[SC-L] Hiring Security Architects

[McGovern, James F (HTSC, IT)]

We have had open job postings for security architects for a long time with zero hits and I would love to understand how other enterprises are hiring practitioners. Would love your thoughts on the following:

*	Are large enterprises sticking with consulting firms to gain expertise in implementing secure coding practices when they can't find full-time salaried individuals? 
*	Any thoughts on the capabilities of large consulting firms such as Accenture, Cognizant, DiamondCluster or TCS in terms of secure coding practices or is this still in the domain of "boutique" firms?
*	Has anyone ran across a job posting from any large Fortune 100 enterprise for a security architect / engineer that was particularly good that I should consider plaigarizing?
*	Maybe the miss is in terms of compensation. What should an enterprise expect to pay in the marketplace for someone truly knowledgable in secure coding practices?
*	If I wanted to get a college graduate and allow them to grow into this position, are their particular universities that have received generous donations of static code analysis software so as to "educate" a younger workforce? If not, what would it take for us to collectively "ask" some of the vendors in this space to do so?


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20070103/4e442e14/attachment.html