LANDING YOUR DREAM CYBERSECURITY JOB
About this episode
In this episode, we will focus on landing your dream job with great interviewing skills and negotiating your total compensation. Negotiating your compensation can be a difficult process, but it is important to your own financial security to get this right. After all, your starting compensation will affect other pay raises and cost of living adjustments for years to come.
During your negotiations, make sure that you show enthusiasm for the position and you passion for the industry. Be sure to tell the interviewer about all the cool stuff you’ve been doing to demonstrate your passion, as well.
For instance, if you are negotiating for a position within vulnerability management, then you need to tell the hiring manager about your prior experiences finding and mitigating vulnerabilities that had no available patches. Tell me about that time when you had to roll up your sleeves and figure out how are we going to mitigate this thing that has no patch. Who did you work with? Whose help did you get? How did you collaborate? What was the result?
When you are negotiating for a position, you should think of the job as a relationship. You want to ensure it is a good fit for you. At the same time, the hiring manager is trying to figure out if you are a good fit for their team, as well.
When it comes to determining the salary you should be aiming at, the only thing that matters is the local market rate for that job and the employer’s typically range of pay established for that position. These are both normally based on the same thing: market salary surveys.
Remember, you don’t want to fail to negotiate properly for this position by overpricing or underpricing yourself. Make sure that you negotiate based on the market rates in your area and get the highest amount you can because your agreed upon rate is going to determine your compensation not only for the rest of the time that you work at this employer, but it could affect your compensation at subsequent employers, too.
What you’ll learn
- Finding out if have a passion for a particular position
- How to be useful to the team on day one
- How to solve the problems that a job was designed to deal with
- Finding out who the organization is and how they operate
Relevant websites for this episode
Hi everyone. This is Your Cyber Path, the podcast that helps you get your dream cybersecurity job. I’m Kip Boyle, and I’m an experienced hiring manager of cybersecurity professionals. If you want to give me feedback on the show, or if you want me to answer your question on a future episode, please visit the show page. It’s at anchor.fm/yourcyberpath. When you get there, click on the big message button and start talking.
Today, we’re wrapping up the fourth and final week of the initial version of our masterclass, and it’s called How to Get Your Dream Cyber Security Job, As Told By Hiring Managers. On today’s episode, I want to share with you some insights from the fourth week. We were focused on landing your dream job with great interviewing skill and negotiating your total compensation.
Now it’s difficult enough to be offered an interview, so even though you’ve put in a ton of work and you’re probably very tired, you want to stay strong as you transition from using your resume to get attention from the hiring manager to selling yourself in person. Once the hiring manager chooses you to come in and have an interview, do not relax yet. In many ways, your need to perform with high energy is even greater than it’s been to this point. You also still need to negotiate a total compensation package that is going to set you up for success on the job. These are not small things that you need to do. Take a deep breath, gather your energy and get to it.
Now you probably remember that when I’m interviewing candidates, I’m looking for two things in particular, no matter which job it is that I’m trying to fill. I want to know, do you have passion for this particular job, and can you be useful to the team on day one? So your goal is to have compelling answers to these questions. I’m going to use many different ways to ask these questions, I’m probably not going to come out and ask those two questions, so pay attention but know that that’s what I’m looking for.
Now, you should not be holding back. You need to show enthusiasm and you need to tell me about all the cool stuff you’ve been doing to demonstrate your passion. So perhaps you’ve been volunteering at cyber security conferences, maybe you even spoke at one. Maybe you worked really hard and you got a really tough, relevant certification. Tell me about that, what was that like for you? Share some details and do it with enthusiasm, and don’t forget to make it clear how you can solve the problems that this job that you want was designed to deal with.
So, as an example, if this is a vulnerability management program, and this is a job within that program, then you need to tell me about your prior experiences finding and mitigating vulnerabilities that had no patch. I mean, most vulnerabilities, you deploy a patch and then you check to make sure that the patch worked, but tell me… That’s not too hard relative to a vulnerability that has no patch, so tell me about that time when you had to roll up your sleeves and really figure out how are we going to mitigate this thing that has no patch? Who did you work with? Whose help did you get? How did you collaborate? What was the end result? And I’m not looking for a perfection. I know in the real world, things don’t always work the way that you expect them to. So tell me about that and tell me how you recovered from difficult situations.
Okay. Now, something that I believe makes a strong candidate in an interviewing situation is when you bring insightful questions about us, the potential employer. Who are we, and how do we work? I encourage you to think of a job as a relationship, and that means you need to make sure that we are a good fit for you, because I guarantee you, we are trying to figure out if you are a good fit for us. We might think you are, but you may not be so sure, and if you don’t ask the question, the only way you’re going to find out is to land the job and then give it a try.
Even if you go into the interview asking questions about fit, it could turn out that the fit is not correct. I’ve had that happen before, so there’s no silver bullet here, but you should absolutely be asking the questions, do I really want to work for this employer?
Okay, so that’s about acing the interview. Now let’s talk about negotiating your total compensation. There’s more to talk about on this subject than we have time to in just one episode today. I’ll do a whole future episode on some total compensation strategies and techniques, but let me offer you a couple of thoughts right now.
One of the most important things is you’ve got to remember that your current and prior compensation is irrelevant. The only thing that matters, with respect to this new job that you’re pursuing, is the local market rate for that job, and the employer typically has a range of pay established and they typically do that based on market salary surveys. Many companies actually have, if they’re a medium or large sized organization, they’ve actually subscribed to a service that delivers timely, relevant market data, and this is not the stuff you’re going to find on glassdoor.com or any salary survey sites. This is rigorous research salary data, and that’s what they’re using. They also know what people with comparable jobs in their organization, they know the total compensation that those people are receiving, and you don’t know any of that. So it’s a very uneven situation, but you’ve got to figure out how to navigate these waters. So that’s one thing, and I’ll talk about how to do that in a moment.
But the other thing that you have to realize is that even though the employer has all these advantages, they’re still expecting you to negotiate, so you’ve got to use that to your advantage. Don’t fail to negotiate and make sure that you negotiate as well as you possibly can, because this is going to determine your compensation not only for the rest of the time that you work at this employer, but it could very well affect your compensation at subsequent employers, okay? So this is a big deal. Now, you want to do your research to find out as well as you can what this job might be paying, and some things you can do is you can go to cyberseek.org, and there’s some salary data there based on job title. You could also go to the Bureau of Labor Statistics and you’ll get some good data there. Now, these are all useful if you’re going to work in the U.S. If you’re working in another country, I don’t know exactly where you should go, but you should find the equivalent sources for data.
Another thing that I want you to be aware of is make sure that the offer that you’re given, once you negotiate an offer and it’s presented to you, one of the things you have to make sure is that the offer is localized to the city where you’re going to work. Now, if you’re not moving, if you’re staying in the same city, this isn’t nearly as important, but the cost of living in different cities is different and sometimes it’s very different. So for example, if you are living in Nashville, Tennessee, and you’re earning $58,000 per year, an equivalent salary in Seattle, where I live, is $75,000. So if you make the mistake of receiving a $65,000 a year offer, and you compare that to your current salary and then you move to Seattle, you’re going to find that your way of life is going to go down. Even though it seemed like a bigger number, it was an absolute bigger number, but it’s just so much more expensive to live in Seattle. So pay attention to that. There are free cost of living calculators on the internet, you just need to go and search for them, try a couple of them and make sure you don’t make that mistake.
Okay. Well, as I said, the masterclass is finished as of today, Friday, May 1st. We’re going to reopen it. What we’re doing is we’re taking all the feedback that we receive from students and we’re improving the lessons and moving to a new online delivery platform, and our goal is to be up and running no later than June 1st, preferably sooner. But as we get closer, I’ll share more about that with you later. Okay. That’s enough for now. So until next time, remember, you’re just one path away from your dream cybersecurity job.
Cyber Risk Opportunities