As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options
Getting Poached for a Senior position when I'm a Junior, Salary Negotiations
Giggles_Funsworth
Blight on DiscourseBay Area SprawlRegistered User regular
Blight on DiscourseBay Area SprawlRegistered User regular
Cross posted from the SE++ Jobs thread.
Further details:
In addition to seeming above my paygrade the job req was tailored more to a Network Security person and I've been doing Web Application Security for the past few years-ish. Guy is telling me that is misleading because what they like about me is my AppSec abilities and that I've got NetSec skills in the past even if they're rusty. So I think maybe they thought they couldn't find an AppSec candidate for the position (highly in demand, all about being poached from one company to the next) so they were settling for a NetSec guy who could understand some AppSec. The position is with a large-ish well known car insurance company in San Francisco owned by a huge and well knowner car insurance company so they aren't small potatoes. I would need to work from an office and wear pants again I think, and I would want to relocate because I don't want to commute from San Jose and go to school (no time, commuting for five hours a day at my last job instilled a deep hatred of commutes over half an hour in length in me).
So I send him my resume because fuck it why not at least practice my interviewing skills if they really think I'm a good fit and this morning guy is asking about my salary expectations and what I am making now.
I am lead to believe through more senior friends, and THE INTERNET that I should make no less than six figures a year as a SENIOR SECURITY ENGINEER in SAN FRANCISCO. The range I seem to be getting online is between $100-150k and I think Senior AppSec people generally make even more what with all the poaching. I know at least one guy who is making $400k+ but sometimes he gets shot at. Plenty of people I know at that level make more than $200k though.
The problem with just saying that is that I currently make about $60k a year. There are a few reasons for this, and why it is out of line with my abilities anyway. I got fired from my first AppSec job after a year for something that wasn't really my fault because a sacrificial lamb was needed, the two years before that I was "freelancing" from my "home office (car)" because holy fuck the recession. Most places I was interviewing at were offering about $70-80k for people like me, but it was hard finding a place that would take a risk on someone with a tainted record like that. My current employer took me on in a sort of provisional basis, in a newly created Junior classification, even though my manager admitted that I was probably qualified enough to be a Mid-level consultant like most of my group. They are also based out of the Midwest so salaries don't always scale quite as well as they could to Bay Area cost of living. That was almost a year ago now.
I definitely don't want to accept less than $100k because:
1. Rent in San Francisco is significantly more (2-3x) than what I'm paying in San Jose.
2. I don't want to leave my current employer without a sizable reason considering the bridges it would probably burn and the lack of longevity it would instill in my resume.
3. I would be giving up a significant amount of perks for this position. Being able to work from anywhere almost any time, being able to work without office clothes, or any clothes, a large pool of talented people that are obligated to help me out if I get stuck on something, a travel coordinator and corporate rates, rental insurance, and other perks I am allowed to use for personal travel, and a company that has a 1950s level of loyalty towards their employees.
4. I would be investing a significant amount of my personal time picking up skills I haven't used in a while and learning new ones to excel at this position.
5. When I eventually leave this position I don't want to be in the same weak bargaining position I am now.
Should I just tell them that, minus 5 and parts of 3, and how do I explain why I was in such a weak bargaining position before?
Is it a terrible idea to entertain this? Considering I was able to land on my feet after getting fired with the company talking what I hear was all kinds of borderline legal smack about me in a worst case scenario I think I could end up back where I am now or better. If it works out the gain would be huge for me both in career advancement and immediately tangible pay.
So today, for the first time, I had a recruiter contact me about a Senior position, and when I emailed them back and said "Hey bro, send me the job description so I can take a glance but I'm not sure I'm what you're looking for." because I'm really more Junior-Mid, and after I looked at the thing and told them as much they mailed me back and said "No bro the description is kind of misleading and I think you're a good fit specifically because of the minestrone soup of skills you've accumulated." So now I need to get my resume in order for the manager's perusal.
Job thread, how bad of an idea is taking a job I think I might be underqualified for?
On the one hand, I rock it, I adapt, and I have a nifty title on my resume, make lots of big decisions, and accelerate my career by 3-5 years.
On the other hand, I fuck it up, there's a newsworthy security breach, and maybe I have some trouble finding employment for a little while after that and end up back where I was before I took it at a different (same?) company.
I think I've got pretty good odds at accomplishing the former depending on how much of a team there is in the form of peers and technical management above me. In the past few years I've created a vasty network of contacts in the Silicon Valley, and worldwide security community and if I end up between a rock and a hard place with something I have no experience with or don't understand I've got lots of people to reach out to. In the past two and a half years I've gone from knowing almost nothing about what I do, never attended any industry events or met any industry people, to rubbing elbows with CEOs and being seen as competent enough to hold technical conversation with some ridiculously smart people who have been around so long they consider the events I was unaware of when I started old news and I'm about to start getting invites to more cutting edge, underground invite only events.
On the other hand horrible failure. But nobody ever accomplished anything awesome without taking some pretty big risks right?
Further details:
In addition to seeming above my paygrade the job req was tailored more to a Network Security person and I've been doing Web Application Security for the past few years-ish. Guy is telling me that is misleading because what they like about me is my AppSec abilities and that I've got NetSec skills in the past even if they're rusty. So I think maybe they thought they couldn't find an AppSec candidate for the position (highly in demand, all about being poached from one company to the next) so they were settling for a NetSec guy who could understand some AppSec. The position is with a large-ish well known car insurance company in San Francisco owned by a huge and well knowner car insurance company so they aren't small potatoes. I would need to work from an office and wear pants again I think, and I would want to relocate because I don't want to commute from San Jose and go to school (no time, commuting for five hours a day at my last job instilled a deep hatred of commutes over half an hour in length in me).
So I send him my resume because fuck it why not at least practice my interviewing skills if they really think I'm a good fit and this morning guy is asking about my salary expectations and what I am making now.
I am lead to believe through more senior friends, and THE INTERNET that I should make no less than six figures a year as a SENIOR SECURITY ENGINEER in SAN FRANCISCO. The range I seem to be getting online is between $100-150k and I think Senior AppSec people generally make even more what with all the poaching. I know at least one guy who is making $400k+ but sometimes he gets shot at. Plenty of people I know at that level make more than $200k though.
The problem with just saying that is that I currently make about $60k a year. There are a few reasons for this, and why it is out of line with my abilities anyway. I got fired from my first AppSec job after a year for something that wasn't really my fault because a sacrificial lamb was needed, the two years before that I was "freelancing" from my "home office (car)" because holy fuck the recession. Most places I was interviewing at were offering about $70-80k for people like me, but it was hard finding a place that would take a risk on someone with a tainted record like that. My current employer took me on in a sort of provisional basis, in a newly created Junior classification, even though my manager admitted that I was probably qualified enough to be a Mid-level consultant like most of my group. They are also based out of the Midwest so salaries don't always scale quite as well as they could to Bay Area cost of living. That was almost a year ago now.
I definitely don't want to accept less than $100k because:
1. Rent in San Francisco is significantly more (2-3x) than what I'm paying in San Jose.
2. I don't want to leave my current employer without a sizable reason considering the bridges it would probably burn and the lack of longevity it would instill in my resume.
3. I would be giving up a significant amount of perks for this position. Being able to work from anywhere almost any time, being able to work without office clothes, or any clothes, a large pool of talented people that are obligated to help me out if I get stuck on something, a travel coordinator and corporate rates, rental insurance, and other perks I am allowed to use for personal travel, and a company that has a 1950s level of loyalty towards their employees.
4. I would be investing a significant amount of my personal time picking up skills I haven't used in a while and learning new ones to excel at this position.
5. When I eventually leave this position I don't want to be in the same weak bargaining position I am now.
Should I just tell them that, minus 5 and parts of 3, and how do I explain why I was in such a weak bargaining position before?
Is it a terrible idea to entertain this? Considering I was able to land on my feet after getting fired with the company talking what I hear was all kinds of borderline legal smack about me in a worst case scenario I think I could end up back where I am now or better. If it works out the gain would be huge for me both in career advancement and immediately tangible pay.
0
Posts
Honestly though, just go on the interview just for the experience, then go from there. If you're happy where you are, you're working from a position of strength, as they have to REALLY woo you.
I have no illusions about living in San Francisco, it's where my girlfriend grew up, where we were living with her parents, and where we were planning on moving back to after she gets work as an iOS developer because we both love it there even though it's pricey.
I was super happy with where I am now until a couple things cropped up recently. I've got a meeting in the office tomorrow with my manager to discuss this, and some things that went wrong on a project I was on last week. If those things can be resolved (off hours scheduling that is fucking with my health because I don't physically adapt well to changes in sleeping pattern, weird expectations from a consultant above me that I do not thing line up with my manager's views about staying in my apartment to stop automated tools if they fuck up when they need to be run 24/7 to deliver on time but I'm not getting paid 24/7 and wouldn't want to because I have a life outside work) I will continue to be super happy, if not I was quietly looking for an exit strategy before this guy contacted me.
Your nut (what you're worth factoring cost of living adjustments, those bennies you have I think are worth maybe $20K or more) plus 20%. You always start by asking more than what you think they'll pay in anything other than an entry-level position. If you're flirting with 6 figures another 20K is not an unreasonable start for negotiations, esp if you don't know full costs of the switch (retirement plan, health insurance premiums, perks).
They're fishing. They want to take your salary, pad it nicely and offer you that; that is the only reason to ask you that question. You don't have to answer, but then you're "playing hardball". If you have to answer pad your salary with what you think your current benefits are worth cause that figures into the calculus.
Next time I get asked "what were you paid before" I want to answer "how much salary are you authorized to give to fill this position"?
I basically went with that. I asked for clarification on the duties of the job and what sort of team I'd be working with, underlings, peers, seniors. If the description they sent me is to be taken literally it sounds like I would be THE BOSS. As in maybe not CISO by title but definitely CISO by duties and stress levels. That shit is a C level position for a well known company in an expensive place to live. It is hard to get an idea of what people get paid to do that job because the people who have those jobs don't talk about what they're paid. $100k would definitely be low, $150k is probably low. If I'm just researching and influencing those decisions from a position of seniority with a team I work with and a boss above me that's cool too, and $100-150k seems about right, but is a hard sell coming from $60k.
I asked him how responsible I would be for the duties detailed and what sort of team I'd be working with so I could get an idea of what I should be asking for. Then I ask if he has a range he is willing to offer for this position.
Yeah but how? "I am negotiable depending on the terms of the position and associated perks."
Negotiations can work too ways, one is to make them give a number first, then you give them a counter number. However psychologically if you know the value of the position, you can get more by going first. Essentially your initial offer should be enough so that they wince (also a negotiating strategy), but not so much that they laugh at you. And that is your starting point, then when they low ball the counter offer, start coming down, but adding things on the back end.
Here is a grossley simplified negotiations setup.
let's start with 120k
They say you only made 60k at your previous job so we are offering 80k
I would be willing to go down to 110k, but I want 4 weeks of vacation and a 6 month severence package.
We don't do severence packages, but we can do 3 weeks of vacation and 90k a year.
I really am worth at least 100k a year, and the 3 month severence package is necessary to protect myself.
We can really only do 95k a year for the position, and a 2 month severence.
95k a year, and a 2 month severence... pause only with a 8k signing bonus and moving expenses covered.
Of course they may simply set a salary and refuse to budge, and you can walk away, but if they are poaching you, by all means shoot for the moon.
Being adversarial and difficult is a great way to not get the job.
Further advice is greatly appreciated. I've had jobs that weren't temp or an internship for all of two or so years and all this is new to me.
Honestly I'm flabbergasted they think I'm a good fit for the position.
Totally understood but if I am responsible for all the Information Security decisions of an entire Enterprise with a gianthuge attack surface then it is a CISO in all but name. I should definitely be asking for the upper limits of what someone who isn't a CISO but has similar aptitudes makes, and in San Francisco I am lead to believe my floor should be $150k.
Totally agree with this and it's what I'm afraid of. This would be such a jump for me just based on duties and title that it would honestly probably be worth it even if they paid me less than I'm making now because of what I could make elsewhere with it on my resume. It is honestly poor judgement on their part to consider me when I have so little proven experience but I do have a pretty unique skillset.
But they gave me a description for a different sort of candidate, told me they were looking for someone with my skillset over that with a little bit of that, and then asked me how much I want. How am I supposed to know what the position actually encompasses and what I should be asking for when the description they sent me is that shoddy? I was honest with them and it seemed to work out.
Oh man, I got that bad. It gets worse when you are regularly hanging out with people who invented core parts of the internet. I was having drinks with a guy that made a piece of malware that executes via error messages without ever touching the processor. It was fucking brilliant. Kid is 19 and just finished his Bachelor's at a fucking Ivy League school. This shit happens regularly. The Silicon Valley and my industry in particular is hell on your confidence.
I am a pretty savvy guy and it definitely seems to. They contacted me via LinkedIn initially, internal recruiter for the company, internal email address he's corresponding from now. I will not be surprised if this is a case of non-technical people misunderstanding the qualifications of technical people, but if I'm able to fake it until I make it with this it's too big an opportunity to pass up. I don't really have anything to lose.
All of the responsibilities, but non-commensurate comp. Welcome to the field. Good thing is play this well for a couple years and your opportunities are much wider when you jump ship.
IME this is a ridiculously common phenomenon, underestimating your worth cause you think the rest of the field must obviously know what you do (they don't necessarily)..
Like I said, I lost that first job for work that I did that caused problems, but were more of a problem with the practices of the company than anything that was my fault or avoidable. When I told other people about it immediately after I got fired the responses from the oldtimers were generally along the lines of "That's hilarious!" "Heh, I've done that a few times." or "You should sue for wrongful termination there's no way that was your fault."
I moved on immediately and got a new job with a significant pay increase and I'm very active in the community and well networked now. I don't think anybody thinks bad of me besides a few assholes at the last place I worked that are more interested in maintaining morale for their underpaid workers than admitting they shitcanned a guy because their policies were fucked and they needed a scapegoat and maybe they should fix that so it doesn't happen again...
The other thing I've got in the pipeline right now is Apple. Say what you like about Apple but they don't hire dummies.
It sounds to me like you're probably more qualified than you think, not necessarily based on experience, but based on being able to truly understand what you're doing, figure shit out, and get the job done, which is way too rare. Many people can only do what they've had their hands held doing 500 times in the past... and barely competently at that.
To the first part, it definitely seems like an internal recruiter from HR based on stalking, credentials, etc. I've experienced the dipshit headhunters plenty of times but they don't usually come back at me and go "NO YOU'RE RAD." when I explain why I'm probably not what they are looking for and ask if it's cool if I pass this on to somebody I know who is more along the lines of what they are looking for.
The second part, that is definitely my primary strength. I am a failed child prodigy that taught myself to read adult novels and do long division before I'd even started school. Followed that up by dropping out of highschool. Got swindled by a college offering technical degrees, did some internships while I was doing that doing a combination of bench tech, helpdesk, sysadmin, and network support duties. Tried to get a real job in the middle of the recession and ended up doing anything and everything I could for small businesses and home users on the sly, bullshitting and teaching myself how to do something if they asked me to and I didn't know already. Accidentally ended up in Web Application Security despite no real proficiency with programming languages or background as a developer and I've been teaching myself everything about the internet since then that I ignored because I didn't like it (programming, all I do is break programming now). I've also got ridiculously developed empathy and soft skills for a technical person because I realized that was a deficit for me and made it more of a focus than my technical training.
It is hard to communicate finding almost everything intuitive and being extremely adaptable though, because fucking everybody says they're adaptable on their resume. I have little doubt that I know the right places to look for information and a broad enough knowledge and experience base to draw from to thrive at a position like this, and failing that the right people to talk to that I've been sharing drinks for the past few years that I can call up that will know. I'm just completely out of my depth here because I planned to need to grind for at least a few more years to get the paper credentials and further experience to be considered for positions like this.
Even if this doesn't work out, assuming the phone interview doesn't go horribly (or happens at all) it's making me reconsider the value of a CISSP certification.
dolla
dolla
dolla
billz
y'all.