Expected salary of Security Professional

Xiaosa

Banned
Joined
Aug 5, 2000
Messages
2,099
Reaction score
0
Hi to all,

As mentioned in previous threads, I had recently entered the job market. My dilemna is that I had some recruiters reflect to me that my expected salary is too high. I started off as a IT admin in a foreign bank for a year, followed by doing Intrusion detection and response for 3.5 years.

- Security events correlations
- Incident handling
- Vulnerabilities Assessment
- Payload and TCPDump analysis
- Threat/ Impact analysis
- Trend analysis

My current salary is pretty low between 2000-3000. Its my company's pay structure, boh bian.
From a hiring manager's point of view, what should be the expected salary for a similar candidate with CISSP and/or CISA?

And advices
 

Lokimack

Senior Member
Joined
Mar 2, 2003
Messages
837
Reaction score
0
Let me qualify my comments first, I am neither HR nor an expert in benchmarking salaries for security professionals. I will give my take of what I understand and perceive as an ITSEC manager.

When determining salary, I will ask
1) What are the base qualification and academic achievements?
2) What are the relevant experience and professional achievements?
3) How good is the fit of candidate to job specs? Is there a min 70% fit?
4) What is the candidate's expectation vs job budget range?

A fresh graduate with good academic result and good fit for the job would get between $2.2-$2.4k. Throw in 3+ years of experience and using $2.4k as base, I will extrapolate your pay with conservative 6% growth. That should hit about $2.86k. If you have any promotional increment, that would certainly increase your salary above $3k.

I must caution that a renumeration package IMHO would also include intangible and tangible benefits. Besides "cash" salary, you would have to consider the value of the other benefits and bonus (I tot your current bank employer should give good bonus?!). Also, your new employer may check on your background for your reputation and past performance. Recognization for certifications varies from companies to companies.

Last but not least, how you present yourself and articulate your abilities during the interview would have an effect on how aggressive your future employer be in pursueing you. In conclusion, I would estimate your next range to be $2.8k - $3.5k depending on how you perform against those criteria that I have listed.
 
Last edited:

Xiaosa

Banned
Joined
Aug 5, 2000
Messages
2,099
Reaction score
0
Some explanations. I started off as a freshie in the foreign bank. After a year, I moved on to a security company doing IDR till now (3.5 yrs). I started off with a base salary 2k when I initially joined and currently draw close to 2.5K.

Got my cissp, and waiting for cisa outcome. Got an mba too.

Seems like 3.5k negotiable shld be more reasonable
 
Last edited:

rhul

Senior Member
Joined
Sep 3, 2003
Messages
1,529
Reaction score
0
eh... do u hav an undergrad deg? local, overseas or DL beside yr mba? which uni etc ? for both yr under/postgrad? they all plays a part too. if u ans my ques, mayb i can help u gauge better. academic achievement & academic reference is as important as yr job reference. do take note. certifications, however, i tink in SG is for show nia. who or how many reali value it? as i post bef, to me, they would like or want you to have, thts all.
 

wiz

Senior Member
Joined
Dec 14, 2000
Messages
2,058
Reaction score
0
If you have an impressive CV and the means to prove it with references, academic and certs are not so important. The pay range will depends if you are joining a vendor, big MNC, banks etc. Also are they headhunting you or are you applying for it. I will normally factor additional at least 15% more if headhuntered.
 

Xiaosa

Banned
Joined
Aug 5, 2000
Messages
2,099
Reaction score
0
I do have an undergrad degree in Information Technology. After which I completed my MBA this year.. Curtin for Undergrad. University of Western Aus for Post grad..

rhul said:
eh... do u hav an undergrad deg? local, overseas or DL beside yr mba? which uni etc ? for both yr under/postgrad? they all plays a part too. if u ans my ques, mayb i can help u gauge better. academic achievement & academic reference is as important as yr job reference. do take note. certifications, however, i tink in SG is for show nia. who or how many reali value it? as i post bef, to me, they would like or want you to have, thts all.
 

pompousboy

Senior Member
Joined
Jun 17, 2002
Messages
1,009
Reaction score
0
Yes. it is reasonable. Don't let all these companies snooker you into low pay. $2.5k is too little.
 

Xiaosa

Banned
Joined
Aug 5, 2000
Messages
2,099
Reaction score
0
not looking to really use my mba to find a IT Sec position. Seemed meaning less. Just on my 4.5 years of exp and technical certs + basic degree. and job scope
 

Xiaosa

Banned
Joined
Aug 5, 2000
Messages
2,099
Reaction score
0
2.5k is my current salary, which based on my years of exp + CISSP is pretty low. But that's the pay structure my company uses, so boh bian. After so 3.5 years, time for change.

The method I got my expected salary is use +0.25 - 0.35 percent of current salary. Even I WAS looking at a higher expected before. But I got some advices saying that based on my current drawn, my expected is difficult. So I adjusted a bit.......

pompousboy said:
Yes. it is reasonable. Don't let all these companies snooker you into low pay. $2.5k is too little.
 

wiz

Senior Member
Joined
Dec 14, 2000
Messages
2,058
Reaction score
0
Most HR have a up limit of 25% from the last drawn so the range you are asking for is Ok. But be prepared when they ask you about your MBA. if you are applying for a Engineer job they may hesitate. As you may move as soon as you get a management role.

If this is via a headhunter or agency why not check with them what is the range they are prepared to pay instead of you telling them how much you want?
 

rhul

Senior Member
Joined
Sep 3, 2003
Messages
1,529
Reaction score
0
DL deg could be difficult in Gov sector as oversea study deg already lost out to ntu & nus liao in-terms of ITSec unless u frm prestigeous oversea InfoSec Uni but again, still loose against the local uni juz tht won't loose so much onli. thus i tink, if u go gov, asking $3k or above could be hard. in private, yr askin of $3.2k i tink is ok. for any of them to take u, i don't see a prob, based on yr ITSec exp juz tht u may need sometime to get yrself familiar with other aspect of the security domain thts all.

as fr basing on yr current $2.5k to ask, it can be hard. ask for wat u feel the min u r worth is better. to be conservative abit, the range i advised is a gd range, u can try askin for $3.5 - $4k even. i don't see a prob in this. after-all, they will neg to cut yr pay anyway.
 

Lokimack

Senior Member
Joined
Mar 2, 2003
Messages
837
Reaction score
0
I think before all of get engrossed with monthly salary, pls note that most salary packages are calculated based on annual gross. I mentioned it earlier and Wiz also mentioned about whether it's vendor, MNC, banks etc. Banks payroll, if I am not wrong, tends to pay lesser upfront in monthly but compensate with bigger bonuses. Vendors however are different and they would tend to pay more upfront to prevent poaching by rivals but will compensate with lesser bonus. If any of you come across companies paying huge salaries and bonuses, pls let me know. :)

To illustrate, a bank pays you $2.5k for 12 fixed + 3 variable means that total annual gross is $37.5k.
A vendor pays you $2.8k for 12 fixed and 1 variable means that total annual gross is $36.4k. So, which do you prefer?

In summary, pls consider annual, NOT monthly.
 

rhul

Senior Member
Joined
Sep 3, 2003
Messages
1,529
Reaction score
0
don't dream of bonuses. tht's my advise. mothly salary is still the key to look at. u cannot confirm how much bonus u can get as it depends on alot of factors. u can onli confirm yr mthly salary. thts my 2cts worth.
 

Xiaosa

Banned
Joined
Aug 5, 2000
Messages
2,099
Reaction score
0
What you say is true to some extent. .. But I do think a lot depends on the coy's culture, and the HR policy. My coy pays around 2k for fresh grads, regardless of NUS/NTU/Overseas and DL. We even have a few Msc in IT Sec with similar paywhen starting out..

OTH, I got a few classmates from my DL who are working in Govt sectors, MNCs and foreign owned companies as IT Managers etc, drawing pretty outstanding pay..

I tend to think as the experience the position required increases, less emphasis is made on the requirement of a basic degree.. In the IT industry, I know of people with little higher education e.g. Diploma level with high level of expertise in Solaris, Unix, atms etc drawing 5-6K per month. Of course these people are in their early forties..

In the IT Sec field, a lot speaks on the security mindset, the type of experience and maybe the technical certs (optional) seemed more important as the job is higher on the food chain..

But what rhul said is correct, for a number of companies in SG especially Govt sectors adn GLCs..

rhul said:
DL deg could be difficult in Gov sector as oversea study deg already lost out to ntu & nus liao in-terms of ITSec unless u frm prestigeous oversea InfoSec Uni but again, still loose against the local uni juz tht won't loose so much onli. thus i tink, if u go gov, asking $3k or above could be hard. in private, yr askin of $3.2k i tink is ok. for any of them to take u, i don't see a prob, based on yr ITSec exp juz tht u may need sometime to get yrself familiar with other aspect of the security domain thts all.

as fr basing on yr current $2.5k to ask, it can be hard. ask for wat u feel the min u r worth is better. to be conservative abit, the range i advised is a gd range, u can try askin for $3.5 - $4k even. i don't see a prob in this. after-all, they will neg to cut yr pay anyway.
 

Xiaosa

Banned
Joined
Aug 5, 2000
Messages
2,099
Reaction score
0
I tend to agree with Rhul on the monthly salary issue. Its impossible to guarantee how much bonuses one could get. I have been working for 4 years and never got any bonuses except for the AWS. Plus the coy is doing very well.. :s27:

Bonuses is an incentive, good to have, no also boh bian.. Oth I will like more to consider the total package in terms of benefits e.g. Further studies sponsorship, Technical certification sponsorship, promotions, medical, dental, even specs claims...

Lokimack said:
I think before all of get engrossed with monthly salary, pls note that most salary packages are calculated based on annual gross. I mentioned it earlier and Wiz also mentioned about whether it's vendor, MNC, banks etc. Banks payroll, if I am not wrong, tends to pay lesser upfront in monthly but compensate with bigger bonuses. Vendors however are different and they would tend to pay more upfront to prevent poaching by rivals but will compensate with lesser bonus. If any of you come across companies paying huge salaries and bonuses, pls let me know. :)

To illustrate, a bank pays you $2.5k for 12 fixed + 3 variable means that total annual gross is $37.5k.
A vendor pays you $2.8k for 12 fixed and 1 variable means that total annual gross is $36.4k. So, which do you prefer?

In summary, pls consider annual, NOT monthly.
 

Xiaosa

Banned
Joined
Aug 5, 2000
Messages
2,099
Reaction score
0
Summarising so far , it seemed that some recommend around 3.5k , while rhul said further up is possible. Just FYI, When I quoted around 4K (Negotiable), I did hav recruiters reflecting the Expected salary is too high solely based on my current salary of around 2.5K. I tried the 4K expected salary for around one month and did not get any interview hits..

So I guess its time to adjust the expected. Using my formula of 0.25-0.35 up. I got the range of 3.2-3.5K
My personal perception is that I should expect more based on my exp. But listening to so much advice and the fact that a lot of companies do look at the base current salary. Boh bian have to tone it down.
 

rhul

Senior Member
Joined
Sep 3, 2003
Messages
1,529
Reaction score
0
i think this is a very gd thread, everybody contribute to the topic in one way or another.
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Top