港應該冇乜
你所講的NETWORK 係指vendor 個邊(e.g. CISCO) 定係GENERAL GE CONCEPT, 我CCNA 就過期, 諗緊考唔考CCNP, 不過CCNP D 野平時好少用 唔知係唔係因為做INHOUSE關係
或者我幫樓主答D。我做過vendor 同 inhouse security管理層, 有請人知市價。
inhouse security officer(local) :
3-5 yr 20k-30k (incl commission)
5-10yr 30k-50k (incl commission)
10yr+? (應該走左)
inhouse security officer(MNC) :
3-5 yr 25k-40k (incl commission)
5-10yr 40k-80k (incl commission)
10yr+ 80k-200k (CISO level)
SI security engineer/consultant :
3-5 yr 20k-30k (incl commission)
5-10yr 30k-50k (incl commission)
10yr+? (應該走左)
Vendor sales engineer/consultant :
3-5 yr 30k-50k (incl commission)
5-10yr 50k-80k (incl commission)
10yr+ 80-150k (lead architect level)
兔兔
inhouse security officer(local) :
3-5 yr 20k-30k (incl commission)
5-10yr 30k-50k (incl commission)
10yr+? (應該走左)
inhouse security officer(MNC) :
3-5 yr 25k-40k (incl commission)
5-10yr 40k-80k (incl commission)
10yr+ 80k-200k (CISO level)
SI security engineer/consultant :
3-5 yr 20k-30k (incl commission)
5-10yr 30k-50k (incl commission)
10yr+? (應該走左)
Vendor sales engineer/consultant :
3-5 yr 30k-50k (incl commission)
5-10yr 50k-80k (incl commission)
10yr+ 80-150k (lead architect level)
兔兔
inhouse commission=bonus.
想問下有咩工種係會計入CISSP要求既相關經驗,例如System Administrator計唔計?
可唔可以簡單講下你平時日常基本routine有d咩?
我聽你講security分咁多role,但我都未理解到工作上分配係點樣
我聽你講security分咁多role,但我都未理解到工作上分配係點樣
有,但再想學埋Information System 嘅嘢先搵外面嘅工作。
咩Product support? Vendor 定SI? Security vendor 嘅Support 如Cisco / Forti / Juniper 呢啲我地請人嘅時候會考慮多啲,因為有價值啲,但如果SI 嘅話,就未必,因為周街都係。
連人工都驚自爆痴撚線
你咪撚開post 啦不如
你咪撚開post 啦不如識唔識寫C
Ching 知唔知咩叫Information system auditing? 同埋實際做野環境係點?
General concept 比Vendor dependent 嘅knowledge 更加重要。
因為識Cisco, 你就會淨係Cisco, 識Checkpoint 你就會淨係識Checkpoint, 當離開咗果隻Vendor 之後就會唔識做人地嘅Product,但General knowledge 就唔一樣,我認知嘅係security, operating system, system kernel, network,你可以話我咩Product 都唔識,但做起上黎其實隻隻都一樣,只係interface 唔同。
我無任何Microsoft, CCNX, JunOS 果啲Cert.
因為識Cisco, 你就會淨係Cisco, 識Checkpoint 你就會淨係識Checkpoint, 當離開咗果隻Vendor 之後就會唔識做人地嘅Product,但General knowledge 就唔一樣,我認知嘅係security, operating system, system kernel, network,你可以話我咩Product 都唔識,但做起上黎其實隻隻都一樣,只係interface 唔同。
我無任何Microsoft, CCNX, JunOS 果啲Cert.
Information Security 係Information System 入面其中一環,都係Security 行業入面,但屬於另一條Stream, 一般可能會叫 Compliance Team 或者Security Risk Management, 例如27001 ISMS, PCIDSS, 27017 Cloud Security 等等
實際做嘢係
1. 上個客度了解佢嘅運作
2. 會喺自己電腦度鬥文件,幫佢寫流程,做風險評估
3. 開會約會開會約會
4. 做Internal audit
實際做嘢係
1. 上個客度了解佢嘅運作
2. 會喺自己電腦度鬥文件,幫佢寫流程,做風險評估
3. 開會約會開會約會
4. 做Internal audit
唔識寫但會叫人寫。不過識會對做Pentest 有幫助,因為夠曬Low level。
係咪無乜SOC NOC係唔洗返shift
利:背景同上面巴打相似
利:背景同上面巴打相似
Thx ching, 而加我係讀緊u有兩個major option比我揀 一個係big data tech. 另一個係is auditing. Ching 你覺得前路邊個好d
is auditing 比較悶
做s.i有無前途?
有,Manager grade
無。
做左4年network,針對GFW寫過vpn GitHub 有自己project, 難唔難轉入security?
其實security 係做啲乜,諗solutions?
我公司試過搵一間consultant 做security Audi,條友乜可以完全唔識web... 差啲開片
其實security 係做啲乜,諗solutions?
我公司試過搵一間consultant 做security Audi,條友乜可以完全唔識web... 差啲開片
我諗你講嘅係Audit, 做Audit 唔識Web 好正常。你期望佢識Web 先唔正常。
Security audit 都有好多種,可以係In-house audit, 可以係ISO Audit, 可以係HKMA, PCIDSS, SFC等等等等,兩個唔同嘅範疇,等同人地可以話你唔識Risk assessment, audit criteria 一樣。
Security audit 都有好多種,可以係In-house audit, 可以係ISO Audit, 可以係HKMA, PCIDSS, SFC等等等等,兩個唔同嘅範疇,等同人地可以話你唔識Risk assessment, audit criteria 一樣。