121 comments

[ 3.3 ms ] story [ 347 ms ] thread
How high are these folks????

Description:

Arganteal seeks an onsite Red Hat Linux System Admin "RHEL SysAdmin" in Las Vegas, Nevada for immediate work starting 9-21-2023. This role will be helping the MGM Grand Casino to build its net new IT environment after the recent ransomware hack.

Candidates must be willing to work everyday until the new IT environment is fully stood up.

We are open to people who will only work a grand total of 7 days!

Higher Pay for those willing to stick it out until the job is done!

Expected Dates of Service 9-21-2023 through 10-15-2023

Hourly Rate: $100.00 per on 1099

Location: Onsite at MGM HQ in Las Vegas (absolutely no remote work)

Visa Status: Must be US Citizen (no Green Cards or H1b visa candidates will be accepted)

Yeah, that's laughable. If they want seriously qualified people to drop everything, go to Vegas and work for over three weeks straight with no days off basically cleaning up someone else's incompetent clusterfuck, the offer's gonna need to be a lot better than that...
Throw in a suite (not a room, a suite) in the hotel, and unlimited room service food, and that might start to be a little attractive. Still a no for me personally, but like, I'd start to tingle a bit. 12-16 hrs a day @ $100 for a few weeks is... a decent chunk to someone without Bay Area comp.
Basically startup work, but you get paid.

I'll do it for $200/hr and a table at hakkasan.

Cheap, fast, high quality - pick two. If I was the hiring manager I would just go with a prominent firm. Would satisfy Wall Street and move the issue to them, and the liability. $1000 an hour, who cares. You took billions in stock losses already.
$100/hr! BWAHAHAHA. I clicked onto the story thinking "I bet they're willing to back up the truck for this!"

Nope; they're willing to pay you an entire black chip every hour (pre-tax). Get bent.

> no Green Cards or H1b visa candidates will be accepted

This (specifically blocking Green Card holders) may also be illegal, absent a bonafide reason (which I can't readily think of, but I'm sure the EEOC will be happy to inquire about).

I would probably do it just so I could say in the future "I'm literally the one guy who brought MGM back online"

If I could... that's a big if though

something to... gamble on ;)

> through 10-15-2023

And then what happens?

All the qualified people they needed before are gone again?

It all gets handed over to the cheapest offshore labor they can source. Back to BAU.

Culture comes from the top. Questionable (but not surprising) culture at the org.

They need to up that by at least 4x lol that's wild. I charged 350 as a casual security contractor and I was working a couple days a week in a low pressure environment.

I wouldn't touch this shitshow for less than $500 an hour personally (plus expenses obviously). Or a really sick perk like free high status room/board for life lol

(comment deleted)

    Hourly Rate: $100.00 per on 1099
    ...
    Higher Pay for those willing to stick it out until the job is done!
    ...
    Working Hours:  Expect to work 10 hours per day 7 days a week
I charged $150/hr in 2006 for basic sysadmin consulting work.

There are PC repair shops that charge more than $100/hr.

Surely this is parody. Surely...

The people who build this all leave on October 15?

What could possibly go wrong with that?

If there was any wonder how they got an infrastructure that was so vulnerable and delicate as to be taken out the first time... well, this might explain it.

What do they think they're going to get this time?

Or is this just for the temporary "restore some ops and run on duct tape and prayer" bit. While the real design is carefully considered, and elegantly implemented by a team of relaxed, properly vetted, well motivated professionals who appreciate the gravity of their work and the challenges of the environment that work is expected to face.

... I know where I'm placing my bets.

This is going to be intense.
It seems the issue was, yet again, Okta. Be very careful with your SSO rollouts, folks.
The more I learn about the cybersecurity industry, the more I feel like it's a house of cards continuously built by monkeys in a hailstorm.
No wonder people move to the other side. It's just too difficult to cash out.
As per a different post, archeologists are only just discovering that tools thought to be made by humans a few thousand years ago were in fact built by monkeys
It's comprised of people who aren't charismatic enough to get on the AI/Crypto grift train, so they have to settle for the security long con.

So you're almost right.

If you feel like management is "variably talented" in software development... oh, ho. Try some IT security orgs.

It's like going back 40 years in time, where a firm handshake and a golf buddy is enough to land you an exec level job.

Which sucks, because the ground-level work is fascinating and technically difficult and filled with amazing folks!

$100/hr to fix this mess? You must be joking.
Looks like intermediary is hiring, not MGM itself.

Raise to $400/h and throw in a good room with service, I'll consider.

Honestly, $1K/h is a rounding error compared to how much they will lose otherwise. It's that instance where the ad should say "money is no object, we want the best, name your price".
Urgent work - willing to only pay $100/hr to protect assets worth a billion.

Is it any surprise that companies crash and burn when they undervalue engineering?

> Visa Status: Must be US Citizen (no Green Cards or H1b visa candidates will be accepted)

Given the recent SpaceX situation[1] about asylees, is this legal? Can MGM claim national security implications more than SpaceX can? And SpaceX even allowed permanent residents.

USCIS says:

> Employers cannot discriminate when hiring, firing, or recruiting because of someone’s citizenship, immigration status or type of employment authorization. U.S. citizens, noncitizen nationals, asylees, refugees, and recent permanent residents are protected from this type of discrimination.

[1] https://www.justice.gov/opa/pr/justice-department-sues-space...

You can’t get a sponsorship done that fast right now I think. The green card thing is just xenophobic
(comment deleted)
They're looking for contractors, there are plenty of H1B folks who are sponsored by agencies that contract them out to various companies. The normal term used in job postings is "no visa sponsorship".
But then MGM would have a contract with those agencies versus having the employees of those agencies apply as contractors to MGM directly, right?
Correct, they'd pay the companies via corp-to-corp.
Contractors are not employees.
All the more reason why this makes no sense, no? It should be as simple as handing the money over to an entity, they get the job done, and you both move on. No healthcare considerations, or sponsoring of visas, or anything else that a standard employer must do to an employee.
Thats correct. The disagreement with my comment shows people read what they wanted into what I said.

Contracting means a different set of rules for hiring and paying. As someone else said they should not have even posted it like this.

(comment deleted)
It is perfectly legal to disallow Visa-requiring individuals. I don't believe it is legal to disallow permanent residents as they have the same employment rights as citizens.

That being said, they could just omit the line and discriminate silently. The law doesn't guarantee you a job either so, unless you can undeniably prove you are the best for the job, they'd probably be safe (legally). This is what African-Americans (most prominently, but other groups as well) with obvious nomenclature have dealt with for years.

Not wanting H1b is fine and legal, because you can’t simply hire them. You need to file paperwork go prove that you can’t find the equivalent from local workforce. GC is weird, if they needed security clearance, but security clearance takes more than 3 weeks.
Non-citizens with work authorization are eligible for certain lower level security clearances, even if they're not permanent residents.
Example?
Some positions only require a public trust background investigation, which is technically not a security clearance but people do call it so. You do need to be a "US person", which non-immigrants with work authorization are.
One example: noncitizens are allowed to join the military, which generally requires minimum secret clearance for just about every job.
Federal law allows discrimination to deal with other laws, agency rules or executive orders. The Nevada gaming commission is allowed to mandate such a rule and MGM is allowed to comply with it. I don't know if that's the source of the rule, but if so it would be legal
I was thinking the same thing. All I could find via a quick google is:

    https://www.leg.state.nv.us/NRS/NRS-463.html
It looks like members of the gaming control board and gaming commission must be citizens. But it seems non-citizens are ok in other situations, e.g.:

    2.  A county shall not deny a gaming license, finding of suitability or approval to a person solely because the person is not a citizen of the United States.
There are also cases where government regulations prohibit hiring non-citizens. Given that they're offering $100/hr when they're losing $8m/day, I expect that MGM would LOVE to hire anyone willing to work for below market rates. If a recruiter contacted me, I'd be telling them to triple the rate and then we can start a conversation. I'm sure their attorneys make $300/hr on the low end.
Genuinely curious: * Why the hard deadline of Oct 15?

* Why only 1x headcount?

* Why would you be putting a complete unknown into such a high profile position?

* This was posted today. How much hiring / background check diligence can you do if the start date is also today?

* What if the person you hired was another hacker? It's not like you've got time to check their references...

This seems like the kind of thing where you hire a crack team of crisis experts, and pay $5000/hr or whatever it is until it's fixed. This doesn't seem like the right time to start hiring the first rando that walks through the front door...

Las Vegas Formula 1 Grand Prix starts Nov 16. I don't know why Oct 15 is the hard deadline, but they absolutely want to be up and running in time for the prix.

No idea on the others. The whole thing looks like it's being managed very poorly. Even the hackers spoke up about how bad MGM was handling the situation and how it was causing the media to reflect poorly on the hackers, lol.

https://x.com/aejleslie/status/1702417787006673076

Good on the hackers for calling out the uh crooks and making sure haveibeenpwned is updated. good for them!
That statement is incredibly interesting. I wonder what the hackers think they attempt to gain by publicly talking about their operations?
Reputation is vital in the extortion world. There has to be some trust that if you pay a ransom, the other party will follow through.
That makes sense. I feel like a federal government policy making it illegal to pay a ransom would go a long way towards making this type of thing less profitable.
(comment deleted)
Also, what happened to the current sysadmins? Did they even have FT sysad?
This is such a bad deal that I can't see how this can turn good.... as others pointed out... you really have to pay the people, at least 250/h and room and then people might show up.

Probably this is indicative of how this problem came to first place...

(comment deleted)
Why is the pay for this so low?
Who knows. Easiest explanation is they're doing the same thing that got them where they are now. Maybe it's some elaborate honey pot scheme.
So they’re not paying the ransom, just standing up all new infrastructure?

Edit: They’re losing ~10 million a day + brand rep. Phew.

I can't comprehend it, even if the data was already public, why not pay to unlock everything? How will they get their DBs back? Brute force? Sunk cost.
"Must hold or be willing to obtain a Red Hat Certified System Administrator (RHCSA) certification."

How long does that take?

100 dollars an hour seems like roughly the perfect amount of money to get spammed by unqualified people but get basically no one qualified... I mean maybe people already in Vegas who aren't working it makes sense? If they were paying flights/hotels/food maybe? But I assume they'd mention it if they were.
Hackers and ransomware folks are accepted predators. You've just got to build assuming they exist. It's a pity, and things were much better for just trying out stuff when it wasn't so sophisticated, but now every open port physical or virtual is a risk factor.

Can't stand these hackers, but what are you gonna do? If the government can track and incarcerate that's great, but they can't do that for everything. Hopefully, we'll get up to a state where only the most sophisticated can operate and then it becomes worth it economically for the US Gov to capture them.

Though one wonders if there is a threshold economic cost where additional security would be so costly over the economy and where the damage is so large that the US Gov would just choose to terminate other state actors. Very sci-fi.

Everyone who can do this job in 2 weeks or less is already happily making $100/hr+ as a full-time job with benefits.

Although it's not surprising how out of touch these folks are.

I hope they get a bad actor hire, who leaves a backdoor for another follow-up ransomware attack.

My guess is the ideal candidate is mid 20s and recently left the armed forces in an IT role so they're used to making peanuts for this kind of thing, and hey, a month in Vegas sounds fun. Plus they have a recent security clearance so you can kinda skip the background check.
that seems cheap/average-ish/below average?

I mean… I guess not. $7,700/week vs a 40 hour week of $4,400?

I was thinking it sounds way below average, especially for someone who just lost $8m/day in a cyber attack. I would expect them to hire quite a bit more than just one.
That doesn't scale linearly unless the employer is exploitative. An employee on a 40-hour contract would receive 150% for all hours above 40/week. So $4k4 for 40 hours would be $9k4 for 70 hours.
> MGM Grand is hiring a RHEL sysadmin contractor for $110 per hour 70 hours a week

A week has 5 or 7 days. This amounts to 14 hours or 10 hours per day.

I thought the normal working time is 8 hours per day ? Or do i miss something ?

The ad says 10 hours a day, 7 days a week. It's a 1099 contracting position so there are no labor laws around maximum hours per week (I'm not sure those exist even for full-time employment positions, anyway).

Also I think I submitted the link to the wrong part of the thread. The original tweet is https://twitter.com/LasVegasLocally/status/17049865964399416...

They do exist for full time positions, assuming the position is less than ~$110k/year and does not pass exempt employee test. But it’s not maximum hours, it is just maximum 40 hours before the payrate has to be 1.5x the hourly rate.

I am wondering how they will avoid classifying this person as an employee when they are dictating work hours.

TBH, Absolutely NO. BIG NO NO. Contract worker mean no 401K, and you need to bare the risk of getting fired, when either you get in trouble (like another attack), or when they finished rebuild their system.
That's chump change for hazardous hours, IMO. They would also be better off splitting it into two 35-hours positions, to improve the bus factor.
Are they just paying standby hours or something? How productive is someone going to be after 10 70 hour weeks?
I did wonder that. But you just know they're going to make you work those hours when crunch time happens.