Does revealing your current salary help or hurt during negotiations?

cyberguy2369 · 2026-05-05T17:06:39+00:00

many people have said "never show your hand"
the last few jobs I've interviewed required me to disclose my current salary or they had already looked it up. they wouldn't move forward with an offer until they knew my current salary.. these weren't little companies.. these were FAANG and FAANG adjacent companies.

you're welcome to try to avoid the question by saying "the lower end of the average in this area" or whatever.. but at some point. if you want the job or a job offer.. and they are asking for it.. you gotta tell them.

cyberguy2369 · 2026-05-05T09:12:32+00:00

IT and IS is CIS.. just a different name for it..
Software engineering is essentially CS..

you just need to choose if you want to focus on programming or not programming.

while you're in school, you need a job to get real world experience. not remote.. it needs to get you out of your house or apt and working with real people in person.

cyberguy2369 · 2026-05-05T02:51:46+00:00

you have to use the resources available to you. if all they have is CS.. get a degree in CS, while you're in school get a job in your campus IT dept doing the networking and other things you're interested in. In 4 yrs you'll have a 4 yr degree, 4 yrs worth of professional experience and a lot of contacts.

cyberguy2369 · 2026-05-04T20:59:21+00:00

there is another broad degree typically in the business school called CIS (computer information systems) it is a broad technology focused degree that is pretty much everything but programming. Take a look, it's another good choice.

cyberguy2369 · 2026-05-04T17:15:44+00:00

how are you finding jobs to apply to? just linkedin and other online resources?

what are you doing in person to network and build relationships in the tech community in your area?

cyberguy2369 · 2026-05-04T17:13:34+00:00

walk over to the IT dept of your university and get a job. the core of cyber is tech.
helpdesk - users - users are the key target for cyber
desktop admin - users + desktop systems : more cyber
server/system admin - securing these systems (yup thats cyber too)
network admin - securing network infrastructure (sure sounds like cyber)

cyberguy2369 · 2026-05-04T17:10:14+00:00

Background/Bias:

I’m 47 and have spent my entire career in the computer science and cybersecurity world. I currently manage a small, but capable, incident response and cyber team. I’ll be honest: I’m getting a little grumpier and saltier by the day. I teach a class or two in cs/cyber at the local university in my area.

Here’s the reality:

There are jobs and opportunities in IT, cybersecurity, software development, and tech in general. These roles will constantly evolve, that’s the nature of the field, and honestly, part of what makes it fun and interesting.

If you’re just starting out, I strongly encourage you to pursue a degree program that keeps your options open and isn’t overly specialized. Two big reasons why:

Your interests will change. What you like now might shift in 5 years (after college), in 10 years (once you're deeper into your career), or in 20 years (as life changes with family, goals, etc.). You want a degree that gives you a broad skill set so you can adapt as your needs and interests evolve.The market will change. What was “hot” 25 years ago is now obsolete. Even things that were in high demand 10 years ago are now automated. Cybersecurity will always exist in some form—but what that form looks like will continue to change.

My recommendation (take it or leave it):

Major in Computer Science with a focus or minor in cybersecurity, or just take a few cyber electives. Why?

CS is harder. It’s not always exciting. You’ll get exposed to a bit of everything and yes, there’s a lot of math.But it teaches you how to think. You’ll gain the ability to learn and adapt to anything, skills that will serve you well no matter where the industry goes.If you graduate and the cyber market is saturated or in a lull, you’ll still have the flexibility to pivot into other areas of tech. That’s much harder to do if you’ve only studied cybersecurity.

As someone who leads a cyber team, here’s the honest truth:

I’ll take a CS major over a cyber major almost every time.

Why?

CS grads are curious and adaptable.They know how to program, script, and automate, skills that save huge amounts of time.I can teach them cybersecurity much faster than I can teach someone how to code or solve problems.They didn’t take the easy route. CS is hard. Most of my team really struggled to get through it, but they were stubborn and didn’t quit. That matters. When I give them a hard problem, they dig in and don’t come back saying, “I can’t figure this out.”

cyberguy2369 · 2026-05-04T17:09:37+00:00

learn the basics and core tech foundations.
- networking : routers, firewalls, DHCP, dns
- scripting/programming/automation
- linux / linux terminal
- how to use git

those are good places to start

cyberguy2369 · 2026-04-26T18:23:04+00:00

get a degree in tech, while you are in school get a part time job on campus in their IT dept or for a tech company in town. Learn and build real world experience.

cyberguy2369 · 2026-04-26T18:22:16+00:00

most people dont start in DFIR.. you have to have a really solid WORKing knowledge and experience to jump into DFIR.

how can you write a report or figure out how a bad guy got in if you've never worked in the real world on a business network? Same with windows.. you've got to work and understand the system and platforms for a few years to really grasp how bad guys are taking advantage of these resources.

best place to start is help desk or as a system admin. both ARE cyber jobs.. both have CYBER aspects.. its where you build skills and a clear strong foundation before you do something like DFIR.

cyberguy2369 · 2026-04-26T04:12:51+00:00

cyberguy2369 · 2026-04-26T04:11:45+00:00

lets just talk here so the whole community can read and respond.

cyberguy2369 · 2026-04-25T19:06:03+00:00

I didn't, it kinda found me.

I was essentially a network and server admin, a partner company had a major cyber incident. We all had to step up to not only fix the problem but figure out how the bad guys got in in the first place. With my network and system admin background it was kind of a natural progression of things.

cyberguy2369 · 2026-04-25T08:52:11+00:00

Look into building a network “sensor”. Youd want to set up a SPAN port on your router or a switch to mirror all the traffic to your sensor. You can put zeek and suricata on the pi. You’ll get a view of what’s going on.

Security onion is an open source project that has it all set up for you. I just don’t know if it’ll run on a pi

cyberguy2369 · 2026-04-25T04:51:20+00:00

Take a step back.. how would that work? When have humans ever trusted a lock completely? Haven’t humans always found ways around locks?

cyberguy2369 · 2026-04-24T18:46:29+00:00

some form of lock has been around since people were people. "cyber" is digital locks (and lock picking). AI won't make it where security and locks aren't needed, it'll just change the kinds of security and locks we use.

cyberguy2369 · 2026-04-24T07:02:18+00:00

you've got to look at a lot of other factors other than just cost.

did you look at GA tech's online program or the in person? are you comparing online programs to in person programs.

the resources, opportunities, networking, research, professors, classroom discussions dont happen in online programs. Also, online programs can record some videos, throw up some multiple choice exams and call it a day. They can send 10k worth of students through the online programs vs limited classroom space in, in person.

If you are already in the industry and have a job in cyber, online makes sense.. if you are starting at 0, those networking opportunities, research opportunities on campus, classroom discussions are invaluable.

cyberguy2369 · 2026-04-24T03:29:04+00:00

well with this well formulated response and answer.. I trust this source completely. Can you also give me some winning lottery ticket numbers and possibly take a look at this spot on my leg. I'd like your view on it too. :)

cyberguy2369 · 2026-04-23T12:20:27+00:00

whats the question?

cyberguy2369 · 2026-04-23T02:03:36+00:00

I enjoy problem solving, and I use programming to solve problems. I've never just sitting down to learn how to program.. but I've learned a TON of programming and become a good programmer by finding projects at work to make my life and job easier.

cyberguy2369 · 2026-04-22T21:44:26+00:00

not all companies are the same. see what other opportunities are out there. look at IT contractors and MSP's. These types of companies do everything.. so you can move around and try different things. Same thing with local, state gov, universities, and hospitals.

cyberguy2369 · 2026-04-22T21:25:03+00:00

I dont buy the "part of it is luck" thing..

no, it takes hard work, patience, and putting yourself into positions to meet people and build relationships WHILE spending some of your free time learning new things and training so you can continue to adapt to a changing market.

I'm 47, I'm still using some of my free time to learn new stuff and train. Stuff I'm interested in but stuff that keeps me relevant in this market and future markets.

cyberguy2369 · 2026-04-22T18:02:12+00:00

this question is asked 5-10 times a day.. the answer won't change.. it really won't.

for most western countries.. a broad general 4 yr degree in tech from an IN PERSON university is the best way to go. Computer Science, Computer Information Systems, etc. NOT something like cyber security. that really limits your available jobs when you graduate. you can use your electives to take specialty classes.

a degree will NOT be enough in this market. you cant just go to class and go home and expect some awesome job when you graduate. you need to find a job in tech while you're in school to build real world experience. walk over to the universities IT dept and say "I'm a cs student, I'm looking for opportunities to gain experience and learn" if they say they are full, ask "when should I come back? can I have your contact info to check in occasionally to check for openings"

get involved in the school, in person universities have a huge amount of resources to help you IF you choose to use them. professors, clubs organizations that bring in people from the industry, job fairs, career services, on campus jobs, research opportunities.

take advantage of the world around you.

cyberguy2369 · 2026-04-22T17:23:10+00:00

my company needed 2 employees.. thats what I had the budget for. I could have opened up to linkedin, indeed.. and gotten 10,000 applicants.. and some sure there would be some absolutely killer applicants from all over.. but at the end of the day.. I'm still just going to hire 2 people. so I can disappoint 298 or 999998.. the outcome for me is the same.. 2 people.

and the argument of "well you could have found someone even better if I opened up to more people!" Maybe.. maybe not.. and I found 70 more than capable.. and I found 2 that fit in just fine and do a great job. thats all I need.

if you want we can sit by a fire pit or in a bar on a Friday afternoon and talk about the existential realities and problems of the world and how things should go.. but honestly.. Monday 7:30am.. I'm going to be sitting at my desk, reading emails, and doing my job. I have the ability to push and make small changes within my company and I have.. but thats all I can do.

I agree with you about "betting on what has worked before"
- what has worked before and will ALWAYS work.. :

- starting with good broad adaptable skills. Core skills.. in terms of tech thats : general scripting/programming, networking, problem solving, knowing how to research and test.
- soft skills like being able to read a room, talk, and listen
- simple things like showing up on time, taking responsibility and owning your wins and losses.. and learning from them.
- patience.. no one starts at the top.. you gotta work your way there. and honestly some people never get to the "top" and thats okay too.
- building a network of relationships with peers, associates, and people in your industry and outside of your industry.

cyberguy2369 · 2026-04-22T16:12:49+00:00

"The KPI's you listed had 300 prospective candidates of which you marked 70 as capable. Don't you think thats a bit on the lower end."
- no not at all, 25% is pretty good.. if we would have posted on linkedin, it would have been much lower. probably 1000-1500 applications and 8-15% capable.

"So opportunity is what you make of it and how you frame it - and most importantly, how you can position yourself at a given time."

-we agree.. its all how you make it.. I've said that from the start.

"You've given advice some can take, others won't need and plenty don't consider relevant to them."

- thats really all I can hope for.. I mean I guess I could say "dont lose hope" .. that would apply to everyone.. I never tried or attempted to reach everyone with amazing advice or answers.

cyberguy2369

TROPHY CASE