How to increase TC in security?

SAP MEaS24
May 12 14 Comments

Current TC @ 155K in Bellevue WA. I am not complaining at all, it's def enough for me and my family to live well. However seeing the high TC being posted here at times makes me think I could be doing even better, but other than going after small increments every 2-3 years (switching companies) or just working a lot I don't have much of a strategy/plan to move up the career/TC ladder. So far my bumps have been for high performance as an eng. Started my current role at about 120K around 3 years ago.

So, how have other blind security folks done it?

comments

Want to comment? LOG IN or SIGN UP
TOP 14 Comments
  • This comment was deleted by original commenter.

    • SAP MEaS24
      OP
      What's your TC at Kaspersky? Yoe/role?
      May 12
    • SAP MEaS24
      OP
      Very nice, I'll def keep it in mind and look into it. Thank you for the replies
      May 12
    • New bzRF81
      Hey Kaspersky, is there a way to move from backend dev to Security? What exactly to do? And long would it take for an average person?
      May 12
    • Coupang / Eng
      Ka-chow!💥

      Coupang Eng

      PRE
      Facebook
      BIO
      I am speed.
      Ka-chow!💥more
      I work in the same world of security as you including Detection and Intelligence. I personally know half dozen or more people at 250k+ at non-FAANG and some breaking 300k.

      The goal is to continue to build your skillset, understand the business and challenges that your company or company you’re interviewing for faces and help lead and solve those problems.

      I have 12 YOE.
      May 12
    • New bzRF81
      Thanks so much!
      May 13
  • New / Eng |l|l||l|l|
    You should be aiming for big increments when you switch companies.
    May 12 3
    • SAP MEaS24
      OP
      How big? 10%ish, or more?
      May 12
    • New / Eng |l|l||l|l|
      20-100%
      May 12
    • Coupang / Eng
      Ka-chow!💥

      Coupang Eng

      PRE
      Facebook
      BIO
      I am speed.
      Ka-chow!💥more
      I won’t move for anything less than 25% increment. Switching companies is where you tend to make the most.
      May 12
  • Deloitte broadway74
    Interview always and take smart leaps
    May 12 0
  • Microsoft vxefcdrvsw
    OP, are you an SDE?
    May 12 2
    • Microsoft FizzyFizz
      security practitioners tend to be PM ime
      May 12
    • SAP MEaS24
      OP
      sec ops eng. Do have dev exp but it's been a long while since I actually coded aside from scripting automation. Why?
      May 12
  • New CiOI38
    @MEaS24 .... CISO here. Led security at Global5 and growing companies.

    Here's my suggestion, and what has worked for me, think long term - about your goals and gifts:
    - Focus where others are not. However, it really helps to choose to be 99% deep in one field, or 80% in 5-6 fields.
    - Stay ahead in concepts. A lot of security folks can be "change is bad types". Embrace and become aware of innovations (eg: quantum crypt, dirty-fying ML models, privacy, etc)

    - Security is moving to an in-house / out-of-house model. In-house for big companies, choose growing software companies for new challenges. Old guards often hire consulting companies OR those who prefer legacy security challenges. Lots of money in managed security services, but often pay only, no stock.

    - Stay ahead in skills. Business acumen, and focusing on areas which managed service providers or ML will not solve. Do a tour of duty (shortly) in a SOC, but get out.

    - Build skills others are not. In security, there seem to be a few types of people - here's how to beat each type.
    Big 4 consultant type (say PwC, etc) who build up to leading a security program. They are personable, task oriented, and can interact well with peers. Can speak they language of business. Hard to beat for promotions past IC - bc they want to lead.
    Neckbeards (said lovingly) - Can tell me all about a particular buffer overflow in a network router, incredibly smart, understands any system from a "systems mindset". Incredible IC, but never wants to lead. Hard to beat until you're both at a senior level, and you have more personal skills. They top out, but still receive high pay.
    Security Engineers - Love the nuts and bolts of tooling. Can do scans, assessments - etc. Their career aspirations can be a mix of aggressive / docile.
    Analysts, etc - Generally not a threat to technical types early in career; however, they can "leap" over strong technical types simply bc they can manage a program or portfolio of tasks.
    May 14 0