Showing results for 
Search instead for 
Did you mean: 

Finding valid Information Security gigs


I have been on here for about six months now and to be honest I am getting a little frustrated. I have had one legit gig and a couple of scam gigs where the client never funds and then goes into ghost mode. 

I am based in the US with the proper credentials for Infosec work (masters degree, CISSP, etc.)  and decades of experience.

First, the CISSP is not listed as a valid certificate, so I have it in my info. This needs to be added because anyone who is serious about infosec has this in addition to other credentials.

For every properly classified infosec listing, there has to be at least 10 listings that are not infosec related, and in many cases the gig is either unethical, or illegal.  It is normal to see listings like "Please write a paper on [insert infosec topic here."

Now for the gigs that are legit and listed US only the budget is usually unrealistic. Maybe I am doing things wrong, but there is no way that I am going to tackle something like a ISO27001 documentation project for $100 or $25 an hour.  Even in limited scope this is a $5,000+ project that will take weeks to accomplish. I will see bids that are literally $500 or even as low as $100. This is insane and tells me that something is wrong here.

Ideas?  How does an experienced and established infosec consultant make themselves be able to get noticed when I see people putting in proposals for well under market?

Ace Contributor

Hello David

You have a interesting point there

first, this is the Internet so it is obvious there are a lot of super crappy clients out there

Second, normally if the work has been delivered you should get paid, I dont really see how you got scammed. are you sure you are using the interface properlly? your work is pre paid so if you delivered youll get paid. If not you missusing the interface 

Why are you putting US only? you have 7m7 billions of people in the world and want to work only with a little 327M portion? Did you knew that they are several countries much richer than the US paying higher rates? Well maybe your problem is starting there in the "US only"

I suggest you just keep your offers high if you consider thats the price

In my speciality there are a lot of guys from Inda and bangladesh doing 5 to 20 usd/hrs rates, and they find work, but clearly there are also other people of other countries willing to pay more for a great result

It took me 2 years to really understand how this works




Arturo C wrote:

In my speciality there are a lot of guys from Inda and bangladesh doing 5 to 20 usd/hrs rates, and they find work, but clearly there are also other people of other countries willing to pay more for a great result.

I'm sorry but I really feel the need to intervene whenever I see remarks like, "guys from India and Bangladesh doing 5 to 20 usd/hrs rates". There are lots of desperate and/or clueless freelancers from EVERY corner of the globe - including America - who are perfectly willing to work for extremely low rates, and there are plenty of American clients who could afford to pay reasonable rates but prefer to exploit people instead. So could we please stop pretending that if Upwork just got rid of all the pesky foreigners, the streets would be paved with gold.

Well said Christine! We share an UW pet peeve - assuming that people from other countries are inferior and therefore less deserving. Top talent exists across the globe as does desperados, both freelancers and clients. There are loads of foreign freelancers asking top rates, delivering quality and being paid what they deserve. 

Ace Contributor

Most clients are looking for the lowest rates. I think that is a very big problem and then**Edited for Community Guidelines** are willing to deliver so there you have it...

I have no problem with foreign gigs or workers. There are lots of types of gigs where the lower bids are appropriate.  

The problem I have is the people who post lowball bids and then the clients who are floating the lowball requests out there.

This is no different than the classic job board post. "We need someone who has 40 year experience in IT, with a masters degree, a dozen different certifications, is a developers, a systems admin, network engineer, and has C-Level management experience. No telecommute and must work in Downtown San Francisco  - $80,000/year."  

Where I see a potential market for my skillset is people needed regulatory compliance like NIST/ISO27001/HIPPA etc. These rules and regulations are now being forced on the small IT shops and they can not easily source the infosec skillset to do this. On the clients who are realistic about this, I have had great success.   

However, I am seeing companies post for a something like "Help us become IS27001 compliant" and I submit a very reasonable bid, and the company will come back and tell me that my price is insane because they got 10+ people who bid $20 an hour to do the same work.   


The scam gigs I have had were ones where the client changed scope after the project initiated, and/or they accept the proposal and the go into ghost mode.

I consider them scams and fraudulent since I lost money (bids, not much but there is a cost) and time ( worth much more than the money) on this.

Now the majority of infosec gigs out there are either unrealistic, or unethical/illegal.

A common gig you will find is "I need a paper written on a this infosec topic." This is obviously a student wanting to pay someone to their homework. Anyone who would take this gig would be commiting an ethics violation of their CISSP and risking their membership in ISC2. 

Another common gig request is "I need someone to recover a password or account info from this site on the internet."  This is asking someone to commit a crime. Thus the request by itself is illegal.

Upwork needs a way to vet these things.

Why do I look at US only?  First, most US infosec work has to be done by US citizens. Next much of the infosec world is based on legal standards which are individual to each country. 

Much of the world does not practice information security and to be quite honest it is against the culture of the region ( collectivist culture vs individualist culture.) As a result infosec is not considered to be important and the rates reflect that. 

Next, as you put it, there are gigs in India that pay $10-$20 an hour. In india that may be great money, but in the US after taxes that is a little over $12 after taxes and to be quite honest, I can make more money delivering pizzas and driving uber than that. 

A typical infosec bill rate is the same as a typical attorney starting around $150 an hour and up from there. 

On the compensation part, information security is a middle to senior level profession, a W2 infosec professional in the US makes $50-$75 an hour.  Thus a 1099 based professional should be making at least $100 or more.  If you are billing less than that you are not considered to be qualified or serious. 

So when I see someone want to pay $500 for a gig that is going to require 20+ hours of work, it is not worth even bidding because it is not worth the legal risk that I opening myself up to.  

Upwork needs to work on improving the quality of clients, or they are going to find that the quality of the consultants who stick around is going to decline.

Upwork has too many freelancers and not enough clients, so they're not going to provide any obstacles that will result in even fewer clients. 


I don't know anything about your industry, but there ARE other websites where they carefully vet both the clients and the freelancers; they're also expensive, difficult to join, and don't have that many projects. But you never know, they might work for you. 



I am having the same problem. I re-joined Upwork to give it another go after my last contract job ended. I have applied for several jobs. The legit ones don't reply to my proposal, and I have gotten three scam offers in the last two weeks! The scam jobs request that I join Google hangouts or some other chat bot outside of Upwork. This last proposal I did not attach my resume -- on purpose -- to see what the recipient would do. They just asked me to join a chat on Google hangouts, no questions asked, no comments on my qualifications, and I start working right away! 


Maybe I should lower my expectations. When I ask for $30 an hour, I get these scams. If I am willing to work for peanuts, I'll probably get a legit job. This site seems to be all about getting workers on the cheap. No wonder there are so many scams here.


I have done work for government agencies and hosptials, editing and proofreading documents and doing 508 remediation, and working in databases. I am looking for similar work (typing, proofreading, data entry), and have found none so far. I really wanted to work from home, but I don't think that will happen.

 In my experience I needed 2 years and a few hundreds of proposals before I really understood how this worked and how to become a top rated freelancer.


It's not just as easy as getting in and kiss the saints.