Print Page   |   Contact Us   |   Report Abuse   |   Sign In   |   Register
WSC Blog
Blog Home All Blogs
The Women's Society of Cyberjutsu Blog. Come here for interesting facts about the WSC, security and other news and tidbits.

 

Search all posts for:   

 

Top tags: amazon  amazon charity  analysis  b-sides conference  career  charity  competition  CTF  cyber  cyberjutsu  cyberlympics  job  negotiating  salary  SOC  tips  training microsoft free  tricks  value 

Tips and Tricks to Negotiating a Better Salary

Posted By Mari Galloway, Friday, May 12, 2017
Recently, I got an email from a close friend talking about how a manager told her she wasn’t getting paid what she is worth because she wasn’t a male, the bread winner. So basically the manager insinuated that because she was a women she couldn’t be the bread winner thus the lower pay. Well what if she was a single mother or what if she was a widow? How does one justify saying these types of things in the work place? 

So I got to thinking, why are women often paid less than their male counterparts even if they have the same or better qualifications? I went back to my first contract job many years ago and realized, some women don’t negotiate their salaries from the jump. I DIDN’T. I just wanted to get the job and start getting that hands-on experience, so I took the first offer and that was it. I undervalued my skill set because I didn’t feel that it was up to par to what I THOUGHT the guys in my all male team had. That was a mistake that could have cost me higher salaries throughout my career. Learn from your mistakes and don’t make them again!

Salary discussions can sometimes get awkward because you shouldn’t really talk about it in the workplace. I had a job working for a young adult clothing store as an Assistant Manager years ago and we fired folks if we found them discussing what they were getting paid. It creates this environment of distrust between employees and management. What folks get paid should be kept between that person and the boss. But when you start moving away from those hourly jobs and into a salary position, it is sometimes hard to not talk about what you make. There are many different resources like Glassdoor and FederalPay.org that provide pretty specific information on folk’s salaries. There is no hiding what someone in the same job as you is making across the country. But for those jobs where the salary ranges aren’t readily available, what can you do?

Salary - a fixed regular payment, typically paid on a monthly or biweekly basis but often expressed as an annual sum, made by an employer to an employee, especially a professional or white-collar worker. 
Here are a few of my tips to help navigate the world of salary negotiations. These can be used for getting that raise that you deserve as well.

1.      Know your value. This is very important. If you are fresh out of college with no experience, don’t go in with guns blazing asking for $150,000 unless you are like a super genius or a rocket scientist and even still that is a stretch. Research salaries for the job you are applying for. Make sure to take into account, your education, skills, and other experience you have. This is includes unpaid experience as well. Be realistic in your expectations but don’t undervalue yourself.

2.      Don’t be first to disclose a number. You want to know what the company is offering. Ask them what the range is for the position. If they are hard pressed to give that to you, have a range in mind (discussed next). Don’t give the bottom of your range though, because that may be lower than the position the position offers and you may miss out on the extra money.

3.      Have a range. You want room to grow at your company but you also want to get what you are worth for that position. The bottom limit of your range should be at least 10% higher than your current salary, if you have one. This limit may be higher depending on what you are bringing to the table. The upper limit should be 10 to 20 thousand higher. This range is for you to know when to walk away and when to pull out a counter offer. These are your limits. As a side note if you are moving to another location for a job, make sure to do some research on that job market. A good place to start is the Bank Rate. This site helped me make the decision to move across country and leave the government.

4.      Be direct with what you want. The difference between some men and women here is that men just flat out say “I want to make X amount of dollars.” While women tend to beat around the bush and not come right out and say what they want. I was guilty of it. Again, just trying to get in the door. Make it known what you are willing to take. Don’t imply anything as this may cause you to get less money. This is where knowing your range helps out tremendously. Go with the higher of the range and work backwards.

5.      Be willing to walk away. Sometimes, an employer just won’t budge on the salary they are offering. Know when to walk away from that opportunity. One common mistake that is made is accepting the first offer. You don’t have to do that. Remember your salary range!

6.      Negotiate beyond salary. Once the base salary is determined, the rest of your compensation should be discussed. Things such as moving expenses, transportation expenses, food allowances, student loan repayment are just a few examples of things to discuss with the employer before making a final decision. Benefits are not always firm and can be negotiated if you have the right information.

7.      Ask questions. Above all else, ask questions. If you are curious about the salary or the benefits, ask those questions. Get answers to make an informed decision. Starting a new job is hard work. Do go into blind.

There are tons of articles and information out there for negotiating salary. The internet is a powerful tool that should be utilized the effectively negotiate your entire compensation package. These are just a few of my top tips and what I used to get the job I am in today. Great pay with even better benefits! Women, negotiate your worth and don’t settle because it is the first offer on the table. Men you can use this information too!!

If you have tips and tricks to negotiating salary, let us know! Sharing is caring.

Tags:  job  negotiating  salary  tips  tricks 

Share |
PermalinkComments (0)
 

Shmoocon Ticket

Posted By tennisha martin, Friday, January 13, 2017
I've got a ticket to shmoocon (starts today and goes through this weekend) but i had surgery on my back and can no longer go. $100 amazon gift card gets you a barcode.

This post has not been tagged.

Share |
PermalinkComments (0)
 

My First Cyber Competition

Posted By Mari Galloway, Thursday, November 10, 2016

My First Cyber Competition

For whatever reason, cyber competitions have been on my mind. So, I thought that I should share my experience as well as provide a few resources to those on the fence about participating in these cyber competitions.

Cyber competitions are a great way to gain valuable hands-on experience in various areas of cybersecurity such as pentesting and digital forensics. There are various types of competition in a few different varieties: Challenge-based, where you answer questions/challenges to gain points; Attack-Defend, where you must defend your 'castle' while trying to attack others; and Wargames which are online CTF competitions.

My first competition was back in 2013 with Cyberjutsu Women at the Global Cyberlympics, a competition hosted world-wide by EC-Council. This competition is an online team-based competition consisting of 3 qualifying rounds (Forensics, Penetration Testing, and Computer Network Defense (CND)) and a final round (Capture the Flag) usually hosted at the annual HackHalted conference.

Going into this competition, I had no freaking clue what to expect or even how to begin. The team consisted of 6 women lead by Lisa Jiggetts, the founder, CEO, and head Cyber Ninja for Women's Society of Cyberjutsu. We went into a conference room and immediately started the first round. We weren't organized and none of us knew what was going on but we trekked through it, together.

See with this competition, you can only have one person logged into the scoring server which meant that this person either had to perform all the tasks for each round or we had to figure out a way to collaborate quickly and efficiently to get the points. Even though we started off scrambling, by the end of round 1 we had found our groove and started racking up the points. Mind you, Lisa was the SME of the group and she had to provide a lot of insight.

I was scared because I didn't want to fail but was relieved to know that we were a team. We advanced to the next round. By the end, we all walked out of the room a little bit smarter and with ideas to help with round 2.

Fast forward a few weeks, we made it past round 2 but not without a few bumps in the road. I think round 2 was harder than the 1st one and for good reason. EC-Council wanted to make sure that people knew what they were doing. We spent that Saturday afternoon moving through challenges and troubleshooting and praying we get enough points to advance to the finals. When we recieved news that we made it to the final competition, we were beyond ecstatic. We were the only all women team (All cyberjutsu competition teams are all women) to advance to the final competition. Unfortunately, I was unable to attend the Final event due to work, but I learned a lot about myself and my love for this field. We all love a little challenge here and there. And, the prizes are definitely a motivator to participate in these types of games.

For me the Global Cyberlympics was the start of something great. Participating in and winning competitions gives you confidence in your skills and boosts your ego a little bit. Although, I haven't won a competition, I have participated in a few of them each year (both on a team and individually). They are a lot of fun. You learn a lot of things by doing them. If you are interested in participating in these games but don't know where to start, don't fret. There are numerous resources available to help you get your feet wet and prep for success. Some of my favorite individual games include SANS Netwars (paid), OverTheWire (free, online), and Enigma Group (free, online). These games force you to research topics and try new things, some of which can be used in the real-world depending on the job that you do. Some of these competitions are even at various conferences and are free to participate in.

So, get to it and start refining your skills!

For more information or to participate in team based competitions, join the WSC Competition Group at www.womenscyberjutsu.org

Additional links with good information:

ctftime.org - lists competitions going on around the world and you can join teams

Capture the Flag Competitions - Basic info on CTF's as well as different ones for each type

Tags:  competition  CTF  cyber  cyberjutsu  cyberlympics 

Share |
PermalinkComments (0)
 

Know Your Value

Posted By Tammy Torbert, Saturday, December 26, 2015

The holidays give me a chance to catch up on reading.  I happened across a book "Knowing Your Value: Women, Money and Getting Your Worth", by Mika Brzezinski.  It's one of these easy reads, a business book told mostly as interviews with successful women in a variety of industries.  There are also interviews with successful men that talk about the difference between men and women in industry.  

 I wish I had this book when I first started my career.  It discusses the way that women shoot themselves in the foot and don't get what they want.  The book won't tell you how to negotiate a better salary, but it might show you the things you are doing that cause our own failures. 

  

Happy holidays!

Tags:  career  value 

Share |
PermalinkComments (0)
 

Shopping Amazon & Supporting a Good Cause

Posted By Tammy Torbert, Wednesday, August 26, 2015

Do you shop amazon?  I do all the time, and about six months ago amazon asked do you want to support a good cause.  I thought why not?  So, from that moment forward I started shopping amazon.com, through smile.amazon.com.  This gave me a way to donate to my favorite charity at no cost to me.  With smile.amazon.com, the Amazon team donates a percentage of your total purchase to the charity you've designated.  What could be easier?

I just found out that WSC is one of many good causes that you can donate to by shopping through smile.amazon.com.  If you shop Amazon, I hope you'll consider shopping through their smile.amazon.com portal and donate to the charity of your choice. 

For more information about the smile.amazon.com program, visit the about page at https://smile.amazon.com/about.

Tags:  amazon  amazon charity  charity 

Share |
PermalinkComments (0)
 

Why Didn't We Catch It?

Posted By Tammy Torbert, Saturday, August 22, 2015

If you've spent any time working in a Security Operations Center (SOC) whether as an analyst, engineer, or incident responder, there is nothing worse than getting asked by your manager "Why Didn't We Catch It?"  The "It" is some incident or badness that occurred in the environment you are supposed to be monitoring or protecting.

Imagine a situation where a denial of service event occurred, but this was detected by the customer realizing that there site was responding as expected.  For security teams, having the customer tell you there is an incident typically means the SOC missed something they should have seen.  I was brought in to take a look at the Security Information and Event Management (SIEM) tool and see what was available leading up to the event.  Ultimately, I didn't find much to indicate a denial of service, that doesn't mean there was nothing there, it just means I didn't see anything obvious.  Next up, I start working with the networking and security engineers.  I need to understand how traffic flowed, what devices would have inspected the traffic, and what could possibly tell me something happened.  This is where understanding networking and how routers, switches, firewalls and IDS tools work.  I realized that there were a few devices that had security controls on them, whether it was the intrusion detection sensor, the router, or the firewall.  I then had to work with the team to decipher the configurations, make sure that traffic was moving to security tools that could have caught the attack, make sure that the right policies were in place to detect the attack, and make sure that logging levels were appropriate.

Ultimately, if you plan to work on the defensive/detection side of security, it's vital to have a broad knowledge set.  My knowledge of networking and a variety of security tools give me instant credibility in the room.  The best security people for defense/detect are those that understand how things work, but also how things should work together.  You don't have to be able to configure the router, but understanding how it will handle traffic will be helpful.  Defense/detect roles are challenging because the wide breadth of knowledge you'll need, but it's also a great starting point to security specializations, like reverse engineering, forensics, or security engineering. 

Tags:  analysis  SOC 

Share |
PermalinkComments (0)
 

B-Sides DC

Posted By Tammy Torbert, Sunday, August 16, 2015

Anyone get tickets for B-Sides DC yesterday?  I forgot that tickets went on-sale at midnight, and alas missed the first round.  I'm getting ready for round 2 on September 1.  

If you haven't been to B-Sides, it's a fun local event that is relatively inexpensive.  I hope to see you there. (Link for B-Sides DC).  It's a great way to get CPE credits for your CISSP, and also a great time to network and socialize with security geeks.

Tags:  b-sides conference 

Share |
PermalinkComments (2)
 

Free Training from Microsoft

Posted By Tammy Torbert, Saturday, August 15, 2015

I spent some time this morning browsing the Internet with no particular goal in mind.  I used to be a subscriber of Microsoft Technet which offered me a way to get access to their software.  It's been years since I subscribed, and found that Microsoft has since decommissioned this offering.  :(  

However, I found that Microsoft has created a free training site, the Microsoft Virtual Academy (http://www.microsoftvirtualacademy.com/).  I was really surprised to see how much material they had available all for free.  Also, it wasn't just Microsoft specific stuff, but also general topics around networking, security and programming.  

If you need training, this is definitely an offering that I would check out, especially given it's free price.  

Tags:  training microsoft free 

Share |
PermalinkComments (0)
 
Community Search
Sign In
Sign In securely
News & Press
Online Surveys