I need to ask for a raise..

mjsinhsvmjsinhsv Member Posts: 167
This might help some of you study harder.

2015 CISSP Salary survey.

Certified Information Systems Security Professional (CISSP) Certification Salary, Average Salaries | PayScale



Just kidding about the raise. I don't care about the money.
Some training would be nice though. ;)
«1

Comments

  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    Keep in mind national averages may or may not reflect your local market. In the city of Chicago wages are depressed as "everyone wants to work downtown..." Where as out in the burbs your talking of up to 40-50% premium. Not uncommon but you better be really good and willing to commute several hours a day if not more. I have meet people that do commute 2-4 hours ONE WAY daily. Ummm... no thanks.

    Surrounding states, Michigan, Indiana, Wisconsin (from Chicago and Chicago is Illinois, right?) generally pay less than market. Say 80-95k for a CISSP would be reasonable to expect. Anything more and you'd better be running the company within the week. Being centrally located in the Midwest means I get pitched across the Midwest if not the rest of the country like everyone else with a few years of experience.

    Keep your comparable cost of living in mind when considering moving. You might be surprised to see the differential in cost compared to where you are now. Personally, I was shocked that Ann Arbor Michigan was more expensive than Chicago. Live and learn.

    PayScale isn't a bad source for being free. Seen better more accurate "comp tables" but I'd say this is reasonable if not a bit generous, they usually are if your familiar with these.

    - b/eads
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    I was motivated to get CISSP when I saw what our CISO wanted to pay the new VP of Info Sec :D.

    Besides wanting the salary increase, I am enjoying this learning process. When I was the helpdesk guy I thought security was just firewalls and proxies. Boy was I wrong.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    would be interesting to see a uk equivalent.
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    The UK doesn't have comp tables like this? Don't forget the exchange rate varies but this looks fairly accurate.

    Certified Information Systems Security Professional (CISSP) Certification Salary, Average Salaries | PayScale United Kingdom

    - b/eads
  • papadocpapadoc Member Posts: 154
    Good starting point on the survey. I pay most of my CISSPs around $30-40k more than that on the NYC number, but they're all in the Wall St. finance industry, PE/Hedge Funds etc. so the comp levels are skewed in that area as well. I would like to see the bonus structures as I've seen them range from 30 - 130% depending on the finance firm and specific financial vertical.
  • fullcrowmoonfullcrowmoon Member Posts: 172
    According to the DC numbers, I'm underpaid. Hmm.
    "It's so stimulating being your hat!"
    "... but everything changed when the Fire Nation attacked."
  • philz1982philz1982 Member Posts: 978
    E Double U wrote: »
    I was motivated to get CISSP when I saw what our CISO wanted to pay the new VP of Info Sec :D.

    Besides wanting the salary increase, I am enjoying this learning process. When I was the helpdesk guy I thought security was just firewalls and proxies. Boy was I wrong.

    So what did he want to pay the VP of Info Sec?
  • kalkan999kalkan999 Member Posts: 269 ■■■■□□□□□□
    If you're a CISSP in the states with verifiable experience exceeding 7 years and you're not making over $110K, then you're doing something wrong. Work hard enough and do it right, you can make more than double that amount, and you don't even have to live in DC, San Fran, NYC! I know a number of CISSP holders who are contractors who make $200K+ on W2, and $140-150K plus bonus, benefits, etc., for salaried positions and live in fairly inexpensive cities...just be near an international airport.
    Three things to know if you want to make money with this cert and skills:
    -Be able to talk the talk and walk the walk' with security Subject Matter Experts (SMEs). They'll rip you apart if you try to BS your way through a meeting where they are involved.
    -BE willing to accept that you need to be customer/client facing as much as possible. And when you do decide to break the mold and engage regularly with everyone from your clients to project managers to execs, be NICE...Do NOT scoff at people or roll your eyes at them when they use 'buzz words'
    -Be willing to travel 25-50% for a few years; it matters not if you're contract or permanent employee in this regard. Work for a big company, and be what is called an 'Individual Contributor,' which is often a senior, but not management position.

    Keep these things in mind, and and put these examples into practical use, and you'll make the money.
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    Damn, I'm probably the least paid CISSP in the U.S.

    Need to work on that I guess
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    philz1982 wrote: »
    So what did he want to pay the VP of Info Sec?

    I forget the exact dollar amount, but it was six figures.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    kalkan999 wrote: »
    Do NOT scoff at people or roll your eyes at them when they use 'buzz words'

    This is EXACTLY what I do now!!!
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • papadocpapadoc Member Posts: 154
    E Double U wrote: »
    This is EXACTLY what I do now!!!

    I have 70+ year old board members who control billions in private equity wealth, asking me about those "cybersecurity criminals." You have to coach, educate and step yourself down to their level who are seeing feeds on Bloomberg, MSNBC, CNN etc. Some mental self deprecation may be required on our part to help educate some of these folks who wield enormous amounts of influence and funding for our security programs. The first thing I did in my management track decades ago was learn from skilled CIOs on how to properly represent a balance sheet in front of the board for program funding. Making friends with CFOs who can review your pitch deck a few weeks before the big presentation also helps. Especially having them as an ally in the room.
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    kalkan999 wrote: »
    If you're a CISSP in the states with verifiable experience exceeding 7 years and you're not making over $110K, then you're doing something wrong. Work hard enough and do it right, you can make more than double that amount, and you don't even have to live in DC, San Fran, NYC! I know a number of CISSP holders who are contractors who make $200K+ on W2, and $140-150K plus bonus, benefits, etc., for salaried positions and live in fairly inexpensive cities...just be near an international airport.
    Three things to know if you want to make money with this cert and skills:
    -Be able to talk the talk and walk the walk' with security Subject Matter Experts (SMEs). They'll rip you apart if you try to BS your way through a meeting where they are involved.
    -BE willing to accept that you need to be customer/client facing as much as possible. And when you do decide to break the mold and engage regularly with everyone from your clients to project managers to execs, be NICE...Do NOT scoff at people or roll your eyes at them when they use 'buzz words'
    -Be willing to travel 25-50% for a few years; it matters not if you're contract or permanent employee in this regard. Work for a big company, and be what is called an 'Individual Contributor,' which is often a senior, but not management position.

    Keep these things in mind, and and put these examples into practical use, and you'll make the money.

    Please include any empirical evidence to back these claims. I can point you to several areas of the country where you'd be the only CISSP for 100 miles. Those places are NOT going to be paying 200K+ a year for anything. Obviously, you've lived in DC far too long and I can easily back my numbers up with proper documentation.

    Keep up with those latest buzzwords though! That'll get ya some respect there in DC I guess. Here in the Midwest it only gets you to the door a bit faster than the other frauds.

    - b/eads
  • kalkan999kalkan999 Member Posts: 269 ■■■■□□□□□□
    I haven't lived in DC for years and have no real intention of moving back. OBVIOUSLY, BEADS, you did not READ my post, or worse, you read it and took it out of context. For Example:

    -When I was talking about 'buzz words' and their usage, I was NOT referring to myself, rather I was referring to Senior Managers, Directors and C level execs who use them. I was TRYING to convey to aspiring Security people that they need to be more personable, with less scoffing and arrogant cynicism and derision that you seem to possess and project so well, Beads! I exercise patience and diligence and actually listen to what people using buzz words are trying to say rather than roll my eyes at them.
    -I stated I know people who are CONTRACTORS who make over $200K, per annum, myself being one of them, BEADS Since you call me out for empirical evidence, I will tell you that I made over $300K last year. Send me a private email, and you'll get your empirical evidence, and that goes for anyone here who doubts me. I am trying to motivate and inspire people, not bring them down and call them frauds. There are frauds in just about every industry, BEADS.
    I gave the details on HOW to be successful financially in my statement that you cut and pasted, but you apparently breezed through the parts that didn't interest your continued motivation to disparage and discourage would-be InfoSec people.. I'd be more than happy to share with you how much I made last year with just ONE client, working out of my home, as in a REMOTE position, and traveled when necessary; hence the reason I said in my post to live near an international airport!
    Beads, If you want to continue to pursue the notion that I am one of those frauds, that is your right, but I say bring it if you want to compare brain pan sizes. You don't GET where I am in this world without knowing your stuff. View my LinkedIn profile, Beads.

    https://www.linkedin.com/profile/view?id=18810386&trk=nav_responsive_tab_profile
  • mjsinhsvmjsinhsv Member Posts: 167
    kalkan999 wrote: »
    -I stated I know people who are CONTRACTORS who make over $200K, per annum, myself being one of them, BEADS Since you call me out for empirical evidence, I will tell you that I made over $300K last year.

    Can I borrow $1000 ? :)
  • kalkan999kalkan999 Member Posts: 269 ■■■■□□□□□□
    Sure,

    I'll just write you a third-party, out of state, post-dated check. :)
  • mog27mog27 Member Posts: 302
    kalkan999 wrote: »
    I haven't lived in DC for years and have no real intention of moving back. OBVIOUSLY, BEADS, you did not READ my post, or worse, you read it and took it out of context. For Example:

    -I stated I know people who are CONTRACTORS who make over $200K, per annum, myself being one of them, BEADS Since you call me out for empirical evidence, I will tell you that I made over $300K last year.

    https://www.linkedin.com/profile/view?id=18810386&trk=nav_responsive_tab_profile

    According to Forbes, the highest paying job out there is a surgeon, making an annual average salary of $233,150. So you made over $67,000 more than a surgeon makes (on average)? Do you have a successful side consulting job in addition to your full time job? Im a contractor making "only" around $115,000.
    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin

    "The internet is a great way to get on the net." --Bob Dole
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    kalkan999 wrote: »
    I made over $300K last year.


    I am doing something wrong lol. I'll get there though icon_smile.gif
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    @kalkan999

    I hold many so called experienced security people in high disdain, of that I think is apparent and of course if you have been doing this for any real length of time, would already understand this point by now. Perhaps not and my little pearls of wisdom will be thrown before swine. It's difficult to take many in this field seriously when, for example, the majority take the lack of attention to detail to new heights or lows in this case. Changing one's handle or signature block into a no longer recognizable transformative is an excellent example, don't you agree? Of course you do. I pay mercenaries for there utterly useless opinions as well. Its fun and keeps me entertained. Understand the desire to undermine or criticize another poster's rantings by changing or altering said signature would certainly be one form of disrespect worth noting.

    So, if an individual cannot handle or be responsible enough to accomplish such a simple task as copying and pasting how can I possible believe they should be responsible enough to guard data? No telling what perfect data in garbage out may occur at the hands of such a flip. Probably capable of all types of nefarious, if not objectionable acts. You've meet them, I know I have as well.

    Here's the real problem and this leads back to that of ethics or lack thereof. Ethics, like social security in Washington this being the third rail of the CISSP but one of the requirements to sit for an exam. How am I as a good faith practitioner supposed to take much of what is being said other than with suspicion if not out right doubt? Years of this junk have obviously left me jaded on the subject. Look at the who people come to this board and (practically, they do!) brag they are not qualified to sit for the exam yet pass it. Requirements be damned. Not when there's a paycheck involved. All bets are off the table. Worse yet. When brought to the table of comment. Nothing. Crickets. Shame on all of us to allow such behavior go unpunished but if not tolerated - encouraged.

    As for the 200k club? Been there, done that. Prefer to have a life outside of being a mercenary. Constant travel, bad food, no family or social life. Yeah, that's ticket. If I want to do that I'd have stayed in the military full time and continued with the "free flight" entertainment (parachuting) etc. Life is insanely fun when you live on the edge all the time. I make more than most ISO types, live in house with a normal commute and see my wife on a regular basis. Which ironically, will tell you, recruiters have asked me why I must hate my family/spouse so much that I'd work a travel job? Got the idea real quick. Life is short and no amount of money is worth that time on the road for me any more.

    No, I cannot and will not tolerate such a lackadaisical approach to security - particularly the ethics of the field. Neither should you the reader whether you have any certification under your belt or simply aspire to gain such. It hurts you. It hurts the certification process and it hurts the community you purport to belong. In the longer run it becomes just joke. Often an expensive joke depending how much time and energy you expend to get there. For example flying overseas or to another country with more relaxed standards to take an exam. See the CEH for example of a questionable cert that has been widely compromised.

    You have consistently whined about how difficult it was to pass the exam for years. Blaming your lack of preparedness. Job duties. Background. Sore toe, whatever. You finally took the exam after dozens of people encouraged you to keep going. Today, we can see the exam takes as little as a couple of weeks to prepare for and pass. Its become the next MCSE with the youngest of candidates not even in there teens. Though I do believe there is some sort of age requirement but is probably easily bypassed with some effort.

    Its hard to accept this or any other exam is a viable representation of any measurable skill. It and most every other non-enforced exam like it is dying and should be discarded until these organizations, not just the ISC2 are willing to truly vet candidates. Otherwise we end up with half-wits complaining about how hard the exam is to pass. Its not a hard exam to pass. Its now been proven over and over. Attempting to convince my wife to sign-up for the exam as she has the requisites needed to include a Master's in IT in less than 48 hours. One weekend and I am confident I could see her passing the exam. Would be ethical? No. Would I sign-off? No, if I did someone should report me and strip me of the title. Is it probable? Yep! You bet, someone will eventually be on this board and claim they studied the back cover of the original Shon Harris AiO for 5 minutes and passed the exam. Yep! That'll help.

    As for the buzzwords remark. Too close to a real world example I just went ballistic on the day before. Buzzwords and acronyms are fine among peers not outsiders. They exists to accelerate communication not halt it. I had to read that a few times before I got your meaning. Did not come across that way the first time. My apology. I've also interviewed more than my fair share of out right frauds in the past couple of months ranging from I've had my CISSP for years (never took or past it) to I am studying this really, really hard exam, perhaps you've heard of it? The CISSPP (no, that's not a typo). Also helps to do some really basic research on your interviewer. Even after I told her I was not only a CISPP but an ISSAP as well. (*eye roll*) She sucked so bad I cannot make myself relive the horror to put it all on screen. Too painful.

    Today's phrase that pays: "Active Lane Management" otherwise known as defensive driving. Keeps me amused while driving my latest commute.

    - b/eads (And it has nothing to do with glass or marbles or whatever that obscenity is trying to represent.)
  • kalkan999kalkan999 Member Posts: 269 ■■■■□□□□□□
    @Beads
    The answer to your plight and concern is simple, as you have already answered it previously: Vet those people you are concerned about, as I do, during the interview process. The test was hard for me because I took the hard road, studying without cheating. I also have a profound learning disability, e.g., severe dyslexia, that makes me view the world differently, not just words on paper or computer screen. When I see a given scenario, my brain does not 'paint the picture' that ISC2 wants in my head. I am a poor standardized test-taker as a result. It's ugly, it sucks, but that's the baseline truth. But, I adapted and overcame. I didn't ****. I have PLENTY of experience in IT and IT Security, and again, am more than happy to match brain pan sizes with you any day of the week. I am good at what I do. I am irritated that people are taking and passing this exam easily because your concerns about it going CBT back in 2012 are realized. I let my MCSE's, CCNA and CCNP expire for the reasons you are so grumpy about. But for now, still, I am encouraging anyone with the skillsets AND the passion I have, and you have, for security to take the test.
    I am happy for you that it wasn't a hard test. I had a lot of the practical knowledge, and lacked some in others, but that doesn't justify your decision to disparage me or people like me, Beads.
    I travel much less than 25%, and I still make the money, and I work from home the rest of the time. I have built a SOLID reputation as a hard-charging, balanced, positive, influential motivator in the Security industry. If anything, I am trying to save it. Yes, it's clear you are frustrated at the lack of knowledge that people in the Information Security field have today, and in a way, I am with you. BUT, again, just maybe consider preaching a slightly different message rather than insult people before you know the facts. Encourage people like me, who are leaders in this industry to fully vet people and their assumed skill sets; because like you stated with the taking of the CISSP, it's not that hard.
    I appreciate your apology and I accept.
  • kalkan999kalkan999 Member Posts: 269 ■■■■□□□□□□
    @mog

    I have a lot of experience under my belt as an IT and IT security person, mog; 19 years IT and 14 years + direct Security experience to be precise. That, plus this cert that gets my foot in the door, PLUS my 'hands-on' experience as a Network Architect, Windows Sys Admin, Cisco and Palo Alto Guru, log management, ,reporting, AV and endpoint agent development and administration(back before it was SIEM, when it was SIM and SEM), as well as a solid understanding of where the industry was (legacy systems still in play), where they want to be, and where they need guidance, all play a key factor into why I command, and get the money. I made $225K last year in my full-time contractor position, working from home about 75-80%, and traveling to client site for the rest. My side business consulting yielded me another $87K, and most of it was work-from-home.
    I am a 'generalist' with the knowledge and the skills to command the respect of SME's who LOVE to try and trip me up, and I have the knowledge and the WISDOM to know that I must retain a positive attitude with other less-tech savvy people who use buzz words out of context. I don't eye-roll the project managers, senior managers, or execs when they do such heinous things as buzz word murder! :) I listen to them, I share with them that I understand what they are trying to say, and I use this phrase OFTEN when dealing with those outrageous offenders:

    'I understand what you are sharing with us sir/ma'am, but in the interest of saving time, I respectfully ask if we can take this offline, as the answer to your question or concern requires a deep-dive discussion.'

    Usually, they are quite agreeable to that answer, then I reach out to them after and 'enlighten' them. Trust me when I tell you that it wins your their favor because you didn't embarrass them publicly, and they are much more likely to listen to you in the future.
    When I was talking about a lot of travel earlier, I meant that for people who do not yet have enough 'time in grade' so-to-speak, that public exposure via travel for work, attending conferences and events, is unfortunately a requisite to get you to the point where I am, and others are now.
    I paid my dues, and worked hard prior TO getting this cert, making not so much money, but knowing what I had to do in order to get to the point where I make what I do now. In that regard, it's all about the 'hustle,'(not in a negative connotation if you are reading this, BEADS), willingness to step outside of the stereotypical comfort zone of tech people and BE personable and positive, and even a little self-deprecating, if necessary.
  • papadocpapadoc Member Posts: 154
    mog27 wrote: »
    According to Forbes, the highest paying job out there is a surgeon, making an annual average salary of $233,150. So you made over $67,000 more than a surgeon makes (on average)? Do you have a successful side consulting job in addition to your full time job? Im a contractor making "only" around $115,000.

    Mog,

    Most Sr. Directors/MDs managing security at finance firms are making $225 - $275k base. If one is in the private equity or hedge fund space, the bonuses are often over 100%. There are CISOs making $300 - $350k base easily. These are total comp numbers approaching high $300k-$400k easily. This post is not to brag, but rather to show there is a huge disparity in pay depending on where in the country you live. I work in NYC and other than the Tri-State area (approaching DC) and possibly San Fran, I don't see those numbers anywhere else in the country. Just my data point for you.

    Oh and by they way, I don't know where Forbes got their data, but anesthesiologists make more than most surgeons. A close friend of mine that I went to uni with is in that field. Check it out, many of the experienced ones are $450k+.
  • GForce75GForce75 Member Posts: 222
    It's a first great step; remember we all started from humble beginnings at some point. Just remember that everything you do builds on your experience. What others are posting are good pointers, but always keep pushing forward into what you want to do and want to understand. It's not always about the money, but building what you want as a whole. As long as you strive to learn and embrace the organization's needs, you will be able to push forth. Network those with experience and trust your subordinates to help put you on the path towards success. Best of luck in what ever you choose to do and def in regards to the CISSP exam.
    Doctoral Candidate - BA (33/60hrs) ~ MBA/Project Management ~ BA/Business-IT
  • philz1982philz1982 Member Posts: 978
    GForce75 wrote: »
    It's a first great step; remember we all started from humble beginnings at some point. Just remember that everything you do builds on your experience. What others are posting are good pointers, but always keep pushing forward into what you want to do and want to understand. It's not always about the money, but building what you want as a whole. As long as you strive to learn and embrace the organization's needs, you will be able to push forth. Network those with experience and trust your subordinates to help put you on the path towards success. Best of luck in what ever you choose to do and def in regards to the CISSP exam.

    I didn't start from humble beginnings. I was born holding the first version of Shon Harris's all in one.
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    philz1982 wrote: »
    I didn't start from humble beginnings. I was born holding the first version of Shon Harris's all in one.

    LOL are there more like you?
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • kalkan999kalkan999 Member Posts: 269 ■■■■□□□□□□
    Another road to take if you're willing, able and patient:

    Combine your CISSP with Application Security, and you'll have the 'golden ticket.' I know, and respect the heck out of Security people who can sit at either the IDS/IPS layer or even the WAF and watch traffic, and can detect malware just by looking at the incoming and outgoing packets. I am NOT one of those people, and don't want to be one of them, but I respect those who have the skills to do it. A lot of these people are former software developers/programmers. So if you want to go that route, learn Java, .net, php, etc..Oh, and assembler like a pro. I personally know enough about these languages to be dangerous, but not enough to ever try to be an AppSec guru.
  • philz1982philz1982 Member Posts: 978
    Funny you mention this I am working on my MCSD, and MCSE for this exact reason.
  • philz1982philz1982 Member Posts: 978
    E Double U wrote: »
    LOL are there more like you?

    More, probably not, we'd all be utterly screwed if there were more people like me.
  • kalkan999kalkan999 Member Posts: 269 ■■■■□□□□□□
    The following is a funny, and only MEANT to be a funny:

    Let us Six figure folks do our good karma, deed, mitzvah for the day and chip in to buy @BEADS a mood leveling pill dispenser that he can hang on the wall next to his desk. :)
    @BEADS, take that in jest. Not like you don't deserve it for calling me a fraud earlier, which I laughed about and took in stride. :)
  • LR0926LR0926 Member Posts: 28 ■□□□□□□□□□
    kalkan999 wrote: »
    The following is a funny, and only MEANT to be a funny:

    Let us Six figure folks do our good karma, deed, mitzvah for the day and chip in to buy @BEADS a mood leveling pill dispenser that he can hang on the wall next to his desk. :)
    @BEADS, take that in jest. Not like you don't deserve it for calling me a fraud earlier, which I laughed about and took in stride. :)

    I think there are more than a few of us here that would be happy to chip in.
Sign In or Register to comment.