Looking for a new job can be thrilling and stress-inducing at the same time. You want an opportunity that will challenge you and help you grow, but the process of landing an offer for your dream job can be tricky to navigate.

For many people, one of the most vexing issues is how and when to talk about salary and other compensation such as bonuses and stock options, which I call your “all-in” package. This is especially true when the market is moving so fast right now.

What should you say when a prospective employer asks about your salary? It’s a crucial question for both of you, and your response could make the employer increase interest or lose interest in you. Moreover, it could have you leaving money on the table or increasing your salary handsomely. Obviously, you want to say the right things that will leave both you and the employer satisfied that a mutually beneficial deal can be reached.

Know your market value

The matter of compensation will likely come up in the conversation, but don’t be the first to raise the subject. When they ask, it’s fine to say where you are today—they are going to find out at some point anyway. However, it’s key that you have knowledge of what you are worth in today’s market, so you know where you want to get to in terms of a baseline with the move.

The good news is that compensation is rising for CISOs. People in other fields can expect to increase their compensation by 15% or more through a job move; top level security people can often expect more than that. This is where knowledge of the market and your value come into play as you will need to advocate for yourself.

Say you make $200,000 or less all-in, right now, as a CISO. You could say, “Clearly security is a very dynamic market. Based on everything I’ve learned from my peers in the industry and the current opportunities that I’m looking at, it appears that roles for someone with my experience and expertise have a fair market value of upwards of $500,000 or more. I have been targeting roles in the range of at least $350,000 to $450,000, all-in.”

Another way to start the conversation is to say, “As we all know, this is a bit of a crazy market that’s moving really quickly. Numbers are changing all the time in this dynamic market. I’ve done a fair amount of due diligence, and I have seen that for someone with my experience level, the starting point in the market is upwards of $350,000 all-in.” You don’t want to negotiate against yourself but you want to use the conversation strategically to set a floor so they don’t waste your time unless the offer is at least $350,000, or whatever amount you are seeking. You can steer the conversation regarding what you would accept and would not accept.

A recruiter might send you a form to fill in your information. If there’s a place on the form for desired salary, it’s OK to write “TBD, to be discussed at the appropriate time.” Giving full transparency is fine, if and when it’s appropriate to do so, but filling out an initial interest form feels a little too soon.

Acknowledge that compensation can be a tricky subject

You also want to convey that it’s not just about the money for you. Security people are very mission-oriented. Most people with more than five years of experience didn’t get into this industry for money. You can tell the employer you are looking for a company that has a commitment to good security, where there is alignment with the executives and the board around what “good” looks like, and which cares about security as much as you do. You want to go to a company with a philosophy around security that is harmonious with yours, and that includes a commitment to paying fair market value for high quality leaders. It can be tricky, but you need to be balanced with your communication around compensation, because this also demonstrates your business acumen.

You have to have realistic expectations of what a company would offer you. Even if you are currently far under current market value – let’s say you are at $180,000 all-in – it’s rare that someone would offer to double your salary to get you to move. A 100% increase or more can occur but it is highly unusual.

More often than not, there’s a disconnect on salary because the market is moving so fast. The employer might offer, at least initially, a lower all-in package than you might want to accept. Keep in mind that this is a learning process for them as well as you. Don’t reject them outright based on the all-in package numbers; you never want to burn a bridge. If they’re interested enough in you, they might come around to meet your numbers. They might come to realize that they can’t have an expensive luxury car on a low-end budget.

Plan a few moves ahead

Think longer term. You could make a few strategic moves in a 2 ½ or three-year time span to increase your all-in salary significantly from where you are today. For example, suppose you are currently at $180,000 or $200,000 and you take a job at $350,000. Assuming you succeed in that position, within two-plus years you could be looking at $500,000 or more by making another move. That’s how you have to look at it in this market. You are really attractive to a lot of companies that don’t want to pay $500,000 right now; they want to pay $350,000 but there aren’t that many qualified candidates at that level.

If you are under market value today, for whatever reason, part of your attraction is that you will come in at $300,000 or $350,000. Frankly, that is a big reason why you would get the job before someone who is equally or maybe even slightly more qualified, but who is demanding a much higher compensation package. If you take a little bit longer view on this, you could have your cake and eat it too.

It’s a terrific job market today for experienced and well-qualified CISOs. Companies increasingly are looking for people to fill high-level strategic positions around security and enterprise risk management. If you can make a case for yourself, you should command a highly competitive all-in salary. Knowing how to ask for it is key.