Related Posts
VCA Client Consulting Manager salary?
More Posts
Currently I'm in a depressed and indecisive state with very low confidence. My salary is very much below par with respect to my experience.
YoE : 4
CTC : 5.25 lpa
I'm not prepared to make a switch . Is it ethical to ask my manager to revise the CTC . If yes , how much can I ask . Need your valuable inputs 🙏
Tata Consultancy Infosys HCL Technologies Wipro
Additional Posts in Cyber Security Professionals
New to Fishbowl?
unlock all discussions on Fishbowl.




30 CTC with 7years experience,mostly worked on GRC.Presently working on devsecops.
Keep learning every day even its for half an hour.Try looking at things in a larger scope of things rather than in isolation to get deeper knowledge of the subject
Dont restrict yourself to one domain of cybersecurity as try to learn and practice other domains too.Finally have patience and keep trying and never underestimate yourself
There are times of hardship followed by good days too,So dont lose hope and keep trying even you fail
I failed multiple times and to finally crack 10 + offers as good as 36 L cTc with one world renowned CDN company.
So those who want to grow ,keep learning,have strategy and dont fear to fail
Cheers
If they dont give the opportunity,try to learn it on your own and in the mean time just get that certification which you like to do and try.
Also dont stop to learn because some one is not giving opportunity,use open source communities,build your brand on linkedin and many more you can do.Just think on what more you can do and find a way
AppSec / product security, pentesting (applications, network and cloud), cloud security (not pentesting) , Secure SDLC , infrastructure vulnerability scanning, etc. It's a lot depends on companies you work for not just skillsets
Refer SC 900 and AZ 500
Than go for cloud certification.
Its more about configuration reviews and all in cloud security, best practices of deployment and configuration
I'm into PT with 8yrs of exp.
Currently 20L CTC however holding couple of offers with max being 45LPA CTC.
P.S: I don't know coding, yet!
Sir tussi great ho.. My inspiration
Mentor
Skills that pay more imo: Threat Modelling, Dev-sec ops, TARA, Product Security, Automotive Security, Hardware Security
EY 2 what exactly in cloud security please help to tell.
I have AZ 900,
Preparing SC 900 and planned for AZ 500
Is these 3 certification all about cloud security ??
VAPT along with devsecops. Should have the capability to automate bugs and test it across the entire infrastructure(web based vulnerabilities).Bug Bounty experience is a plus.Great to have some CVE's. Should have knowlwdge about anyone scripting language.
Currently, Im preparing for OSWE.
Yes, interviewers ask questions just for curiosity based on your resume, but your package completely depends on HR negotiation, company budget, experience etc! Clearing interviews is a whole different thing! If a candidate explains CVE but can't explain some minimum criteria, there are chances he won't be shortlisted but if a candidate meets all basic criteria but CVEs are just to make sure he is hired, salary is a different part. AppSec and Pentesting is a whole different area, VAPT is basically low quality pentesting we do in India. Globally there is no role called VAPT, it's basically pentesting or offensive security which can be on application, infrastructure, cloud or IoT. So pentesting is not a dying skill but it has transformed into new technologies and methodologies! Even there are high salary pentesting job you can get by solving some hard web app CTFs
What about SOC is it a well paying industry?
Pay scale in GRC starts from 8LPA to 55 LPA or even more at the end and it's purely based on your experience and skills in GRC
Endpoint Security Lead at Wipro, 8 Years of experience in total.
Keep learning and complete Certification like CISSP, CCSP, CEH etc.
All the best!
Security Solution Architect - 12 years of exp
SOC
VAPT
Endpoint Security
Firewall Security
GRC
UAM
32L
Mentor
Me 🙋 VAPT with 8yoe, 26ctc
Associate Manager in GRC space. Specialization in risk advisory, third party risk management and data security and privacy. 33 LPA
These skills were and are in high demand but slowly the competition is rising as it should. The gap between demand and supply is narrowing down. But I still see a lot of potential in third party risk and data privacy as these are rapidly developing practice areas and solutions/ service offerings are still maturing. There is good growth and the demand pipeline in all markets is quite strong.
Another area that is rapidly gaining importance is OT security as people have started to take cybersecurity seriously in the manufacturing sector as well due to IT OT convergence. This is again a developing area with a lot of scope for new service offerings and delivery models.
10 YOE. I see a lot of people wanting to transition from the technical side to GRC domain thinking that GRC has more roles at a higher level and would provide better growth. That may be true in the big 4 since their majority revenue comes from cyber strategy and risk work. But when it comes to tech companies it's offshoring that drives then which can either be application and cloud security or managed services. This requires core technical knowledge and with a few years of hands-on experience you can transition into project management, solution development or project enablement roles. Which would have salaries equivalent to managerial positions in GRC.
So if it's the growth prospects that are bothering you then you can get similar growth in other domains as well if you play your cards right.
What GRC role gives you is a bird's eye view of the entire cyber security framework at a company which in turn helps you to find more opportunities to sell which drives your growth. So from that perspective it's easier for a not so extraordinary employee to also find growth within GRC by being in the right place at the right time.
With the above info if you are still interested in making the switch to GRC then DM me I can guide you.