Information security pros with bachelor's degrees don't get any more money than high school grads, but a master's or doctorate is convertible to higher salaries, according to the study. Moreover, communications skills rate more important than technical skills for career advancement.
A new study released today confirms that there is indeed a growing market for IS expertise.
Alan Paller, director of research at The SANS Institute, a respected IT research and education organization, suggests that people "are waking up to the fact that there’s a shortage of security talent."
The SANS Institute’s 2005 Information Security Salary and Career Advancement study of over 4,250 IS pros finds that compensation for IS jobs is strong and growing. For U.S. IS professionals, the median income, including bonuses, is now $81,558. In Great Britain, it’s $76,389. In Canada, it’s $67,982. In the rest of the world, it’s $51,250.
Paller says his organization has not conducted a salary survey since 2002 because it didn’t want to “pile on” during a time when salaries were under pressure. But he contends salaries in 2005 were significantly higher than three years earlier.
An infosec salary survey released in 2003 by Foote Partners LLC noted that compensation declined the previous year. The Foote survey found that in the fourth quarter of 2002, the overall base salaries for some 100 IT positions declined by an average of 2.8 percent from the fourth quarter of 2001. Yet even so, during this period salaries for corporate security positions rose an average of 5.5 percent, suggesting that even in bad times, good security remains a valuable commodity.
One noteworthy finding in the SANS study is that there’s essentially no difference in terms of compensation between IS workers with high school degrees and those with bachelor’s degrees. However, those with advanced degrees -- a Master’s or Doctorate – can expect to earn significantly more than those with lesser academic credentials.
Another finding of note: certifications from The International Information Systems Security Certification Consortium, Inc. (ISC) and the Information Systems Audit and Control Association (ISACA) translate into greater earnings than other certifications, such as those bestowed by individual vendors like Microsoft or Cisco.
Respondents indicated that those certifications offered an edge in management or policy-centric jobs -- typically highly paid positions. But for hands-on security, survey takers said the Global Information Assurance Certification (GIAC), administered by SANS, and certifications offered by vendors were more advantageous.
Paller interprets this as an indication that there’s no substitute for real world experience. “You can’t become a pilot by studying airplanes,” he says, suggesting that employers should be wary of computer security pros who have never wrestled with securing actual systems.
Perhaps the most unexpected finding, according to Paller, is that those taking the survey rated communication skills, both verbal and written, as more important than technical knowledge in terms of career advancement.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.