March 30, 2010
Dear Mike & Lee,
My question is simple – How do you figure out exactly what you want?
Have you ever had a time when you knew you were hungry and you went to the kitchen and, despite having a well-stocked fridge and cupboards full of food, you couldn’t figure out what you wanted to eat?
Yeah, us too.
This is something that happens to everyone at some point in time… we all run into the “what do I want?” question from time to time.
Unfortunately, telling you how to fix this is often going to be much harder than just helping you fix it. Because you generally can’t think your way out of the “what do I want?” problem. It’s often the case that if you’re standing in the kitchen swinging the refrigerator door, asking yourself “what do I want?” over and over again, that the best solution is to walk out of the kitchen and take your mind off of the problem for a few minutes. Or prime your brain to do the right thing by reading a few recipes or articles on food and cooking.
The same process applies to your career. There are ways to prime yourself to make that next step and know a little bit more about yourself. (Mike actually wrote an entire 130-page e-book about that process)
While we don’t have the time or space to detail all of those exercises here, let’s talk through one quickly (and feel free to ask us if you have questions about the process).
Exercise: Common Elements
Write the following two lists:
- What are five things that I really love to do?
- What are five things that I am really good at?
Now, take those lists and make another list of all the activities that are similar about the things on your list. What are the common themes? For example, if “speaking to an audience” and “writing blog entries” are on your list (as they are on ours), there are numerous commonalities:
- You may enjoy putting out content to an audience.
- You may enjoy expressing your opinions publicly.
- And many, many more…
Once you have thought through all of the commonalities (and, again, if you’re having trouble, send us your questions), you should probably have a list of 10-20 items that are common among the things on your initial two lists.
Now… brainstorm all of the jobs that are in your field that would have many/most/all of those opportunities.
That’s but one exercise of a whole pile that you could do that would help you find what you’re looking for while you’re standing at the refrigerator. Hopefully, it helps spark some new ideas and new thoughts…
Lee & Mike
March 23, 2010
Posted by lee | Filed Under Uncategorized | Comments Off
March 16, 2010
Dear Lee & Mike,
I just came back from RSA with a pile of business cards an inch thick. I know that all of the networking books say that I’m supposed to follow up with everyone I meet. But really? Does anybody really sit down and email all of these people?
What are the ground-rules here?
The short answer: “Yes, really”.
While it can be exhausting and overwhelming, following up on the meetings you have at a conference is one of the most important relationship building steps. And your decision to follow up will set you apart from all of those out there who just go to conferences and let all of the valuable contacts that they make fall on the floor.
This doesn’t mean that the process of following up needs to be arduous. While that pile of business cards may seem daunting, it’s entirely possible to follow up with every one of your new contacts over the course of a couple of hours. You don’t need to write a novel to each of the people you met – a simple “hi, great meeting you” is perfectly effective.
Mike works with one of the masters of follow-up, his partner Dean Pace at MAD Security. Dean’s follow ups are the picture of efficiency and effectiveness – when he finishes a conference (like RSA), he sits down on the return flight and writes a quick note to each of the people he met at the conference. A sample of one of his notes is below:
Subject: Nice meeting you
It was nice meeting you at the RSA show. It is always good to put a face with a name. Let’s keep in touch to see how we may be able to do some business together. Maybe you, Aaron and I could jump on a call one day soon to discuss a plan. Safe Travels!
That’s about as long as Dean goes. He usually personalizes the note to be about whatever he talked with the person about at the show, but it’s never more than a paragraph or two.
And it’s what sets Dean apart as a great networker. Because people remember the small touches and they come to trust Dean over the years.
The answer to the question is simple: sit down with each of your cards and write a quick email. Don’t pass up the opportunity to make really powerful connections with the people you have just met.
Mike & Lee
Posted by mmurray | Filed Under Uncategorized | Comments Off
March 9, 2010
This past year I began working for a company as a consultant. Although I was pursuing full time employment, the company at that time was not able to add full time headcount, so they offered me an hourly position. This was not my first choice, however the money was really good and the they guaranteed me a minimum amount of hours per month. All in all, I was comfortable with the arrangement so I accepted the role.
Well, do to the need for the information security specific work that I was performing (security event management software implementation) my company was asking me to work 40+ hours a week. This has progressed for the past six months – and the money has been fantastic – almost twice the amount I was earning in my last job.
Last week, I was called into the office by my manager and she told me that they wanted to convert me to a full time employee. Although I will receive benefits, the pay will be about 60% of what I was earning as a consultant.
I believe that this is just too little and I feel that I am being taken advantage of and am inclined to reject their offer. Do you have any advice on how to handle this situation? Do you have any thoughts on what fair pay would be if I were to convert?
Dear Unwilling Convert:
It is clear that there are two big concerns that you have regarding this matter: your pride and your wallet.
It appears to me that you have a big problem with the way that your employer (contracting firm) has been treating you. From what you have told me, they seem to do what is best for them, as opposed to what is best for you. Unfortunately, this is the nature of a contracting relationship and is typical business practice for firms that utilize information security professionals who consent to this type of business relationship. The fact of the matter is that they are not an employer in the true sense of the world, they hold the contract or contracts that you are working under.
I liken the relationship that you described to the one that a host shares with a parasite – let me explain:
In this relationship, you are the host, and they are the parasite. As long as you are working on their engagements, they are able to make money off of your work (feed off of you). Once you stop working and performing, they will either cease to exist (lose the contract) or find themselves another host (someone else with your skills). However, as you know, if the parasite kills the host, both parties will die, so they have incentive to retain your services and keep both you (and the customer) happy.
Since you have already determined the nature of the relationship, what you have to find is the necessary balance that you require to continue working and feel good about going to work. In the case of a contracting relationship, the more money you earn, the better that you will feel.
The way to do this would be to figure out a fair salary for you to convert to a full time employee or reducing your contract price to ensure that the relationship still works for your contracting firm (employer). The best guidance that I can give you is that contractors are usually compensated at a rate of anywhere between 1.33X and 1.66X of a full time equivalent. If we took the average which is 1.5X that could be the multiplier.
For example - if you are earning 200K as a contractor - a reasonable salary would be $133,333.00. If you are earning 100K as a contractor the reasonable salary would be $66,667.00.
In your note, you stated that your compensation was over 2X the amount of your last full time salary. If that is the case, I can see why the amount that they are paying you is drawing some attention. You also stated that they offered you about 60% of your contract pay - which would make sense if your plugged the numbers into the equation.
I would try to use the parameters that are described above to determine a fair compensation package – either as an employee or as a contractor – whichever way works best for you. You should try to be fair in these discussions, but now that you are a proven “commodity” you have some additional value and you should exploit this with your employer/contract firm, just as they have attempted to exploit your talents by offering you compensation at the lower end of the scale.
Let us know how this turns out.
Hope this helps,
Lee and Mike
March 2, 2010
I believe that attending information security conferences is an important part of my career development. I see a tremendous value in attending conferences both for myself and for my employer. My problem is that my employer does not believe that attending these events are a valuable use of my time, and he refuses to allocate any additional monies or time for my attendance. I have tried many times to state my case and demonstrate the value of these conferences but these attempts have been quickly dismissed.
The RSA Conference is approaching and I would like to attend. It has been three years since I last attended ( the year before I started my new position) and I would really like to go this year.
Do you have any advice on how I can get there?
“Do You Know The Way To RSA”
Dear “Do You Know The Way”:
I am not sure if this advice is going to be helpful for this year’s event, but maybe it can help you get permission to attend future events.
From the situation that you have presented there are a couple of things that are apparent to me: first your boss is a not a fan of conferences and he believes that they are not a good use of time, the second is that you have not done a very good job of articulating and explaining the return on investment in terms that he can endorse and appreciate.
I would first accept the fact that you are most likely not going to change your boss’ mind about the value of conferences (his opinion on conference attendance was probably formed long before he met you), but you may be able to pick and choose your battles and zero in on a select conference to make your case.
In order to do this, I think that you have to understand that there are two potential costs to your employer: the cost for conference attendance (the conference, travel, meals, etc.) and the cost of you not being available that week ( your salary). The first thing that I would do is to determine exactly what this value is (in dollars). When you come up with that number, your job is to demonstrate to your boss how by allowing you to attend, they will be able to recoup that investment. You are going to have to be creative in your approach but I would focus on three areas: knowledge acquisition and transfer, cost/time savings, and retention.
Here are a few ideas on how to articulate this:
Knowledge - you should first demonstrate to your boss the specific knowledge that you are hoping to learn at the conference and illustrate to him how what you learn will enable you address issues that your internal security team is facing. In addition, you can also outline how you will share this information with your other team members as a regular work activity. This can take the form of a “lunch and learn” session where you lead discussions with your information security co-workers. By sharing this information with others, you can make the argument that the cost should actually be divided by the number of all team members. Also, when you lead these sessions, you will be developing your business communication and presentation skills.
Cost Savings – You have to think of how your attendance will save your manager money and time. One of the things you can do is use the time to meet with vendors and to provide a report upon your return of any products that you may be evaluating for corporate use. This will need to be detailed so that your manager will be able to utilize the information to make better purchasing decisions. If you think about how much time it would take your boss to attend all of these meetings, it may be easy to justify.
Employee Retention: This may be your most valuable weapon, however it can also be the most deadly. I think that if you tell your boss that you consider attending conferences as part of your professional development and an element of job satisfaction. You can also inform your boss that your peers at other companies are allowed to attend one conference a year, and you are hoping for the same benefit. In bringing up your peers and policies of their employers, you may want to be careful and tactful in your approach, because your boss may believe that this is an attempt at conference by extortion, However, if you do this in a respectful manner, your boss may look at this as a cost effective way to retain your service and keep you happy in your role.
Although these are many ways that could be helpful to you to gain approval, my best piece of advice would be to fund your conference attendance out of your own pocket and take the necessary vacation if you really want to attend. Since we can no longer count on our employers to fund our career development, we have to take the matter into our own hands. Ultimately you will benefit. It is also great to not have any strings attached to an aspect of your professional development.
In closing, it is quite possible that if you demonstrate to your boss that you are willing to fund this effort yourself and use your personal vacation time, your conviction will serve as an illustration of the importance of conference attendance. After they witness your resolve, maybe they will surprise you and reimburse you somewhat for your efforts.
Hope to see you at RSA in 2011!
Mike and Lee