Salaries for IT security professionals leveled off in 2004 because more of them are out there. But pay will pick up again as companies delve deeper into compliance issues, especially for those focused on auditing, forensics and management, Foote Partners LLC concluded in a new report. Demand will also grow for those offering the best blend of business savvy and architectural know-how.
"The data we have shows that security, which has been rising a long time, is starting to level off because the supply is catching up with demand and more companies are taking the IT staffers they have and moving them over to security," said David Foote, president and chief research officer for the New Canaan, Conn.-based firm. "But security is still hot, and we're telling people it's really in their benefit to get security into their job title. One thing that has kept the need alive -- auditing, which ties into the regulatory concerns companies are having."
The study is based on feedback from 45,000 IT workers and 1,860 North American and European employers. Overall, the firm found that after a prolonged period of decline, premium pay tied specifically to information technology skills is getting a big boost from widespread retention concerns, offshoring disappointments and an increase in competition for IT consulting talent.
"Our research has found unmistakable evidence of a turnaround in pay for several skills over the past six months, in particular those associated with networking,
Though pay for 150 certified and non-certified skills has dropped an average 4.2% and 0.5% respectively in 2004, networking skills pay has increased 6% in the past year, messaging/groupware skills are up 4.5%, and skills relating to applications development and programming languages have grown nearly 4% in value, Foote said. "The remarkable part is that, at this time last year, these same skills groups were registering annual declines of 6% to 12%. It's a complete reversal and a clear signal that businesses are once again investing in their full-time employees," he added.
When it zeroed in on the security aspect, the firm found pay and demand flattening out for firewall/intrusion analysts and incident handlers while growing for those specializing in auditing, forensics, architecture and management.
"[Demand] for firewall analysts was down 38%, incident handlers are down 22% and intrusion analysts are down 11%," Foote said. "It kept coming back to the fact that there are a ton of them out there."
The study found hiring by IT services firms accelerated in 2004, driving up skills pay for consultants with niche skills in networking, information security, applications development, Web services, systems integration, and others. "Skills pay is also being affected by increased government regulation that has spurred demand for IT consulting services and is expected to stimulate corporate hiring activity," Foote said. "Case in point: coming in 2005 is a flood of pent-up upgrades and systems enhancements that were delayed in 2004 as substantial IT resources were shifted to meet the Nov. 15th Sarbanes-Oxley compliance deadline, which was recently extended one year."
Laws like Sarbanes-Oxley will keep security specialists in hot demand, Foote said. "In the next year you'll see penetrating questions from auditors about whether [companies] are meeting the security aspects of these laws and protecting their assets. So while security salaries have leveled off this year because enough people are in the field, you'll see it pick up again because of the pent-up projects and compliance concerns. As companies have more questions about compliance, they're going to say, 'Now we have to spend…'"
Job-seeking security specialists should also know that companies are increasingly looking for not just those with a deep technical understanding, but also those who are business savvy and can sell the need for security enhancements to upper management, Foote said.