Career Advice Tuesday – Special Addition – Live At Black Hat – Your Questions Are Welcomed

July 26, 2010

On Thursday, July 29th, at The Black Hat Briefings, we are presenting a live version of “Career Advice Tuesday” at the conference.  The session, “Things You Wanted To Know, But Were Afraid to Ask, About Managing Your Information Security Career”, will enable any attendee to have their career questions answered directly.  It is a part of the Special Events Track, in Forum 25, from 1:45 – 3:00PM.

During the session, we will address any career related topic.  It will be completely up to the audience – there are not any boundaries.

Topics covered will include the following:

Career Planning
Career Investment Strategies
Position Selection
Networking and Personal Branding
Interview Tips and Techniques
Compensation Negotiation
Employee/Employer Relations

We realize that many of our readers are attending the conference, but may elect to attend a different session or may want to ask their question anonymously.  If this is the case, we welcome you to submit your question to the website, and include in your question that you will be in attendance at Black Hat.  We will do our best to have your questions answered during the session.  All questions that are asked, during the presentation or via the website, will be transcribed and featured in future Career Advice Tuesday’s.

We will return next week with an enhanced version of our regular Career Advice Tuesday segment.

Posted by lee | Filed Under Advice, Career Advice Tuesday, Uncategorized | Comments Off 

Money Money Money

July 22, 2010

As many of you know, Lee and I spent a bunch of time earlier this year doing a survey on compensation in information security.  We had a few hundred responses to the survey, and the data is quite cool.

The survey results are up and available here.  Simply input your email address and they’ll be sent to you shortly.

The results have the answers to some fascinating questions:

  • How many of us think we’re worth more than the average IT professional just because we’re in security?
  • How many of us think money is the most important thing?
  • Is there a benefit that you value almost as much as saving your job?
  • How much money would it likely take to divert you from your career path?
  • Is the economy affecting our salaries and bonuses?

The results are definitely an interesting read.

Posted by mmurray | Filed Under Compensation, Security Industry | Comments Off 

Career Advice Tueday – “Ideal Graduate Course”

July 20, 2010

Dear Infosecleaders:

If you could only have one information security course as part of a graduate program for IT managers, what, in your opinion, should it contain?


Professor Plum

Dear Professor Plum:

We are not sure if you can select only one class, but if we had to choose one information security course  for IT managers  - it would be titled, “Enabling Business with Information Security.” 

The lesson plans for the course would contain the following:

1) Reasons for Business to Reject Security – this would include examples of how information security negatively hinders productivity in a corporate environment

2) Business Security Requirements - these lectures would demonstrate the necessity of security – regulatory aspects, secure business transactions, breach prevention

3) How Information Security Can Make You Money – these lectures will demonstrate using real life cases of how contracts have been won, brands have been built, and trust is developed by building security into business processes – these lectures will show both the winning and losing perspective – and the effects on stock prices

4) Building a Win-Win Relationship with Your Security Leader- these lectures will focus on communication and developing mutually beneficial relationships between yourself, security, and the business – these lectures will explore all parties perspectives- and demonstrate how everyone can accomplish their goals – by cooperation as opposed to conflict

5) Spreading the Word- These last sessions will demonstrate how you can utilize both internal and external marketing messages to create internal awareness, build external trust, and brand your company as a “secure business environment” -  guest speakers will come in to talk about dealing with the media, investor relations, and the creation of internal security awareness campaigns.

We figure that each of these topics can go for 2 -3 weeks – and this should leave plenty of time for mid terms – and finals!

Hope this helps!

Lee and Mike

Posted by lee | Filed Under Uncategorized | Comments Off 

Career Advice Tuesday – “Advice on Negotiating Compensation”

July 13, 2010

Dear Infosecleaders:

I’m an avid follower of your blog, and have enjoyed the security career planning sessions you have presented at the last few DEFCONs.  I thought this question, and your thoughts on the topic, may be of interest to the broader community, especially given the amount of job movement I see going on in the security field today.

I’m progressing through the interview process and hope to soon have an offer in hand.  I’d really like to work for this company, assuming the compensation is right.  From a negotiating perspective, I feel like I am in a position of strength for a couple reasons. One is that I’m relatively comfortable where I am – good job with good compensation, challenges, career advancement, etc.  I don’t have to go anywhere if the parameters aren’t favorable.  In addition, my combination of skills is in demand, and is particularly needed by this company at this time.

What advice would you offer someone about to enter the compensation negotiation phase of the job search?  How can I maximize my financial compensation without straining the relationship with my potential future boss?  From your perspectives, what works, and what should be avoided?

The Negotiator

Dear “Negotiator”:

Thanks for the question and we are glad that you enjoy the blog.  Before I address your questions on how to handle your negotiation, I would like to begin by asking you to think about your personal motivations, by asking yourself the following questions:

1) Independent of money, what will you gain from this position that you do not have in your current role?

2)If the jobs paid the same and you had no history at your current employer which position would you rather have?  Why?

3) Does this new company want your skills, or do they want you?

Now for the advice -

The first thing that I would do in this situation is to communicate to my new hiring manager that you do want role and to be clear that if the compensation is acceptable that you will accept the position.  What this will do is to confirm your interest, and let the hiring manager know that if they are able to meet your requests they will be able to bring you on board.  This will provide them with the necessary information to make a business decision regarding the value of your skill.

The next thing that I would do is to determine what salary amount you would require to change positions.  In determining this amount, I would use logic in selecting this number.  The first data point that I would utilize is my current compensation – which should serve as a starting point.  I would then try to speak with some of my peers, with similar positions/experiences at similar types of companies (in similar locations), to better understand the market value for my skills.  Then I would try to figure out what kind of premium I would expect to leave my “comfortable, challenging, progressive, and fairly compensated” current role.

As soon as I determined that number, I would set up either a phone conversation or an in person meeting with my suitor and provide them with both the salary that you require and your logic behind arriving at your number.  By providing the logic behind your thought process, it will give insight into your framework for making decisions.  It should also demonstrate your judgment, reasoning ability, and appreciation for fairness.  This should provide reinforcement to your future employer that they are making a good decision by attempting to hire you into their company.

When having this discussion you should avoid saying things that make it appear that you are playing hard to get.  For example you should not say things like, “ I was not really looking”, or “You called me, I did not call you”, or “I am perfectly happy where I am at” – saying any of these things can make it look like you are not interested in the position and only interested in the money.  It can also make it appear to your potential employer that you are not sincere about your intentions – and are on a fishing expedition.

When you provide your employer with the number, and if they come back with offer terms that meet your demands, your should accept the position immediately, without any hesitation.  This will demonstrate that your word is good – and that you are honorable.   I would definitely avoid making any last minute requests once agreement has been reached.  In my experience, this is a sure fire way to sour the relationship between you and your new manager.

In closing, I think that if you are at the stage of negotiating compensation, you should be at point where you have arrived at the decision that you want the new position.  If you are in doubt, the best advice that I could give to you would be to thank the potential new employer for their interest, and ask them if you could keep the door open for the future.

If they resist, it is more likely that they are only interested in your skill.  If they consent, it is more than likely that they are interested in you!

Hope this helps,

Lee and Mike

Posted by lee | Filed Under Advice, Career Advice Tuesday | Comments Off 

Career Advice Tuesday – “Referral Bonus Etiquette”

July 6, 2010

Dear Infosecleaders:

I am not sure if this falls into the advice category, but I am hoping that you may provide me with some guidance.  Here is the situation:

I was recently recruited to a new position by a former manager.  He just landed an information security director role with a new company, and part of his position was to build a team.  We had worked together before, and it was a good professional experience.  I went through an abbreviated interview process, and was offered the position.   When the offer came, I was a little underwhelmed.  Considering that I was a known commodity, and I was hand-picked by my manager.

I called my manager to discuss my options and concern.  He told me that he would check and see what he could do.  In the end, he was not able to make any adjustments based upon their internal compensation scale.  I asked for salary, sign-on bonus, stock, vacation days – and every request was met by a dead end.   In the end, I decided to accept the position knowing that the job was good, and I had grown in the environment that my manager had created.  I was comfortable with my decision and I made peace with my disappointment surrounding the compensation.

When I began work, I sat through the HR presentation in orientation and I learned that the company had a policy to pay referral bonuses for incoming employees.  The bonus associated with employees at my compensation level was about 5K.  I was also told that managers are eligible for this bonus.

After learning this I was upset.  It was confusing to learn that my manager had profited from my hiring, especially when he knew that I was unhappy with my compensation.  Given the fact that he earned 5K for bringing me on board, I thought that at most, he could have asked HR to transfer this recruitment bonus to a sign-on bonus, or at least offer to split the amount in half (2.5K  each) considering that he would ultimately benefit from my work product.

Can you provide me with some advice.


Feeling Cheated

Dear Feeling Cheated:

I believe that your feelings are quite valid and I think that you have every right to be upset, considering that you sacrificed and your manager profited.

Although your feelings are correct, let me share some things about standard professional etiquette in these types of situations:

1) Managers should not received recruiting bonuses for building their teams.

By definition, team building is a component of being a manager.  This includes all aspects of team building – recruitment, training, development, retention, and succession planning.  Even if it is offered, for your manager to accept these monies is poor judgment on his behalf.  This type of decision does not reflect management level thinking or actions.

As it relates to your situation, I think that this lack of judgment is magnified.  Considering that you attempted to negotiate a better compensation package, your manager should have recognized that your hiring may have been in jeopardy.  A savvy manager would have worked with HR to secure an additional 5K in sign on money – even if it meant surrendering it from his own personal compensation.

2) The handling of referral bonuses.

My belief is that in any professional relationship that requires equal participation by two parties, that the consideration should be equal to both parties.  This particularly holds true in a scenario where a “Referral Bonus” is offered.   I think that if a referral bonus is offered by a company, and you reach out to a professional friend to “refer” them to the position, then you should be willing to split the financial reward with your professional friend.

One thing that people may consider when they do this the amount of the reward and the depth of their friendship with the other party.   For example, if the relationship is important to you, and the role does not work out, then it is possible that your friendship could be damaged and potentially destroyed.    If someone takes a position because of you, you may feel a certain amount of obligation and responsibility, if you profit from the event.  You have to determine if the risk is worth the reward.

If you are offered a referral bonus, you may want to have a conversation with the person that you are referring and set up some guidelines for the relationship.  This way, both parties can fully understand the boundaries of the relationship and be comfortable with their individual obligations and risk.

I believe that if your manager had had this conversation with you, you would not be experiencing the same feelings that you have right now.   If the relationship that you had with your manager is good enough to accept a job based on his suggestion, then  I think that you should confront him with how you feel, and see if he can provide you with some resolution.

Generally, referral bonuses are tied to a minimum duration of employment.  If you leave within 90 days, chances are he would have to return the referral bonus.  Since we have already determined that he is motivated by money, now all you have to do is negotiate the price.

Let us know how this works out for you.

MIke and Lee

Posted by lee | Filed Under Advice, Career Advice Tuesday, Compensation | Comments Off