Information security pros with bachelor's degrees don't get any more money than high school grads, but a master's or doctorate is convertible to higher salaries, according to the study. Moreover, communications skills rate more important than technical skills for career advancement.
A new study released today confirms that there is indeed a growing market for IS expertise.
Alan Paller, director of research at The SANS Institute, a respected IT research and education organization, suggests that people "are waking up to the fact that there’s a shortage of security talent."
The SANS Institute’s 2005 Information Security Salary and Career Advancement study of over 4,250 IS pros finds that compensation for IS jobs is strong and growing. For U.S. IS professionals, the median income, including bonuses, is now $81,558. In Great Britain, it’s $76,389. In Canada, it’s $67,982. In the rest of the world, it’s $51,250.
Paller says his organization has not conducted a salary survey since 2002 because it didn’t want to “pile on” during a time when salaries were under pressure. But he contends salaries in 2005 were significantly higher than three years earlier.
An infosec salary survey released in 2003 by Foote Partners LLC noted that compensation declined the previous year. The Foote survey found that in the fourth quarter of 2002, the overall base salaries for some 100 IT positions declined by an average of 2.8 percent from the fourth quarter of 2001. Yet even so, during this period salaries for corporate security positions rose an average of 5.5 percent, suggesting that even in bad times, good security remains a valuable commodity.
One noteworthy finding in the SANS study is that there’s essentially no difference in terms of compensation between IS workers with high school degrees and those with bachelor’s degrees. However, those with advanced degrees -- a Master’s or Doctorate – can expect to earn significantly more than those with lesser academic credentials.
Another finding of note: certifications from The International Information Systems Security Certification Consortium, Inc. (ISC) and the Information Systems Audit and Control Association (ISACA) translate into greater earnings than other certifications, such as those bestowed by individual vendors like Microsoft or Cisco.
Respondents indicated that those certifications offered an edge in management or policy-centric jobs -- typically highly paid positions. But for hands-on security, survey takers said the Global Information Assurance Certification (GIAC), administered by SANS, and certifications offered by vendors were more advantageous.
Paller interprets this as an indication that there’s no substitute for real world experience. “You can’t become a pilot by studying airplanes,” he says, suggesting that employers should be wary of computer security pros who have never wrestled with securing actual systems.
Perhaps the most unexpected finding, according to Paller, is that those taking the survey rated communication skills, both verbal and written, as more important than technical knowledge in terms of career advancement.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.