The Security Salary Reality

The critical dos, and some definite don'ts, for negotiating a great compensation package.

Money. Everybody wants more of it. And the time you're in the best position to make more of it—unless you discover a way to start flipping condos in Newport Beach—is when you take a new job.

But negotiating compensation is not for the meek or the egomaniacal. Ask for too little and you'll sell yourself short and feel resentful later; demand too much and you can strain your relationship with your future employer or even lose out on the job. To help you navigate the security salary negotiation terrain, we talked with human resources experts, executive recruiters (who broker salary negotiations) and your peers, and gathered these surefire ways to either make or break the deal.

DO know the ins and outs of how HR approaches "comp."

Every job position in a company has a salary range. People with less experience at a job are placed on the lower end of the scale; people with more experience are placed on the higher end. According to compensation expert Stephen Walker of the Foushee Group, companies base these ranges both on how they value a given job compared to other jobs within the company (called whole job ranking), and on what they have to pay someone based on market value. When you negotiate a salary, you're basically trying to convince the company (or the recruiter who's brokering the deal) that your experience earns you a spot on the higher end of the salary range. It's much harder to convince hiring managers to pay you outside of the range they had planned for. If they do so, they risk introducing pay disparity into the organization. (Imagine having a higher salary than your new boss!)

That said, if the company really wants you, there are ways to get around all this. It's uncommon but not unheard of for hiring managers to rethink the position they want to fill, add greater accountability and bump a candidate up into the next salary range. More common is a sign-on bonus thats intended to entice a candidate to change jobs without introducing pay disparity.

Bonuses, by the way, are not insignificant. Financial services chief security officers (CSOs) speak matter of factly of bonuses that are 50 percent to 100 percent of their base salary. Part of the bonus is usually based on the companys performance, and part is tied to whether the individual meets his performance objectives. Experience at putting together "creative" compensation packages is part of the value that recruiters claim to offer. For instance, Joyce Brocaglia, president and CEO of Alta Associates, says she just filled a position at a company that had a salary cap of $150,000. "We knew we couldnt get more money on the base than $150,000, but we were able to negotiate a $30,000 sign-on bonus, a six-month salary review and that 20 percent of the year-end bonus would be guaranteed," she says. The end result? The candidate has guaranteed first-year income of more than $200,000.

DON'T talk about compensation too early.

Conventional wisdom holds that you should never mention compensation until there's actually a job offer on the table. Nothing turns off a potential employer faster than someone who seems interested just in the money. But, as with most rules, there are some exceptions:

  • If a recruiter cold-calls you about a specific job. You can ask, right up front, what the pay range is. "At that point the recruiter has an incentive to tell you what the company is going to pay, because theyre trying to bring in top-quality candidates," says Paul Raines, who worked for several financial services firms before becoming CISO of a nonprofit U.N. group in the Netherlands.
  • If the employer brings it up. If you're leery of mentioning a number too soon and perhaps hemming yourself in, though, you can try to buy yourself some time. "You can say, 'Money isnt a primary motivator for me, and I would like to hold off on further discussion about compensation issues until we get further into this process,'" suggests recruiter Kathy Lavinder, executive director of Security & Investigative Placement Consultants.
  • If the job description seems misleading. "Sometimes corporations write very beautiful job descriptions" that dont at all match the actual job, says recruiter Jerry Brennan, managing director of Security Management Resources. During preliminary discussions, if you develop concerns that the job would be a less-than-lateral move for you, a careful conversation about compensation may help you assess whether the job is really an executive-level one.

DON'T be unrealistic in your salary and compensation expections (or forget that youre still being evaluated).

In general, recruiters say that candidates should not expect a pay increase of more than 10 percent to 15 percent for a promotional move, unless there are substantial differences in job responsibilities. "They're not going to pay you $250,000 if you're making $150,000," says Walker of the Foushee Group, where he is partner. If you've been underpaidperhaps because you've been working in the public sectortry to get the company to accelerate your compensation once you have a proven track record in the job. If you've been working as a consultant, you may see your hourly pay rate drop.

And if you're relocating and looking to negotiate a salary based on the information you found with a cost-of-living calculator, forget about it. "The executive market is a national market," Walker says. While you might be able to negotiate a sign-on bonus or, in rare cases, a housing allowance in high-priced areas such as New York City or Honolulu, don't expect the salary to buy you a house comparable to the five-bedroom Colonial you're giving up in Cleveland.

Remember, companies are still evaluating you during this process. If you ask too much, you'll strain your relationships with your future employer or, worse, cause the company to rescind the offer. "That's a worst-case scenario, but it has happened," Lavinder says.

DO try to get the employer to mention a number first.

When the moment arrives and it looks like the employer wants you, it's common sense to try to get the employer to give a number first. "The biggest mistake you can make is telling them what you want, because that locks you in," says a financial services Chief Security Officer who recently changed jobs. "Theyre not going to go higher than whatever number you put down."

If you're pressed for a number, he suggests offering a range rather than a target. "It has to be a broad range," says the executive, who requested anonymity because he didn't want to compromise his position with a new employer. "You say, Up to this number depending on what the overall job responsibilities are."

But don't be coy about what you're making currently. And, for goodness sake, don't lie. Expect the human resources department at your current employer to confirm three things: your title, your dates of employment and your compensation. If you lie, Brennan warns, "It will come back and bite you. You don't want to go into a job on a fictitious premise, especially in this field."

DON'T believe everything you hear about what others are making.

Nearly everyone warns about paying too much attention to salary surveys; they just can't agree on whether the numbers track too high or too low.

Recruiter Jeff Snyder, president of Human Capital Solutions, says that security salary surveys often come in higher than the reality, especially when theyre done by recruiting firms. "Say John is making $45,000, and the survey says he should be making $60,000," Snyder says. "What do you think John might be inclined to do? Call the firm and say, 'I want one of those jobs.' You have to look at the source and figure out if there could be a hidden agenda."

On the flip side, others say that security industry salary surveys, like the one done by ASIS International, tend to come in low. "The ASIS survey includes jobs that arent really CSO positions," says the financial services CSO who recently changed jobs. "A lot of individual hotels or stores might have a director of security, but it's not really a director or Chief Security Officer position; it just gets classified that way. It brings down those salaries" of people who are true security executives, he says.

Recruiter Brocaglia says the same thing of information security salary surveys. "Ive always looked at what the surveys say and thought, if I had to find a security officer and pay him that much, I'd never find anyone to fill the job," she says.

The higher up you go on the corporate security ladder, the bigger the problem gets. "Oftentimes it's harder to find data on the higher-level jobs, because they're really very customized," says Phyllis Hartman, a principle with PGHR Consulting in Pittsburgh who is involved with the Society for Human Resources Management, a trade group. "The higher up you go, the more factors there are beyond the pay rate. There are often things like bonuses or stocks involved."

The annual, proprietary study done by the Foushee Group is generally considered the most authoritative in the security field, at least for corporate security-focused positions. (See The Comp Question.) Even then, Walker cautions that the numbers are weighted averages. That means a full half of the people with a given job description make less than the numbers cited.

Look at as many data points as you can, paying close attention to job descriptions. Recruiters, of course, say that they have the best perspective on salaries across the board. Talk to your peers too. And if the company is publicly held, the annual report will list the base and bonus pay of the five most highly compensated executives.

DO remember who the recruiter is working for (it's not you).

Never forget that the recruiter's paycheck is coming from the employer that hired him or her to fill a position. Typically, recruiters get paid a percentage of the salary for the position they are filling, but the rate they make may be based on the anticipated salary rather than the number you and your new employer eventually agree upon.

"I don't care how much the recruiter says, 'Theyll only pay you $350,000,'" Raines says. "You can play hardball. The recruiter's incentive is to get you for the company for as low a price as possible."

DON'T focus just on salary.

Cold, hard cash isnt the only thing worth negotiating. HR expert Hartman says if a company cant offer you more money, ask for more time off. "Say, 'I currently have X weeks of vacation, and I would hate to lose that flexibility,'" she says. "It's not like they hire someone to come in and do your work while youre gone." You also may be able to negotiate for flexibility, like the option of working at home or at a satellite office.

Perks are not entirely a thing of the past. While it's not common for a CSO to have a car at his disposal or a country club membership, it still happens. You can think smaller too. Raines knew one peer who got his company to pay for a training book or course every quarter. Also, ask lots of questions. "Don't accept the fact that they say, 'We offer a good relocation package,'" says the unnamed financial services CSO. "You have to ask whats in it. If there are important things not in there, you have to ask about them. It doesn't hurt to ask."


Copyright © 2006 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)