Salary information and Job titles/Certs after 20+ years in IT/Infosec

salary-information-and-job-titles/certs-after-20+-years-in-it/infosec

Were you aware that someone could be secretly watching you or your child with your webcam right now? Is it worth taking such a risk? camDown can help stop them!

Helpdesk to CISO.

There seems to be a lot of questions about career progression, wasting time in helpdesk, and the desire to jump right into the high paying jobs. I’m not here to tell you that is impossible, I’m here to show you my career progression. I hope that some people interested in the field will gain some comfort knowing that hard work pays off, and you’re not a loser if you don’t jump directly into a 6-figure job. I very obviously do not want my personal information readily available on the internet, so “throwaway,” but I also want to share salary information, so people get the full picture. Please be kind to a professional trying to help out the next generation and keep your OpSec investigations for someone else? 😊

This data was taken from the Social Security Administration page, so it is based on Adjusted Gross Income, and thus doesn’t reflect perfectly what I was paid as tax deferred savings like 401k are not represented, and some years had bonus $$$ while others didn’t. This data represents work on the West Coast of the United States primarily in a big city with a HCOL. There is a middle bit where I moved to a LCOL area but moved back to the same HCOL later.

Salary Tables

View post on imgur.com

(Sorry for the image link, I gave up trying to paste an excel table into reddit after the github pages that supposedly make it easy didn't work. Also r/cybersecurity doesn't seem to allow images. )

Some things I would like you to keep in mind.

My salary progression stalled more often when employed by the same company for longer periods of time. This does not mean I think that job hopping is a useful goal, but it does mean that after a time-frame I consider around 2 years, if you’re not getting what you want from a job it’s time to look elsewhere.

I avoided certifications when I worked in IT because:

  1. I was young and dumb

  2. Many Certs did not hold the weight then, that they do now

  3. I was not mentored well in my early years

The technical part of the job is the easy part, and none of it is a waste of your time. Whether you’re learning technical skills, security skills, communication skills, or office skills, they ALL make you a better person, a better professional, and a better candidate for jobs.

I would rate communication skills as the most valuable skill to nurture in yourself. The ability to speak and write in a clear and easy to understand manner so that others can understand what you are trying to communicate, will benefit your long-term success more than any technical skill I know. A healthy dose of curiosity would be rated second, as the most successful people I know in this field are curious about every granular detail.

These jobs have spanned multiple industries, from energy, federal defense, local government, and the financial sector. I’ve never worked for a FAANG company or start up, and don’t plan to.

I do not have a college degree and do not plan to pursue one currently. That doesn’t mean I feel they are useless, but as with many certifications it is what you learn during the process that is of value.

You are what people will evaluate when hiring, not your alma mater, what you scored on your cert exam, or what your prowess is on hack the box. When writing your resume ensure that you highlight why your skills are valuable and what you’ve done with them. The people interviewing you have a pretty good idea what THEY want you to do with your skills, and anyone who communicates on a resume that they already know how their skills are best utilized, are the candidates that stand out from the rest.

I’ll do my best to questions if anyone has any.

*UPDATE*

Based on some of the responses I’d like to add some context around the salary data. My goal for most of my career was to have a good work/life balance. I specifically did not chase higher wages in more challenging positions. I was a bachelor and able to pay my bills, fund my 401k, and that was enough for me. You can see the length of time I spent at some companies and the reason I stayed so long was because I was able to fulfill the job duties with a very low effort on my part. At the time I thought I was ahead of the game if I only had to work 2-3 hours a day. I could take long lunches, play video games, and generally do what I wanted if I was available when needed, and able to respond to my job requirements efficiently. So, what happened in 2019? I got married.

I’m “mostly” comfortable with the fact that I did not challenge myself fully until recently in my career, as I was able to do some amazing things in my youth. Don’t let my data be the stick you measure yourself against for success. Measure yourself against only yourself, and if you’re happy that is all that matters.

I will also add that I did not plan for a senior management role. My career has been about chasing what was interesting to me. The offer of the role of CISO has become very interesting with the ability to influence how the company approaches security as a whole.

Let me just add that camDown helps make you invisible to hackers and guard your personal data and your neighbors would agree!