Know Your Worth – Are You Earning Enough And How To Progress Your Career

Thanks well there aren't that many of you in here but I think that means that you guys get a bit of a head start on everybody else who doesn't know what they should be earning and it's really hard to know right people don't advertise salaries on jobs anymore you're unlikely to ask your colleagues unless you know them that well and if you've got a HR team wherever you are generally they use these really either outdated models for looking at cybersecurity people are earning or they're using something that's really generic for tech or they're using something that's for consulting firms and there isn't really targeted at cyber people in general what we're seeing is how much salaries are increasing you on

here which I'll come on to in a minute so I thought I'd go straight in with the actual detail that you'll want to see so these are roles by by various levels kind of so they're quite general and there's a big band at a lot of those levels the top end of those levels generally would be quite London centric but what we're seeing is obviously with the rise of home working and remote working that those salaries aren't necessarily restricted to like London or South East locations companies are regionalizing a little bit more as well and then you find that actually you compete for talent it's far easier to find a security person in London than it

is out here in Wales so companies are having to compete a little bit more on salary than you otherwise might think what's also quite interesting about some of these bandings is you don't actually need very much experience to be earning quite good money to be able to come into security with a year and being paid thirty five thousand pounds far above the national average it's not bad there aren't many careers where you can actually jump in with a salary at that sort of level and particularly if you're getting too see so level if that's something you do aspire to salaries go way above that sort of 450 half a million pound mark even in the UK so we do a lot of work in

the US and we see people sort of earning a million dollar basics two million in some cases but you're starting to see that in the UK as well so cyber is kind of a career where you can pretty well if you're looking at slightly more specialist roles and these are roles where over the last year or so we've seen massive salary growth in these levels so at the top there if you're if you're coming into security maybe you start off in a sock you can you can be earning probably even actually now these days slightly higher than that top end of 55 with just a few years experience penetration test is the the salary is

very hugely it really depends on qualifications and the benefits there are generally quite good if that's a career that you're thinking about you guys will get job offers within one to two weeks probably multiple job offers you can almost name your price in a role like that at the moment we've seen as you would expect with GDP our last year massive increase in salaries for data protection managers you know three years ago you probably couldn't much more than 50 55 as a day to protect your manager sort of now you're hitting 150 plus we've seen a big increase in the amount of instant response roles as well so you can get some really interesting roles

and very interesting career paths of his companies in instant response at the moment and the the bottom levels the cyber awareness roles they're relatively new they probably didn't exist a couple of years ago and now companies are really fighting quite hard to attract those people what we're seeing is where you want to train your people you want to make them aware of the risks everyone's talking about people processes and technology and people being the most important part so companies are really throwing money at behind cyber awareness so if you feel like taking a little break from some of the more technical aspects kinghorn go with the business then there are some really interesting rolls with

some really good salaries there so dementia salaries are jumping significantly so if you're looking at what you're earning sort of 2019 versus 2017 the increases are really big and there's a national average salaries have increased by two percent over the last two years salaries for cyber security are increasing up to 40 percent across the same time period for for certain roles and when if I was comparing it to 2015 sort of 2015 to 2017 we were seeing increases of 25-30 percent for some roles so over just a period of four years salaries have jumped massively in cyber and that probably doesn't surprise any of you you know we know there's a lot of job vacancies we know people are

in demand but I think it's when you start really looking at those numbers like 40 percent versus 2% as a national average that's a really really big difference what does get quite interesting is when you come into bonus so you're laughing it's it's not surprising I was really shocked to see those numbers so when you're getting job offers most companies offer you 20% probably more as a bonus but they're not paying that they're the vast majority of people at less than 5% as a bonus you've got a very few people sort of out earning over that 20% level which a lot of companies are promising so if you're looking at a job offer or you're getting

sold particularly hard on a benefits package you really need to be asking that company great what did you pay out last year what did you pay out the year before because it's not enough to say that that's part of your package you really need to understand how achievable that is and I think that would that certainly shocked me and most of my team because no company tells a candidate that their bonus will be 5% or less so it's really important I think to make everybody aware of that on what you can actually do about it so these numbers also really shocked me so we do research every year so our salary surveys out at the moment if you want to go and take it

and the difference between people who stayed and people who left is huge so if you stayed with your company last year 36% of you got no salary increase whatsoever whereas if you moved 39% got an increase of 25% or above so the difference between staying put and moving is really different that's great for me so everybody wants to move come talk to me and you know move every year that works for me but it's a really big difference and actually you don't want to move every year right you might like where you work you might like the people that you work with you might want to see you might want to build your career where you are

but taking those numbers to your manager your directors your HR team they're quite compelling numbers for what difference you can achieve by moving away from your current company and as I've said companies are desperate for people any of you are working in companies now probably have gaps in your team it's probably taking you weeks if not months to find the right person so for you to then find those people and lose them really quickly because you're not keeping up with your competitors it hurts you makes you less secure makes everybody else work harder more likely to leave more miserable and those numbers are really quite different so from what we've been doing this research over a period of five years and this is

the year where we've seen the biggest difference between people staying and people leaving so people really are sort of looking at those numbers what can I learn externally why am I being constrained by you know the businesses policy that we don't give pay rises above 2% or 5% in when actually I can go work for somebody just as good doing just as interesting work and get paid a hell of a lot more for it so we also ask people when we do this why they move the majority people move for career progression so it's not all about money and I get that for a lot of you you're probably really passionate about this it's probably something

you've been doing you probably do projects in your spare time and actually having that career progression someone who's going to invest in you can be much more important than am i being paid the right amount can I move for an extra few thousand pounds but not get the the input and the investment in me personally so most people want to move for career progression and that's until we compared men and women so this year we surveyed women separately the vast majority of women say flexible working is important to them and that's the number one reason for changing jobs so there's a real big push for diversity people want to attract more women into their teams I could probably talk for a

whole other half hour on what women get paid in the difference it's more by the way quite a lot more so but companies our companies are really trying to attract women to their teams and what they're doing is they are paying them more so they will pay women with less experience anywhere up to 30% then they'll pay a man with more experience or more qualifications because they want to put that diversity into their team women get job offers quicker and they get more job offers than men get but companies are competing on the wrong thing women don't care as much about money as the the men do they care about being able to work flexibly have home

working and have a different work/life balance so if that is something that you're thinking about for your own team then sort of understanding that having a different policy for for home working could make a big difference to how you attract people is really important

so if you're a schism well how do I go and get all that that extra money and you know it's hard to know what who's paying what the number one thing you can do if you want to progress your career if you want that new opportunity is to network so events like today a perfect if you meet sort of three or four people today then you've increased your network with people who actually understand that you're passionate about what you do that you know what you're talking about and most of those jobs come through to people via their network so particularly if you want to take an interim role you want to do contract work the vast

majority of those roles go to people that they already know most of those jobs don't ever get advertised they don't ever go through to a hey char team or to someone like me they literally call up someone they know someone maybe they've met and ask them what their what they're doing so having a really strong network is really really important and how you keep in touch with those people is important as well it's obviously never been easier to follow up with somebody off for an event just on LinkedIn or whatever else you want to you want to use and to stay in touch with that person so that when you do want to move you've got a network of

people that might want to hire you you also need to understand what your what your skills are and by that I mean your soft skills so if you are sitting there thinking it's not one day I really do want to be a see so well do you have the skills to do that job not just the technical knowledge as you move up the salary bandings the most important thing is your your social skills your ability to communicate something very technical to somebody in the business who doesn't understand really what you're talking about who maybe doesn't care about how it all comes together they just want to know what's my risk what does it cost me

and have you got this in hand so actually understanding if you've got the skills to do that can be really really important and if not then looking at ways you can go and get them and then understanding what that career path looks for it looks like as well so security to everybody who's not in a room like this is this really niche area of the business whenever I tell someone I do recruitment for cyber hello that's me sure but it's not right there's hundreds of different jobs so many different career paths that you can go down you don't even need to be technical for a lot of the jobs that you can do within cyber you know there's

more jobs in marketing or awareness sales than ever before and that's something that people don't necessarily realize or get access to either so actually looking at what jobs exist outside of the current company that you're in could really open up some some doors on what you need to need to do or what you might be interested in an understanding then how that gets you to where you want to be so if you want to get into incident response how do you move up from there from from your sock or if you want to get into architecture what else do you need to understand what roles do most CEOs do before they become a CSO so actually trying to look for

that information talk to people like me we do it all for free if you're if you're looking at jobs or if you just want advice and we come with quite a lot of knowledge about what jobs are out there and what they look like and what you need to do and what people are hiring so there's lots of information lots of people you can talk to to get that information if it isn't necessarily obvious to begin with and then if you're if you have a team already so some of you in here might have a team and if you can't just throw money at people because companies don't let you then actually worrying about how you retain those

people can be it can be a big thing and there's lots of different things that you can do that don't just involve paying people more I think it's really important that you look at what you are paying a team and are you paying them enough and is that the market rate but also consider what's important to people so if we go back a couple of slides knowing that you've got career progression is the number one people reason people leave their jobs so think about how you as a company can give people that career progression a lot of people have passion projects that they want to work on what we see time and time again when we're trying to

headhunt people and entice them out of their current company is they're saying well actually do you know what these guys they make me do some boring reports most of the time but half a day a week I get to go try and break stuff that is really interesting to me and I get to work on some really interesting projects and I think if I leave here I wouldn't necessarily get that opportunity somewhere else so it's not worth the money for me to leave and not be as interested or as entertained so think about how much time you can give somebody to work on projects that are actually important to them a lot of the the stuff that's happening the the

threats that are out there they're they're new and they're innovative so if you're not allowing your cyber team to innovate internally then you're actually making yourself less secure anyway the other reason we see people wanting to leave or not taking job offers that they're getting is they don't feel that security is being taken seriously by the business how many people have you spoken to where they say they haven't got the investment that they wanted or they've had to fight really hard for investment and it's not happening as badly as it did five or ten years ago where companies really didn't want to pay for security but it is it is happening now where companies have put a lot of money

into it and they're starting to wonder where that return is or where the senior leadership doesn't really understand security that it really understand the risk and therefore you're not getting the investment into the people that you need or you're not getting tire the people that you want so having having security taken seriously by the business is really important if you're thinking about whether or not you move it's something you might want to ask as well you know what's what's the investment how much of budgets increased by how much backing do we actually have as a security team and that comes down to your leadership so it's not unique to cyber that people leave jobs because they hate their boss

or they hate the people that they work with but it is a massive difference if you've got a C so that's one awards or that's really known for understanding their their technical staff versus somebody that's come for a risk or a business root those people get a lot more buy-in from the people that they want to hire so actually looking at who you're going to be working for and making sure you've got the right people in at the top can make a big difference to how you retain that team as well and then look at what companies offer for career progression and if you are thinking about how you retain your team you know what do you offer for career

progression is there an obvious route and if there is to you is it obvious to everybody else in your team so career progression and progressing yourselves obviously there's a lot you can do individually but your company should be supporting you in that as well there's a lot of talk in the industry at the moment about how career paths aren't necessarily obvious and companies can make a massive difference to that by helping you make understand what that path looks like so that's probably in terms of what you should be getting paid and what you can do about it does anyone have any questions that they want me to go over on any of that yeah

[Music]

[Music]

okay so is there a bubble in cyber you know we're not getting paid we're getting paid more maybe than other tech roles and are we gonna see a correction or a crash in what that looks like five years ago I was saying that to everybody the worked with me I was like look guys this isn't gonna last you know where you just got to ride this world while it's happening and I started my career doing business continuity recruitment where we saw something really similar and now you know how many business continuity jobs are there there's very very few but it hasn't happened yet so I feel like maybe I was wrong those those few years ago

and when we're seeing you know however many you know three million unfilled jobs by 2021 or whatever the numbers are I'm not sure that we are about to see that correction and if we are then yeah definitely fingers crossed for me to write but if we are I think it's a few years off I don't I don't see it coming straight away so yeah did you have one so yeah okay come up with something else quickly come on yeah yes sorry so is the three million figure inflated or is it is it accurate if I remembered it correctly and he will actually kill me if I haven't that's come from a guy called Stephen cybersecurity ventures and the

amount of work they put into their research is extensive so I do kind of trust that figure

[Music]

yes is there a shortage or is there a barrier to getting into it there are there is definitely a shortage I could not fill every single job that I have opened to me right now but there are also barriers and there's barriers on both sides companies think they can't find people because they're not looking in the right places and people that are trying to get into this have no idea where to start the amount of people I talked to who are graduating or doing courses and they're like it's so hard to get a job it's so not hard to get a job people are desperate for you and people are desperate for people at your level

so it's really that that kind of conversation and that link doesn't exist so I think you're right I think there is a bit of a barrier did you have one so is it is that larger company date or is smaller companies innovating a bit of both so I would say that applies to large and small companies and what I get told a lot by people is I'll go work for a small company but I want equity I want a really massive share scheme or a really big bonus or whatever and a few years ago that happened it's not really happening now but small companies are struggling because they're having to keep up with these salaries but they

also need to compete on price so there is definitely a little problem for the the smaller companies who are having to be more innovative and what they offer and that's where we see those companies offering home working flexy working in the ways that you're much larger companies don't yeah

[Music]

[Music]

yeah yeah so I I have to summarize your questions for the tape so yes essentially you know moving too often raises red flags for you in terms of those with that retention and you need to go tell people what you want to do to be able to get the opportunities do you know it's a really interesting point because when I started doing all these surveys I thought the same thing that actually if you're moving every year maybe you can do that once or twice and then people will stop hiring you and in a lot of other career paths if you've moved every year or 18 months people don't want to look at you and we haven't

seen that correction yet yeah

[Music] [Applause] [Music]

[Music]

yeah it is really important to get that that dialogue and you're right it's not just down to you guys to go ask your team you know what do you want to do what's your next career move they do need to come to you if they're if they're at a point where they're going to go externally and look for other jobs and go through all the effort that that entails it's far less effort to come talk to you and say I want to do this what can you offer me I've got two minutes should we go it yeah so essentially our company's expecting more for their money if anything no they're probably getting yeah so actually when

you look back at the data companies are paying more for people with less experience but I think I'm being told to wrap it up so I will hang around if you want to come and ask me questions but thank you very much