Salary question

Hello Everyone,

I am in my first role in IT Security working as a Cyber Systems Analyst. My main functions are DFARS Assessments, do care and feeding of the UTM including reviewing the log files, and support for our application.

I have my MBA, CCNA R&S, ITIL v3, and Security+. I have been in IT for several years now.

When I was hired I was low balled and paid about 25% below market and I was told that I would get a review in six months. I got my review after thirteen months and I got a 5% raise. My company is less than ten people with lousy medical benefits and a crappy payroll service that makes a mistake at least once a month.

I love what I'm doing and having the freedom to study for certifications and learn new things. The salary is far too low and I need to be getting at least what the market is for someone with only one year of IT Security. I'm needing to have a part time job and my wife's income to pay our bills.

I am looking for advice on how much longer I should stay and what to tell interviewers as to why I'm looking after making a jump after less than a year and a half.

Thank you in advance.

Find more posts tagged with

Comments

scaredoftests

Just say you are looking into new opportunities and you are looking for the salary you deserve.

Jon_Cisco

As long as you can demonstrate that you have increased your knowledge I don't think you will have any problems justifying your move. I personally think the only time job hoping looks bad is when you make all lateral moves and don't show any progression. Good Luck!

NavyMooseCCNA

Jon_Cisco said:

As long as you can demonstrate that you have increased your knowledge I don't think you will have any problems justifying your move. I personally think the only time job hoping looks bad is when you make all lateral moves and don't show any progression. Good Luck!

I’m not entirely sure career progression is for what I do. I’m not sure I’m cut out for management. I’m happier as a worker bee and don’t want people reporting to me.

I want to do vulnerability assessments related to compliance. I have knowledge of NIST.SP.800-171 and have done assessments for compliance with this standard.

Jon_Cisco

In that case I would say go ahead and look for jobs now. Just make sure you place a lot of focus on pay so you don' t need to switch again quickly.

There is nothing wrong with being a worker bee. Every company needs productive employees to make the managers look good.

Everyone is different but I would not hire anyone that changed jobs every two years unless they could show me they were for promotions of some type. Otherwise I just assume I'll be hiring again soon. If they show me they progressed in each job change I will assume they will excel for me also and I might give them a chance. If they keep making lateral moves I will assume they don't fit in easily and I will likely pass.

NavyMooseCCNA

I honestly don’t understand career progression and the different levels below management. I have Asperger's, which is like an anchor around my neck.

paul78

It sounds like you are looking for higher level of compensation. There's really no magic answer to that other if you don't think that you can get that where you are, you need to consider looking for a new employer.

Depending on what you current employer is doing as a business - a lower than average salary for a business with less than 10 employees doesn't seem out of the ordinary. Plus it sounds like you are doing internal work for versus external consulting - so that seems about right to me.

As for the 5% raise - that also seems about average for a small business. If you were promised a review after 6 months - was that a performance review or a salary review?

From the description of the work that you enjoy, I'm sure that's out there if you want higher compensation. You just need to look.

NavyMooseCCNA

The six month review was supposed to be both a performance review and a salary review. I actually do external consulting, I go to client locations to perform the DFARS Assessments.

paul78

NavyMooseCCNA said:

The six month review was supposed to be both a performance review and a salary review. I actually do external consulting, I go to client locations to perform the DFARS Assessments.

So - just my 2 cents. If you need a higher salary, then you just need to just start sending out resumes. That's the best way to see what's out there. I think that in a small company like I suspect you are in, your likelihood of higher compensation is lower. But in a more established company, you may have to give up other things.

One thing that you could also do, is just to have a conversion with your management. Find out what the company goals or growth plans are - if any. And you can share that you are hoping to make X more by some time. And if there was a way to achieve that. Maybe you and the company can some up with some mutual mechanism to increase your compensation.

LionelTeo

Is this your first job in cyber security? It is not uncommon for first job in cyber security being paid below market. I would advise spending your free time aiming for good certs, and look for a switch once ur ready. Cyber Security is one of the fields which i know can start out lower initially, but will have better overall growth in salary.

draught

From my first real IT job to when I moved to my second my pay went up by 50%. You have to move to another company though you can't expect the current one to give a 30 - 50% salary increase in your next review. At most companies will give 5% salary increase yearly.

I wouldn't want to work for the person here who expects people to stay on a job longer than 2 years, that's old fashioned thinking. The job market is different now and gone are days when you would stick to one company for life. What's important is you have a good reason to explain your move which you do!

Jon_Cisco

draught said:

I wouldn't want to work for the person here who expects people to stay on a job longer than 2 years, that's old fashioned thinking. The job market is different now and gone are days when you would stick to one company for life. What's important is you have a good reason to explain your move which you do!

If you read my post I am very clear about accepting people switching jobs if they can show a reason. But I certainly stand by my position that I would not hire someone that just moved every two years to be somewhere else.

Others can of course hire anyone they want I don't judge.

UnixGuy

Jon_Cisco said:

draught said:

I wouldn't want to work for the person here who expects people to stay on a job longer than 2 years, that's old fashioned thinking. The job market is different now and gone are days when you would stick to one company for life. What's important is you have a good reason to explain your move which you do!

If you read my post I am very clear about accepting people switching jobs if they can show a reason. But I certainly stand by my position that I would not hire someone that just moved every two years to be somewhere else.

Others can of course hire anyone they want I don't judge.

Just know that there are plenty of hiring managers who will not like it if you stay in a company for more than two years and will ask you why haven't you moved/progressed.

I'm not defending either, just saying this is the reality of the market. You can't please everyone. I don't advocate moving very often but stagnating is not good for a field that's constantly changing...

NavyMooseCCNA

LionelTeo said:

Is this your first job in cyber security? It is not uncommon for first job in cyber security being paid below market. I would advise spending your free time aiming for good certs, and look for a switch once ur ready. Cyber Security is one of the fields which i know can start out lower initially, but will have better overall growth in salary.

Yes, this is my first IT Security position. I’m going for my PenTest+ certification.

Danielm7

NavyMooseCCNA said:

LionelTeo said:

Is this your first job in cyber security? It is not uncommon for first job in cyber security being paid below market. I would advise spending your free time aiming for good certs, and look for a switch once ur ready. Cyber Security is one of the fields which i know can start out lower initially, but will have better overall growth in salary.

Yes, this is my first IT Security position. I’m going for my PenTest+ certification.

Are you comparing salaries against people with 1 year of experience? That's likely very different than the overall security analyst role. Also, analyst/engineer/etc are all very generic terms in security so it's all about what you actually do that determines salary. Without knowing location and numbers it's hard to say you're underpaid.

For reference, I brought a guy in from another dept years ago as a security analyst, gave him some simple stuff to do and lots of time to study, train and learn more. In 2 years he's doing great. But even at the 1 year mark I wouldn't say he was even up to the level of a mid tier analyst i'd hire off the street. So, sometimes just saying that you're in a specific role doesn't mean a whole lot for actual salary.

NavyMooseCCNA

The search I ran through Glassdoor I use one year of experience as a parameter. I live in Southern NH, which has a similar cost of living that Boston does. I'm making less than $50K a year.

Danielm7

Gotcha, sub 50K is underpaid for even a jr level analyst. I think at 1.5 years it sounds like you already have you'd be fine to look elsewhere. The freedom to learn and such is a nice perk but you're way off on salary. I'd tell the next place you are just looking to move forward in your career.