3 minute read
Cyber is not your get-rich-quick option
Cyber Enthusiast, Ethical Hacker, Author of A hacker I am vol1 & vol2, Male Champion of Change, Special Recognition award winner at 2021 Australian Women in Security Awards
COLUMN
I want to air some dirty laundry, something that has been bugging me for the last 12 months or more. As most of you would be aware, salaries—or should I say “expected” salaries—for people in the industry are becoming unsustainable long term. We have people with one or two years experience asking for salaries of $150k plus, and those with three to five years experience or more wanting salaries in excess of $200K.
These rates leave government agencies out of the game. They can pay nowhere near those salaries except through external contracting (a different discussion). Enterprise customers could, in some instances, afford such salaries, but would be forced to reduce team sizes because of the increased cost.
I do not have a problem paying people what they are worth. Experienced cybersecurity people have earned the right to be paid well. I think we could all agree that individuals who have been in ICT or cybersecurity for 10-plus years, who have been in the trenches when things got hot, who can walk through fire and come out the other side stronger deserve to be paid a premium. That is not the issue here.
What I take issue with is people wanting to come into the industry, wanting to get a start but wanting a top salary immediately. Cybersecurity is not a get-richquick scheme, a pathway to living it up, driving fancy cars and wearing flashy clothes. If that is what you want, cybersecurity is not for you. Yes, cybersecurity can pay well—very well—but if you are to survive in this industry you will need drive: a purpose that is far deeper than money.
Money is nice. We all need it to feed our families and keep a roof over our heads, but cybersecurity is not an easy career. You will be pushed to your limits and then pushed beyond them. You will need to learn every day just to keep up with the malicious actors who want to find the one thing you or your colleagues missed and is all they need to win. So, you need to be always trying to improve, to be a better version of yourself each day. Yes, you will fail, probably more than once, but you will need to get back up and keep fighting the good fight.
If you do not have a thirst for knowledge or the personal drive and are in it only for the money you will not be a member of the industry for long, or will certainly come out the other end worse for wear.
It is clear the industry needs more experienced people. The level of need is debatable, but we need to eliminate unrealistic expectations. We need to find people who want more than a pay cheque and then help them be our next generation of cybersecurity superstars. We need to bring them in, pay them while they learn and help them build the foundations we need them to have.
Take a reality check, right here. If you have no experience in cybersecurity beyond theoretical studies do not ask for a salary you have not earned. Go in hungry to learn and with the drive to succeed and you will be recognised and paid fairly. If you want a get-rich-quick option, play the lotto, trade crypto, become a movie star or do whatever you think will get you there. If you want a career that is difficult but extremely rewarding (albeit a little thankless sometimes) then you have come to the right place.
See you in the trenches.
www.linkedin.com/in/craig-ford-cybersecurity
www.amazon.com/Craig-Ford/e/B07XNMMV8R
www.facebook.com/AHackerIam
twitter.com/CraigFord_Cyber
CAREER PERSPECTIVES
