As more job descriptions are including pay range, you as a job seeker need to understand how those ranges actually work.
You might look at a range of $110K-155K and say, well I'll take $155K thanks! However, that might not always be the right approach.
1/
Unfortunately, most orgs only train managers (and sometimes not even them) on how these ranges work. Typically, there is a high, low, and midpoint.
The high-level goal is to bring people who are below the mid-point for a role, up to that mid-point.
2/
This happens through good performance appraisals that drive good raises and up they float. For those who've now moved beyond the mid-point, that's a sign to their leader that they should be about ready for next level up (i.e. a promotion), so those conversations start.
3/
An issue that happens is when you have an employee who is at the top of their range but is not qualified for or willing to move into that next level role. This is very undesirable as an employee as much as it is undesirable to the employer, so avoiding it is also a goal.
4/
So back to the example, if you're looking at a role don't immediately assume you should be making the top of the range. That would bring you into a bad situation and the employer will likely be resistant. You want to have room to get raises in your current role.
5/
However, I'm not suggesting that you take less than what you need and are worth. So if your salary requirements are $155K, then looking at a role that tops out at that mark is probably not right for you and you should be looking for a higher paying role.
6/
It's ok to come in above the mid-point, but just be aware, due to what I've discussed here, they're going to expect you to check more of the boxes on the JD and expect you to be more of an immediate performer than had you come in lower. You'll have less of a ramp-up period.
7/
So of course there's caveats to all of this, promotions can happen before you reach your mid-point, some people are content just staying at the top of the range and never moving up, etc.
Also, I'll reiterate, I'm not saying this to suggest that you should ask for less.
8/
What I am telling you is that if you're already at the top of the range for a particular job, it's probably not the job for you. Either you're over-qualified or they're coming in below market value for the role. Either way, look elsewhere and go get paid what you deserve.
/FIN
• • •
Missing some Tweet in this thread? You can try to
force a refresh
One of the worst habits we have in security is speaking in absolutes. Saying things like "Unhackable", "Breachproof", "Fully Secure", "No Risk". They're simply untrue.
But this also includes when we talk about skillsets. There are no absolutes.
1/
So when someone says, "You must know x, y, z" or "You have to do a, b, c" to get a certain job (or any job) in security, you can simply toss out those absolutes in with all the other fallacious absolutisms that security people throw around. Simply ignore them.
2/
The reality is we need people of all different skillsets, all different backgrounds, and with all different perspectives in order to be successful. Security is about problem solving and problem solving is strongest when different viewpoints collaborate.
3/
The technical interview is one of the most contentious aspects of the recruiting process IMHO. Hiring managers and orgs don't always handle it well and candidates get beat up with anxiety from the process. So how do we make it better?
1/
When I interviewed for my role at @Snyksec, I thought I bombed my tech interview. Benji asked me a couple questions about concepts I had never heard of before.
I admitted I didn't know the answer, but then shared a bit of logical deduction based on the terms as to what
2/
I thought they may mean. I was sure I had really messed up. However, I got an offer and shortly after I started I found out he thought I did very well and actually had recommended hiring me based off the interview. He told me he liked how I thought about things and that I was
3/
So I really want @ECCouncil to understand the damage they've done (a thread):
1. People who proudly achieved certifications are now disavowing and not renewing those certifications because of the shady practices of the org that provided those certs. All that hard work, lost.
2. People who won awards from your org are now renouncing those awards because they don't want to be associated with the practices of a company like @ECCouncil. These were accomplishments they should be able to be proud of that you've ruined.
3. Organizations and universities who've built educational programs and partnerships are being forced to review and potentially change their entire approach because they can't count on the integrity of @ECCouncil's materials.
So I want to make clear just how trivial it was to find repeated cases of plagiarism in the EC-Council blogs. All it took was going to recent blogs, finding a few key terms in the content and then Googling for those terms. Literally that's it. #ECCPlagiarism
1/
With less than 30 minutes of work, I was able to easily locate the original works that were leveraged to craft two of their blogs. That time included verifying the content matched, taking screen shots, confirming the blog was cached at archive.org and posting
2/
the details.
So consider this as you hear @ECCOUNCIL claiming that they tried to prevent plagiarism. No more than 5-10 minutes of human effort per blog and they could have avoided this mess. One has to question, since they didn't, did they really even care?
3/
OK my last tweet (ok a thread) on the whole EC-Council fiasco for the night. They've shut down their blog and someone already congratulated me.
Let me be clear, I am not happy and I am not celebrating. This is not a win. There are only losers here. EC-Council loses for
1/
the obvious reasons.
However, our community loses as well. This whole thing sows distrust between practitioners and all of the educational and certification orgs we place our trust in.
Content creators lose as we realize we have to take exceptional measures to protect
2/
our works and their copyrights.
Ultimately, I hate this whole thing. I hate that it has robbed us all of so much. I hate that the effort I put into helping EC-Council in April turned out to be a waste.
I don't know where this is headed next, but no, I am not celebrating
/3