Kevin Beaver's Security Blog

Don’t expect to get paid for what you have on paper

Don’t fall into the misperception that just because you’ve earned a college degree (especially one in infosec) or the CISSP certification that money, respect, and a great job will fall right into your lap. I thought this same thing coming out of school, but as I found out, it doesn’t work that way in the real world. I hear people often say “I’ve got to to hurry up and finish my Ph.D. in information assurance so I can make more money” or “With my CISSP, I know I’ll be worth at least $15,000 more a year”. Really!?

The thing is that degrees and certifications don’t – in and of themselves – bring value to your employer. Sure, they serve as a good foundation and prove that you can learn new concepts and pass tests. But it’s everything else you do that contributes value and can help them justify paying you more money. This is where you, your drive, your tenacity, your willingness to learn new things every day, your communication skills, and your working however many hours it takes to get the job done (not the “40 hours” that many assume is all that’s needed) come into play.

If you’re going to make more money, you’ve got to contribute to your employer’s – or your client’s – bottom line. That means working quicker and smarter and focusing on the things that provide the most return at any given time during your work day. Goethe said “The things that matter most must never be at the mercy of the things that matter least.” It’s basic time management but it’s a skill and a mindset that requires revamping how you think and work. And it’s what you contribute after you’ve already done what’s expected that’s going to make you more valuable in the eye’s of your employer.

So, see how you can add value to your current job. You can always do something more or better. Maybe it’s learning how to work more efficiently by mastering a particular subject or job function. Maybe it’s not responding to each and every email the minute you receive them or not answering the phone every time it rings. Or, maybe it’s finding a job that you really like, feel dedicated to, and that makes you want to go that extra couple of miles and contribute more.

Be it analyzing security scan data, trying to penetrate a web application, writing an assessment report, or writing an article or blog post, I’ve found that if I get in and start working and vow to not be distracted by things in my control, I work so much more effectively and produce better results. Try it yourself. It’s this type of focus and work ethic added up over time that will start making you more valuable and lending credence to more $$ down the road.