Re: Needed: Industry/Higher Ed Standard Job Title for Lead of Computer Incident Response and Investigations

[Allison Dolan <adolan () MIT EDU>]

I used to be in HR and there is a certain art to job titles and
salary.   Most individual's jobs do not match exactly to 'benchmark'
jobs - 80% match is considered good. The salary survey companies
define what they mean by a job, and you and your HR person decide how
close it is to your work.   You might end up with your position being
a blend of 2 or 3 benchmark jobs.  Talking to staffing agencies is
also another good resource - you could ask them what they would call
a person with your skills and experience.

And when it comes to pay, rather like pricing a home, you look to
comparables, and note the areas where you are stronger (have more
skills, experience, etc) or have gaps

Coincidentally, I saw this item
IT Salaries: Security Staff
By James Maguire - June 17, 2009
The need for IT security staff never seems to lessen, creating
healthy salary levels for these sought after professionals.

http://itmanagement.earthweb.com/career/article.php/3825536/IT
+Salaries:+Security+Staff.htm


Allison F. Dolan
Program Director, Personally Identifiable Information
Massachusetts Institute of Technology
77 Massachusetts Ave  NE49-3021
Cambridge MA 02139-4307
Phone: (617) 252-1461
http://mit.edu/infoprotect



On Jun 16, 2009, at 3:39 PM, James Moore wrote:

> My job responsibilities have shifted.  I started the information
> security program here, but now I lead computer incident response and
> investigations.  HR is going to be given the task of rebanding me.  My
> manager wants to make sure that they compare apples to apples.  He
> appreciates that I have a BS, 31 years of experience spread among the
> fields of Software engineering (7 years), Systems administration (10
> years), and Information security (14 years).  I am able to work with
> systems administrators in live investigations because I was one.  I am
> able to work with vendors to improve products (which will in turn make
> incident response more effective) because I have the background in
> information security program development, and understand process,
> communication, and management methods.  I am starting to do some tool
> development where there are gaps.
>
> I have a CISSP.  I am working on an EnCE, and may also go for a GCIH.
>
> My manager's objective is to get a title that HR could survey and
> place
> me with people of a similar level of experience.
>
> Jim
>
>
> - - - -
> Jim Moore, CISSP, IAM
> Information Security Officer
> Rochester Institute of Technology
> 151 Lomb Memorial Drive
> Rochester, NY 14623-5603
> (585) 475-5406 (office)
> (585) 255-0809 (Cell - Incident Reporting & Emergencies)
> (585) 475-7920 (fax)
>
>
> If you consciously try to thwart opponents, you are already late.
> Miyamoto Musashi, Japanese philosopher/samurai, 1645
>
>
> Risk comes from not knowing what you're doing. -Warren Buffet
>
> Confidentiality Notice:  Do the right thing.  If this has the words
> "Confidential" or "Private" in the subject line, or similar
> language in
> the email body, or as a label on any attachment, then think.  Do you
> know me?  Did you expect to receive this?  Do you recognize and work
> with the other addressees?  If not, then you probably received this in
> error.  Please, be respectful and courteous, and delete it
> immediately.
> Please, don't forward it to anyone.
>
> Now, wasn't that simple.  Just, if you had made an error in a
> sensitive
> email, and I received it, what would you want me to do with it?
>
>
>
> <Jim Moore (jhmiso () rit edu).vcf>