Frustrated with Companies Hiring DFIR

jeremywatts2005jeremywatts2005 CySA,S+,A+,N+Cloud+,MSDFS,MSMISSMPosts: 340Member ■■■■□□□□□□
What is going on lately with companies and their hiring practices for DFIR type roles. Have seen a rash like well over 6 or 7 in the past few months who literally think that the pay scale is fixed across the board for all DFIR and all having the same pay band $120k to $150K. I know that sounds great but for us that are already making that it really is a nightmare. Even director level and supervisory doesn't net you beyond these ranges. I explained to numerous recruiters that this pay band is not what I am looking for. I even had one recruitment company bait and switch me. I interviewed well got through the process thought the pay was one thing and when the client was ready to hire changed the salary back to this band stating this is the norm.   He even tried to hard sell me the position. Why would I leave my current position to move laterally for another position for the same salary. It is kind of crazy to be honest I walked on the recruiter said nope not interested. What is even worse I have seen a huge influx like well over 15 companies so far in 3 or 4 months all trying to do contracts with no conversions. Companies need to wake up a bit and start competing for talent. We are in a hot market and there is not a lot of selection and companies dictating to individuals that they don't negotiate take it or leave it doesn't work. I am only looking because my company continues to degrade my salary and benefits then complain when people leave. At some point I will have to leave also if it continues but for now I have high ground and can negotiate my terms and continue to look for a better position for more money and benefits. Really getting sick of companies with no negotiation attitudes. I can remember in tech everyone could negotiate benefits and salary. Now everything is on a fixed scale randomly determined by someone somewhere. 

Comments

  • clarsonclarson Posts: 896Member ■■■■□□□□□□
    edited December 2018
    how does it feel to be working for the computer.  everything is binary. it is either/or.  no more or less or maybe or anything else. first we dumbed things down so they would fit into a program.  Then we let the programs dictate our processes.  and it is only now you complain that the processes  are dumb.

    skynet is suppose to be a fictional computer program from the future.  but it is already here.  it is already making decisions on how you live.  uncaring and unfeeling and will never stop until your dead.  oh, my mistake that is the corporation that enslaves the majority for the minority that owns them.

    AI can't understand.  but that won't stop it from taking over more of your life, making more decisions for you and about you and for other people about you.
  • UnixGuyUnixGuy SABSA, GCFA, GPEN, CISM, RHCE, Security+, Server+, CCNA Posts: 3,958Mod Mod
    @jeremywatts2005 I understand your point, but what if this is the maximum that a DFIR can make? we can't expect linear salary increase forever. If more money is the goal, how about researching what roles pay more and then see if you can change to those higher paying roles outside of DFIR?
    Goal: MBA, March 2021
  • chrisonechrisone CISSP, eCPPT, CCNP RS, CCDP, CCNA SEC, LFCS Posts: 1,827Member ■■■■■■■■□□
    Wish I made in that range of 120-150k. Just curious what salary range were you looking for?
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat,
    Certs: SLAE, Certified Red Team Professional - Pentester Academy (in progress), Certified Red Team Expert - Pentester Academy
  • EANxEANx Posts: 1,033Member ■■■■■■■□□□
    I suspect there's an unofficial cap for non-executives at most places in the 150-175k range. Most HR types can't fathom paying anyone except an executive more than 200k. "What do you mean this guy who doesn't have a degree wants 190k?" It's up to the hiring manager to ensure the range is set properly and they might not be up on the latest figures.

    My personal opinion is that there's more to a total compensation package than the dollar amount on the paycheck but that everyone values these other pieces differently. For instance, an extra week of vacation is probably worth more to someone that has three kids than someone who has none. Good health insurance is more valuable to someone whose spouse works for themselves or has a kid with special needs. I've known people to take a pay cut to get in with the city or a utility for the stability and the pension. They got tired of wondering who would get laid off if the company had a bad quarter. And perm is always worth more than contract (IMO).

    Is there anything you would take in the place of money? Try negotiating something other than dollars and you might be surprised. If there is a cap at that firm, they might be willing to entertain some creative thinking for a win-win.
  • jeremywatts2005jeremywatts2005 CySA,S+,A+,N+Cloud+,MSDFS,MSMISSM Posts: 340Member ■■■■□□□□□□
    So I am looking for the 170k+ role. I know if I want to be a freelancer with no benefits whatsoever I can make 200K + been down that road but with a special needs kiddo cannot do that. That same role perm and full time drops all the way to 150's with benefits. Problem is there are no benefits that would add up to that. I know I did the cost breakdown. Companies cheap out on health care and other benefits.  I have applied for only positions that move me up not lateral on position. Which includes directors and management. The issue is there is zero negotiation with companies right now as in none. They want the pay to be the same and the benefits I suspect it is an equality thing to ensure everyone no matter who you are get paid the same w the same benefits. DFIR includes a multitude of positions- Digital Forensics which is where I specialize, Incident Response, Threat Intel, Monitoring, Analytics, Algorithm Development and a whole hosts of other roles. These roles could be in a SOC, Security Department, Legal Department, Military, State and local gov and a whole hosts of other areas. The issue I have seen is that companies want someone for a lead role at my current or similar salary with supervisory and want you to do a million other jobs along with it. Basically a swiss army knife of DFIR. Which is fine I just want to be paid to build the SOC and do the hiring like I should be. Myself I have been working for over 20 yrs in tech roles and I think this is the worse I have seen it with companies totally unwilling to negotiate and desiring to contract everything that moves. 
  • TechGromitTechGromit A+, N+, GSEC, GCIH, GREM, Ontario, NY Posts: 1,888Member ■■■■■■■□□□
    UnixGuy said:
    @jeremywatts2005 I understand your point, but what if this is the maximum that a DFIR can make? we can't expect linear salary increase forever. If more money is the goal, how about researching what roles pay more and then see if you can change to those higher paying roles outside of DFIR?
    I would agree, at some point, regardless of how good or experienced you are you hit the max. salary for your position, regardless of what company your working for. At this point, I would suggest you look at an employers over all benefits, how's the medical benefits, can you work from home, is the commute shorter, how's the 401k match? do they have a pension plan, etc. If you still not satisfied, I would suggest you start your own company and go freelance.   
    Still searching for the corner in a round room.
  • TechGromitTechGromit A+, N+, GSEC, GCIH, GREM, Ontario, NY Posts: 1,888Member ■■■■■■■□□□
    edited December 2018
    So I am looking for the 170k+ role.
    Good luck with that, where I work Technical IT positions top out at 130k (+ 15% bonus incentive), to make more you have to be in management.  The main problem your going to have is most companies have tiers, Where I work it goes from E01 to E09. Each tier has a set salary range, (and bonus incentive), your job is going to get classified in one of those tiers, E03 is the top technical position, E04 Manager, E05 Senior Manager, E06 Director, etc. You can kick and scream all you want, hiring managers aren't going to be able to give you more than the tier range. If I was at the topped out salary wise, and I got an A review rating every year, best I could do is 150k including bonus. I also have a good benefits, 401k, pension, stock options, etc. I'd be a fool to take another job for a extra 5k or 10k in my paycheck.       
    Still searching for the corner in a round room.
  • DatabaseHeadDatabaseHead CSM, ITIL x3, Teradata Assc, MS SQL Server, Project +, Server +, A+, N+, MS Project Posts: 2,449Member ■■■■■■■■■□
    edited December 2018
    A friend of mine was capped at around your pay, he had to become creative and work directly for a sales team for a tech company.  While he is a solution director even the engineers are making very large bonuses on top of their 130 base, he makes ~150 base.  The last 4 years they double bonus turning 55 into 110%.  It's personally the only way I have seen pure technologist make that kind of scratch.  

    For the engineers that gets them around ~275,000 gross.  He's over 300 when they are hitting their sales numbers.... 

    I have a series of friends who have moved on from networking roles and got into pre sales, sales and leadership positions.  With the "top" previously a VP at Cisco now at WWT, making unknown amounts, I'm assuming fairly well.

    My point they wanted the money and pure technology roles eventually capped them.....  

    One last thing I wanted to share, you may or may not know this.  A few years back I put my two weeks in they countered, like a fool accepted.  However I did glean some insights.  

    My manager at the time had access to a HR system that showed the pay scales of roles, I mean all roles.  It was basic but it what was used to determine the max, this had aggregation and regional even city breakouts.  I was a Senior BI Analyst at the time and it listed out the bottom, ~45k, the median 78k and the max 97 for the city I was working in.  He said let's go in just under 97 and he thinks he could get it done..... 

    This tool is very powerful now, they can look at a glance where you at in you city and cap you based that location. 

    So yeah there is job data out there creating these glass ceilings and I can bet that this isn't the only company using these tools......
  • MitMMitM Posts: 581Member ■■■■□□□□□□
    I'd be alright with 150k plus a bonus, but everyone is different :smiley:
  • chrisonechrisone CISSP, eCPPT, CCNP RS, CCDP, CCNA SEC, LFCS Posts: 1,827Member ■■■■■■■■□□
    MitM said:
    I'd be alright with 150k plus a bonus, but everyone is different :smiley:
    agreed! I wouldn't mind 130k with bonuses and training too :)
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat,
    Certs: SLAE, Certified Red Team Professional - Pentester Academy (in progress), Certified Red Team Expert - Pentester Academy
  • jeremywatts2005jeremywatts2005 CySA,S+,A+,N+Cloud+,MSDFS,MSMISSM Posts: 340Member ■■■■□□□□□□
    Problem is bonuses are not guaranteed and can be taken away or lowered or changed. Current company did just that we went from a 20% bonus to a 10% bonus huge shift in pay. I signed on for a 20% because 85% of the company received the full bonus yr over yr. They must have seen too many dollars going out on that. Second my current company is paying zero as in zero for training including conferences none at all citing budget issues. I work for one of the largest employers in the world and they are killing us internally with budget cuts. Third pay raises at my current company are 1% or less citing budgeting issues each yr they say we will do better. Fourth current company lowered the salary bands so a promotion or moving to a higher positions pays the same or no greater than 5%. This is why I am looking it feels like I am on a sinking ship and they are looking at the DFIR to try and cut costs as much as possible. The issue is it is forcing people out the doors at the company and they are not refilling positions just dumping more work down to you. So yeah it was great 3 yrs ago when you had a 20% bonus and promises of tons of training and conferences which never materialized. Now it is like what is the next thing they are going to cut. 
  • MontagueVandervortMontagueVandervort Senior Member Posts: 399Member ■■■■■□□□□□
    So yeah there is job data out there creating these glass ceilings and I can bet that this isn't the only company using these tools......

    This ^

    I do a lot of odd research. It's my "thing". I like to collect information and form statistics and statistical likelihoods from it.

    According to what I'm seeing now, my guesstimate would be that eventually all job roles will have specific and set, unmutable salary ranges across the board. There will be no negotiation. You do this - you get paid that. You do that - you get paid this.

    There is already a lot of salary scale software, packages, and and an entire industry starting to form surrounding all of this.

    The way of the future, I guess. To keep things "fair" and avoid scrutiny and accusations of inequality?

    Let's just hope we all don't end up earning minimum wage. :D






  • DatabaseHeadDatabaseHead CSM, ITIL x3, Teradata Assc, MS SQL Server, Project +, Server +, A+, N+, MS Project Posts: 2,449Member ■■■■■■■■■□
    edited December 2018
    So yeah there is job data out there creating these glass ceilings and I can bet that this isn't the only company using these tools......

    This ^

    I do a lot of odd research. It's my "thing". I like to collect information and form statistics and statistical likelihoods from it.

    According to what I'm seeing now, my guesstimate would be that eventually all job roles will have specific and set, unmutable salary ranges across the board. There will be no negotiation. You do this - you get paid that. You do that - you get paid this.

    There is already a lot of salary scale software, packages, and and an entire industry starting to form surrounding all of this.

    The way of the future, I guess. To keep things "fair" and avoid scrutiny and accusations of inequality?

    Let's just hope we all don't end up earning minimum wage. :D






    The only way around this from my perspective, if you want to work for a company is latch onto the sales arm.  I did that in the form of analysis.  I work for a demand management (supply chain) group managing their reporting databases, (primarily dashboards), requirements even solutioning.  Sort of a JOAT however I get a nice bonus structure since I am in a sales vertical. 

    I don't get commissions however I do get the sales bonuses, not the regular corporate bonus.  This is extremely helpful, especially since I don't get the 130 base......

    I would never get bonuses like these if I was working in IT vertical, if I did it would be your 10 - 20% nonsense....    

    @jeremywatts2005 my apologies for "Hijacking" your thread, but I believe this problem is more systemic than just forensics.  

  • chrisonechrisone CISSP, eCPPT, CCNP RS, CCDP, CCNA SEC, LFCS Posts: 1,827Member ■■■■■■■■□□

    According to what I'm seeing now, my guesstimate would be that eventually all job roles will have specific and set, unmutable salary ranges across the board. There will be no negotiation. You do this - you get paid that. You do that - you get paid this.

    The way of the future, I guess. To keep things "fair" and avoid scrutiny and accusations of inequality?


    The talent pool with suffer as we shift from employees to consultants.

    Consultant: Hey "heard you got hacked?" I believe I know how you got hacked and can help secure your organization.
    Company: No thanks, we have Security+/CEH gurus! 
    Consultant: sells company data for 3 times the amount of his previous salary....

    You get what I am implying here?  :D

    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat,
    Certs: SLAE, Certified Red Team Professional - Pentester Academy (in progress), Certified Red Team Expert - Pentester Academy
  • shochanshochan Senior Member Posts: 839Member ■■■■■□□□□□
    2019 goals -> CySA+ (Sept)
    "It's not good when it's done, it's done when it's good" ~ Danny Carey
  • TechGromitTechGromit A+, N+, GSEC, GCIH, GREM, Ontario, NY Posts: 1,888Member ■■■■■■■□□□
    For the engineers that gets them around ~275,000 gross.  He's over 300 when they are hitting their sales numbers.... 

    The pay scale ranges I quotes were for IT, engineers may have different ranges, I know our control room senior operators easily make 200k+ a year, plus bonuses.  
    Still searching for the corner in a round room.
  • paul78paul78 Posts: 3,013Member ■■■■■■■■■■

    According to what I'm seeing now, my guesstimate would be that eventually all job roles will have specific and set, unmutable salary ranges across the board. There will be no negotiation. You do this - you get paid that. You do that - you get paid this.

    There is already a lot of salary scale software, packages, and and an entire industry starting to form surrounding all of this.
    I dunno about immutable salary ranges part. I believe in free markets and in my experience, compensation ranges was simply due to supply and demand.
  • DatabaseHeadDatabaseHead CSM, ITIL x3, Teradata Assc, MS SQL Server, Project +, Server +, A+, N+, MS Project Posts: 2,449Member ■■■■■■■■■□
    shochan said:
    Atlanta GA is a great comp to my area and the max is listed at 136, which isn't far off from the 130 I posted......   In my area this MAX for almost any infrastructure engineers, data, systems, security etc.....
  • MontagueVandervortMontagueVandervort Senior Member Posts: 399Member ■■■■■□□□□□
    paul78 said:
    I dunno about immutable salary ranges part. I believe in free markets and in my experience, compensation ranges was simply due to supply and demand.

    I believe in free markets also; however, it looks like "supply" will be considerably increased by decreasing quality of said supply, unfortunately.

    For the record I highly oppose all of this and none of this will be an overnight change... but it has already started.
  • LionelTeoLionelTeo Posts: 526Member ■■■■■■□□□□
    edited December 2018
    I am wondering why if you are looking for job positions at this time of the year. How about trying to look for it again from Mid Feb to July after the companies allocated their budget for hiring? During the year-end period, companies are usually hiring for replacements position. Even if you get the salary, you are actually taking over someone job post who had left for an unspecific reason.
  • MitMMitM Posts: 581Member ■■■■□□□□□□
    LionelTeo said:
    I am wondering why if you are looking for job positions at this time of the year. How about trying to look for it again from Mid Feb to July after the companies allocated their budget for hiring? During the year-end period, companies are usually hiring for replacements position. Even if you get the salary, you are actually taking over someone job post who had left for an unspecific reason.
    I understand your point, but when the right opportunity presents itself, you go for it. It doesn't hurt to always be on the lookout. It's up to you to ask the proper questions to find out how the position came about.
Sign In or Register to comment.