How to Earn 100k in CyberSecurity (2021) | Skills, Certifications, Education, and Experience

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody it's josh here again today's video is going to be another viewer q a and this one is going to be about how to get a higher salary so today's question is from takaoda and he says so if you look back to your entire career what was the most important factor to get a higher salary like experience bigger company degree or certain skills also please include the specialized skills that raised your salary it's very difficult to get what kind of skills directly help with a higher salary there's a lot of bad info in the world and i don't know which one i should pick up since i'm still a beginner as a security analyst if i can get your honest opinion i can send you three packs of kabayaki santaro from japan immediately so this is a great question it's probably something i can talk about quite a bit so when it comes to higher salary the things that you can do that kind of increase your salary kind of like change over time it just depends on like i guess what's in demand at the time but as a in general i can come up with like a pretty decent model and a visual visualization to help kind of convey my thoughts on this so let's take a look at this really quick here so i kind of made this chart here to kind of help convey my ideas about uh how to increase your salary i don't want you to treat this chart like it's some kind of truth that's you know that i think this is completely true or something it's just more so to kind of convey an idea of things you can do to kind of increase your salary so i'll kind of talk about this in general terms and then i'll talk about how it applies to me and my career and like kind of the the quadrants that i've i've worked in here so basically when salary comes into question there's in my head there's kind of like two basic things that kind of kind of determine the salary that you can ask for or expect so like the first thing is like the demand of the job like how in demand is it if it's not in demand and like either it's not on demand or it's in demand but the field is saturated then you'll be somewhere like in this um like for example like tier one sock of course this there's a lot of positions for this but there's a lot of people that can apply for it and that can work for it and they can do this job so the demand is is lower because the field is saturated like same with helpdesk there's a million help desk jobs and it's really needed but because there's so many people that can fulfill those roles or whatever i wouldn't say that it's that in demand basically if if something is kind of low demand and like low complexity of course you can kind of expect the salary to like a little be a little bit lower and then for the same things that are like in more demand right either they're in demand but they're not very complex or they're like relatively complex but the demand is maybe it's not quite there then you know of course you can kind of expect the salary to be a little bit higher like not like through the roof like over 200k or something like this but you can expect it to be like a little bit higher right it just makes sense and again i'm not really saying that like oh like exploit development is not on demand it's it's only hard like i'm not saying that this chart is just to kind of give you an idea of um it's like a quadrant to kind of just a demand complexity quadrant so you can get an idea right of what kind of salary that you can expect and of course like things that are like really high in demand and that are really hard to do either like really technically difficult to do or they're like really difficult to do in general from a management like orchestration perspective like they're really difficult and they're really in demand you can expect to get like a pretty decent amount of money for these things so for example like i have ciso in here this stands for like chief information security officer um you need to you need to be for a lack of better word like really good at security and you also have to be like really decent at business and you have to be really good at communicating with people and like building relationships and tying people together and you have to be really good at dealing with people's crap it's just like a really difficult job and if you're like new to security and you're like i want to be a c so like i don't know like are you sure about that but it's it's a really difficult job right it takes a special type of person to be able to do this because like the people that who can do this like they probably don't want they probably like most of them like don't want to do it it takes a special person to do it and then i have application security engineer here because it's kind of a cross-section between like two pretty difficult um disciplines like you have to be really really good at security and it kind of crosses into the um like computer science realm as well so as a you know computer science major or like a software engineer you already get like a decent amount of money and as a professional security person you already get a decent amount of money and if you can kind of find a person that like fits both of those things they're like a really good security professional and they have some like software engineering background and you can put them together that that person is going to end up getting you know a lot of money right um it's it's possible to like get over this is like one of the the technical rules where you can get like over 200k um if you work in the in the right place 200k based salary by the way and i put pantastro up here too with an asterisk next to it because pen testing to be a really good pen to pen tester is like quite hard because it's really broad as some of you might know um there's a lot of different like skills and disciplines that you have to be like really good at to be an effective pen tester and also you have to like keep up to date and it can get really difficult there's a lot of like a large spectrum of things you have to be good at and i put a star next to it because it it only belongs in this upper right quadrant if you're if you're a good pentester because like everyone can be a pet tester like i can be a pentester like you can be a pentester but we're not necessarily like good ones right like maybe i'm like really bad at like binary exploitation or i can't code or something maybe i can only use like nessus and metasploit or something i can pen test with that but it's just not going to be that good so the those asterisk here because good pen tests you're right good one like either you can like run your own firm like the cyber mentor does i'm sure he does like really well or you can work you can work for like you know coal fires one of those big pen testing organizations and if you're a good one you can you make quite a bit of money so in terms of myself and my career like kind of where i fall into this quadrant um i originally didn't work in security right like i worked in it so i developed a lot of technical skills in my it career specifically like system center configuration manager and powershell i was i was pretty decent at powershell um i've written quite a bit of code like for my normal job so i'm pretty i'm pretty okay at writing code i did some of it in school as well so i kind of took that into the security world and i got pretty like okay at the basics of security like you know security plus and like cissp level knowledge and then i i kind of just let myself go with the flow in terms of like getting a job in security and because i did that of course i got i got sucked into this demand side because i didn't really focus and target like where i wanted to go in security i just kind of like let people like pick me up and like offer me roles so naturally i got sucked into this demand side because there was a high demand that i got sucked into here and my my first um my first security my first actual security job was a security analyst position this is like a really lofty position you can do like a lot of things in here but my first security hours position i was just because i had like a lot of technical background they just hired me and like threw me to these like tools to manage like i managed our first point to data loss prevention system like i managed our sim which we use logarithm and i managed like our web proxy firewall like kind of a url filtering like system it was it was part of forcepoint as well the position it was in demand and it paid like pretty decently that position was like 97k or so um it was pretty fun because it was kind of technical and kind of like kind of had to deal with people a little bit too and my my next security role was a security engineer um this position sucked quite a bit i imagine it was in demand because like people don't want to do it or something i don't know it wasn't really that technical like it required some technical skills but it wasn't really that technical i basically just did like security review security reviews for projects and like reviewed systems was a pigeon like hovering outside my window oh my god um i just did security reviews for projects um it was really boring a lot of meetings and a lot of paperwork it really it really sucked i didn't like it it like sucked and i quit i quit after like eight or nine months or something like this and then again i got kind of sucked into like another high demand kind of another high demand job which is program management which i never thought i would be in program management by the way it's like not something i really care about but because it's in high demand people just like offer jobs to me like like recruiter spam or something like this so the next one was like the program management management job at microsoft i was just again like writing documentation for azure um like security documentation like how to apply cis top 20 controls to azure services this job was all right but it was still like kind of program management and like a lot of like human uh dealing with like humans and stuff that like security technical people like probably don't really want to do which is probably why it's in demand um so that was pretty decent um but i again program management is like kind of eh and then the the job after this was another program management job again in in the demand quadrant because i didn't go out and like look for a lot of these jobs like a lot of them just like kind of like fell onto my lap because they're they're high demand right now it's just like okay and the next program management job i had it's like a vulnerability vulnerability management program manager again just managing the organization's vulnerabilities like helping to remediate and discover them and all that stuff and all these jobs range from like 97k to 130k and i feel like um kind of before you start getting into this like high demand very difficult thing like depending on where you live like maybe like 130 140 k is like kind of the cap until you start getting into like this this quadrant here so i guess some kind of advice i would give if you if you really want to maximize your salary in terms of like skills and in that type of thing it just kind of depends on on what you want to do right if you want to be like more technical you should really like embrace computer science a lot and like coding and programming and like automation and scripting you should like really embrace that because a lot of people um in technology and even like some security people that are like scared of coding for some reason so it's really good for you to get really good at stuff that other people don't want to do right because it's gonna it's gonna make your your salary higher if you're good at stuff that people can't do or they don't want to do you're you're naturally you're just going to become more valuable right um i'll just work on like all this stuff in this hard complex difficulty quadrant all this requires like a really decent level of coding like this binary exploitation um it requires you know a relatively um intimate knowledge of like whatever operating system you're working in and then possibly the ability to write shell code and use assembly language and all that malware analysis for sure this is going to be assembly um you need to be like decent at assembly language which it's really obscure and it there's quite a learning curve if you've never seen it before so for example like um this is what hello world looks like in assembly it's hard it's it's pretty hard i i mean like once you get used to it you know like anything it's not as bad but it's like one of those things that are really obscure to humans like we can't really it's not intuitive i guess that's what i'm trying to say then same for this exploit development requires a pretty decent um knowledge of the os you're working on and then of course you know some kind of shell coding and probably some knowledge of assembly as well all that stuff is like it's really hard i would say it's not really intuitive for humans and there's a lot of different stuff you have to learn before it even starts to make sense so if you can get like you know really good at this stuff and like kind of fulfill one of these like high demand roles like you can maybe slide into like appstack engineer or an actual good pen tester who has like a wide range of skills from like general active directory pen testing but at the same time you can do like exploit development and like binary exploitation too and you can make a lot of coins that way i suppose so if i were to like summarize all this um just be cognizant of like what's in demand and then be cognizant of like what are the skills relevant to security that are that are really difficult or that people like don't want to do and just kind of focus on those i would say in addition to the kind of quadro we're looking at there's like a couple other things you can do to kind of help increase your ability to make a lot of money so like the first thing would be credentials like depending on where you want to work right if you want to be a pen tester you know i would go ahead and get like oscp or those uh relevant elearn security certificates especially when you're just getting into the field it will it will help you at least step your foot into the door like where you want to work so just consider like which certifications you want to get for like what you want to do there's some like really boring uh like compliance certifications out there too probably but i think i don't care about those and i don't really know about them so if you want to be an auditor maybe there's like some sis uh sort of that you can get to be an auditor like cism or something like this but um just get like the relevant search for like where you want to make a lot of money right so credentials and certs are one i mean degrees too those help too um whatever you can do to like increase your chances of getting the job you want without spending too much uh time to do it like if there's a really nasty like opportunity cost you know just weigh that out it just depends on you how much time you want to spend doing those things but then definitely credentials uh is is one thing i also want to add to that really quick um you tend to get paid more to do things that people don't want to do and you also tend to get paid more the more you have to like interface with people or like orchestrate the actions of other humans if that makes sense so what i'm what i mean by that is if you're like a like some kind of person who manages other people like you manage a team it's generally hard to do that and i don't know if people don't like doing it but that that people in that position tend to get more money so if you're okay with doing stuff that you know most people don't want to do or and you're okay with like managing other humans that that tends to increase your your salary quite a bit and it can go up quite a lot if you're if you're also very technical at the same time because people who are like really technical they then they tend to not want to really manage other people so if you can companies can find someone who can do both they're like really technical and they're okay with managing humans that those type of people tend to end up getting a lot of money the second thing you can do is make sure to develop a lot of skill in that area of course if you can be really good at something that's in demand or really good at something that's difficult to do of course you're going to be more valuable and again i've talked about this a lot in my channel but um if if you want to get into for example pen testing but you've never had a pen testing job you can still develop your skill in pen testing right like if you get like for example oscp of course you have to practice pen testing a lot and you have to like pop all those boxes in the labs right so you can do a lot of stuff to kind of increase your skill before you even like get into that job role like you can practice on vulnerable hack the box or do like capture the flag exercises there's like a whole bunch of stuff that you can do i would i would um recommend looking at john hammond's channel he has a lot of cool stuff he he does like a lot of uh exploitation like pen testing and cool stuff and you'll probably get some ideas uh if you if you watch him so for sure develop some kind of um experience and skill for yourself that will that will help increase your chances oh and also you have to quantify that somehow too so make sure your resume is like pretty good don't just write like pen testing on it like write out like exactly like what you did what you do and like how you do it and like what you used and maybe even publish like a blog post or create some content like this or something some way to like quantify your your claims on your resume right that will go a long way and another thing you can do is try to not be complacent and don't really be um satisfied with one job like i i don't like staying at a job for more than a year to be honest that's really aggressive so i feel kind of uncomfortable being like yeah jump like change your job after a year but you probably take this with a grain of salt but you probably shouldn't stay at one job for like more than two years if you're really trying to increase your salary quickly like i i job hop a lot and my i haven't really focused on salary like i haven't really cared but i job a lot my salary like went up a lot anyway like check out this video there's like a period where i worked the same job for like seven years or something and you can tell by looking at the graph that my salary like didn't really like increase that much when i stayed at that job but when i started job hopping i was like it was like bouncing everywhere and it like went right way up so consider that don't stay at the same job for too long it's it's not really good your salary will go up but it will be like really slow and then you you also don't really get a lot of exposure either when you job hop you kind of get exposure to new environments and you're forced to learn new things and it just makes you like really skilled as long as you try and put effort um so yeah job helping and um not too fast but just you know be cognizant of it right and as far as company size goes um asked about company size i i don't really think it matters that much i guess working for a massive company who's like really successful like microsoft or something or google like you can get that that salary in terms of like rsu's or like stock or whatever they're they're willing to give like quite a bit uh total compensation so i guess i guess it kind of matters um but at the same time i mean you can work for a small firm say say you're like a small like pen testing firm and they they're like really good and they just pay you a fast salary because you're like a good pen tester i guess it doesn't really matter that much i guess um that's a good question i don't really have a good answer for it it just depends i suppose i want to focus on the company too much to be honest i almost don't care about the company that's like the last thing i really care about unless it's like a company i hate like well i don't want to get demonetized but yeah company i don't think it matters that much it's kind of up to your discretion if there's like a small company and they offer you like a fast salary like you know that's that's dope just take it um but for sure these like rich companies like the fangs and microsoft like they'll they'll potentially give you a lot of money yeah that's pretty much all i had to say for this this one um i hope was interesting again if anyone if you disagree or you want to add something or if you feel like i left something out and you just want to you know correct me on that or call me out definitely do so in the comments i really appreciate it i like when people comment and we get like a cool dialogue going i try to respond to everybody um so yeah if you like this video please consider liking and subscribing if you have any questions of your own go ahead and ask in the comments and we will see you next time see you later wow yukimeong
Info
Channel: Josh Madakor
Views: 6,573
Rating: undefined out of 5
Keywords: The Cyber Mentor, I.T. Career Questions, Linus Tech Tips, white hat hacking, ethical hacking, cybersecurity, john hammond, how to negotiate a higher salary, salary negotiation, how to negotiate for a higher salary, how to maximize your salary, how to get a higher salary in cyber security, cyber security salaries, cyber security, information security, infosec, highest paying cybersecurity jobs, highest paying certifications, cyber security certification, CISSP, how to make 100k
Id: ELokl6o803k
Channel Id: undefined
Length: 16min 59sec (1019 seconds)
Published: Sun Feb 14 2021
Related Videos
How to Get Into Cybersecurity with No Experience
Gerald Auger, PhD - Simply Cyber
180K
Top 5 Network Engineer Skills That Will Make You 100k
Du’An Lightfoot
84K
How to get into Cybersecurity with NO Experience - The Ultimate Guide
Josh Madakor
481K
Cybersecurity Expert Demonstrates How Hackers Easily Gain Access To Sensitive Information
Dr. Phil
3M
Is a Cyber Security Degree Worth it? (My Tips)
Colin Kelly
193K
Is Western Governors University A SCAM? | WGU Review
Cyber Advent
5.2K
How to Get Into Cyber Security as a Beginner: Take These Steps to Start Your Cyber Security Career
Sandra - Tech & Lifestyle
69K
What does a Cybersecurity Analyst Do? Salaries, Skills & Job Outlook
Nicole Enesse - Upskill To Cybersecurity
206K
How to make $100,000 a month in Cybersecurity - Informal Chat w. @TCMSecurityAcademy
Cristi Vlad
18K
IS CISSP WORTH IT? (2021) | CISSP Salary Explained and Reasons to get Certified (or not)
Josh Madakor
19K
The $800k 25 Year Old Tech Guy! (Cybersecurity)
Tech Is The New Black
178K
Air force Tech school: What to expect at Keesler & Cyber school, how to survive tech school
Zaneika
29K
Is CompTIA Security+ Really Necessary? [$500 Giveaway]
Josh Madakor
13K
The Cybersecurity Salary Myth
Grant Collins
232K
How To Prepare For Your Cybersecurity Career | Google Cybersecurity Certificate
Google Career Certificates
21K
WGU Computer Science Degree - 2 MONTH SPEED RUN | Most Efficient Online CS Degree
Josh Madakor
71K
TOP 5 Cyber Security Projects to go on Your Resume!
Josh Madakor
114K
How to Get Into Silicon Valley’s $600 Billion Startup School | The Circuit with Emily Chang
Bloomberg Originals
2.7K
WGU Cybersecurity Degree Review (Updated - 2023)
Kit - WGU Cybersecurity
1.8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.