Expected salary of Security Professional

[matt1976r]

have you tried sending your resumes to HR companies like Hudsons?

based on your exp + qualification you should be earning > 50K/yr (my current salary)
my job experience is similar to yours. the difference is I do not have any qualification.
on top of my security duties. I'm also a firewall/win2003/sql admin
i have reached a flatline in my salary - due to my lack of qualifications.
CISSP/CISA - local companies do not value this certifications, neither do they know the importance. But they insist on security professionals having it. and they pay peanuts.

IMHO anyone with a CISSP + deg. + 3-4 yrs exp in security field should earn > 4.2/mth.

 

[Xiaosa]

Hi Matt.

I did send resumes to HR Coys. But as per mentioned in this thread. Some agencies just "do not have it la". Giving me some really UNDER jobs. Like 2 years, Not even needing CISA or CISSP. So I just have to "humbly" reject. I guess they are too anxious to fill the position and close the deal. They forgot to do proper job matching. See security exp. Then luan luan pom liao.. Forgive the Hokkien..

Well, the reason for the my current expected is mentioned in this thread. My scope is pretty limited. Not versed in system admin stuff or hw configurations.. I guess that's where I Lose out..

Anyway all I can do now is to continue looking . Nothing much else can be done.. Since I have been slogging the past 2.5 years completing my MBA, CISSP and CISA. Took the time to sleep more . Really have a real lack of sleep due to my studies + shift work. Took the effort to catch up on my gym sessions and leisure readings..

Actually If not for the problems with management, I would not have started looking for a job..

 

[sswb]

Hi Hi,

I think with CISSP and CISA, do try for Auditor's job or Information Security 's job

pay should be around S$ 3.5-4.5Kor more. dont let HR press u down , furthermore you have MBA with you

 

[Xiaosa]

meetup with a seemingly very established global recruiter for a chat regarding a position with a IB. Since when did password reset and basic sys admin become change management and logical access control. The story goes like this. Go a call from a ang moh pai recruiter regarding an IB Job. The job desc he sent me stated logical access control etc. I was a bit dubious of the position and further probed the sort of exp, certification the job required. He stated cissp with 3 security exp. Sounded like a good opp rite.. When I went for the meetup. Turned out to be password management (reset)- logical access control, plus ome sys admin (Change mgmt), with some familiarity with security processes. I had problems keeping straight face. Obviously he was "Fishing" for candidates. (Tua Bao xian). I guess learnt a lesson to be careful nex time. Seemed like regardless of local or ang moh recruiter. Non - professional who just too lazy to take the time to do job matching exists

 

[kitaeshi]

Hi all, currently i am taking a part time dip in engineering informatics..althought it engineering but IT consist of 90%. so i am wondering all those course tat been talking here. I am quite interested in Security professional and want to equip those course b4 i graduate but dont have the knowledge of the industry, so how is the road path to the cert....which one shld i take first.

thxs

 

[Xiaosa]

Just some updates. Even though no offer yet. But from April to current, went for a number of interviews. Companies ranged from govt to mncs.. Got interview better then nothing......... Just gotta persist and not give up

 

[xiaoboy]

Waiver of experience

Just wanted an opinion of the experience waiver i recently read in isc2.org.

Apparently, now to qualify of the CISSP, you need 4 instead of 3 years of relevant security experience which is a pain.
Like someone mentioned before, these recruiters nowadays are getting ridiculous. You're not even going to get an interview if you haven't got a cert .... & to top it off, you're applying for some unrelated underqualified work. Recently, my firm hired a masters + CCIE + CISSP guy from China to do system admin & logical access changes BAU work, not even project work. Tok about spoiling the market ?

Anyways, i read on the website that isc2.org recognizes Approved Credentials for Experience Waiver. It's a fairly limited list & i was surprised that Certified Ethical Hacking (CEH) from ECCouncil is not inside. Instead i see MCSA/MCSE which is kinda weird in terms of security. Looks like M/S bought their way in again.

What is everyone's thoughts on the it ? Do you think CEH should be included ?
Is there any other governing body that conducts CISSP that is not as strict as isc2.org ?
I'm coming up to 3 years of experience & i planned to sit of the exam this yr but somebody had a bright idea & decided to change the requirements.

 

[ghostdog]

CEH is a joke. A certified hacker? lol
You can grab any security in the library or the bookstore, read them, understand them is better that going for what CEH.
endure one more year, then go for the exam. If isc2.org not strict with CISSP requirement, then its value will drop..
good luck

 

[rAcEr]

isnt it true that u can register n pass the exam without satisfying the experience requirements? Just that u will become an associate rather than a true CISSP.

Someone clarify this?

 

[rhul]

yes, is true. Waiver of experience only fr 2yrs if u hav either a 4yr deg or ISec Master + those approved certifications listed in isc2 website.

 

[bakasa2002]

cissp is 4 yrs info sec experience right? confuse with cisa which is 5 yrs?

 

[rhul]

2 yrs info sec exp can liao if u got the papers needed. to be more specific on the exp, ask isc2. exp may not necessary mean info sec alone, it can be others but somehow involve info sec work oso can.

 

[Xiaosa]

depends on how u impress ur prospective employer. Cert may be little impact

 

[Security]

***bump***

 

[Xiaosa]

Wat dort of jobs are u looking at. If audit, will have to look at your experiences. Are you BS 7799 certified. Have you gone a complete round of SOX/ BS 7799.

Or are u looking at operational security/ consultancy. In this case CISA may be irrelevant

I've been wondering on the value of CISA ....

My current salary is close to 4k, with 4.5yr exp and a Master degree. How much increment would be reasonable with CISA? Or is it not worth doing it? People with CISA - do you think the certification helped you in securing a better job with better pay?

 

[Security]

***bump***

 

[ng_kc]

The CISA will assist you in finding job in the area of IT Audit and Technology Compliancy e.g like SOX, ISO 17799, SAS70 etc. However, you need to be in the line to be fully appreciate CISA content! So, some chicken and egg issues here. I would recommend someone to already in the IT Audit line or Compliance doing, and follow up with a CISA to confirm their experience and knowledge.

In term of salary, there is really no baseline to measure. Not only it is up to your experience, it is also up to the budget that the company willing to pay. Based on some interviews that I have been thru (let's not mention the coy name here.. hehe). A Japanese Automobile company looking for SOX Consultant but not willing to pay more than $4.5k for someone with 10yrs experience.. In the other hand, a local bank will pay >$5 for IT auditor with 3-4 yrs auditing experience. Of course, the industry nature dictates the salary and the number of working hours (I am sure) will affect what you going to get.

Just my opinion.

 

[Kevin]

My view is that its better to diversify rather than specialize.
With the current outsourcing trend still prevalent, specialised skillsets are largely considered less strategic. Rather, IT management and governance is the buzz today.

 

[Xiaosa]

Agreed to some extent, import to diversify yr skills to make ur more valuable...

 

[Xiaosa]

tonite gg to throw letter