Survey: It pays to be a security pro

By Bill Brenner, Senior News Writer 09 Jan 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Pay is good and getting better for security pros -- especially if their job titles include the words "chief" or "director" and they work for large companies in the IT, utilities and financial sectors.

However, the benefits of advanced degrees and certifications aren't as clear; certifications haven't made much difference for some, while others have done well with nothing more than a high school diploma.

Those are among the SANS Institute's findings after polling more than 4,250 security pros in October and November for its 2005 Information Security Salary and Career Advancement Survey. The Bethesda, Md.-based training and certification group released a .pdf of the survey Monday.

More on salaries and certs Security pros gain ground in the board room Microsoft pads security partner competency CISSP among highest paying certifications SANS drops hands-on portion of GIAC certifications SearchSecurity.com guide to infosec certifications Salaries level off, but IT security professionals still in demand

SANS Institute Research Director Allan Paller said in an e-mail that respondents provided detailed answers to 30 questions about their compensation, background, employer, certifications and job responsibilities, among other things.

Pay is good and getting better
A majority of respondents said compensation for information security jobs is strong and getting better, especially in the United States. The median income for U.S. information security professionals -- including salary and bonuses -- is $81,558 a year. By comparison, it's $76,389 in Britain and $67,982 in Canada, the SANS report said.

Compensation is highest among those with such titles as chief information security officer, chief risk officer, chief privacy officer, chief security officer, director of security and security manager. Professionals in this category are earning an annual salary of $106,326, including bonuses, in the U.S.

On the lower end of the scale, those with such titles as network architect, security analyst/consultant, security auditor, security engineer, systems engineer, systems integrator, security penetration tester, network administrator, programmer, systems administrator, and Web security manager earn a salary of about $75,275 in the U.S.

The survey also showed that larger companies pay more. Security pros working for companies with 100,000 or more employees said they earn a salary of about $86,388, while those working for companies with fewer than 250 employees earn about $75,185.

Not surprisingly, those who've been at security the longest are earning more. Respondents with less than three years of experience reported earning a salary of about $63,529, while those with 20 or more years of experience are earning a salary of about $101,724.

Keys to success not the same for all
The survey shows professionals benefiting from their advanced degrees and certifications. But some say certifications haven't made much difference in their pay and career advancement, while others reported doing well with nothing more than a high school degree.

For starters, security professionals with bachelor's degrees aren't necessarily earning more than people without college degrees. Those with a high school diploma reported earning about $78,731 a year, while those with a bachelor's degree reported earning $77,247.

On the other hand, advanced degree holders get far better pay than people who hold master's or Ph.D. degrees. Those with a master's or Ph.D. reported earning between $90,647 and $98,333 a year.

Meanwhile, those in the IT, utilities and banking-insurance-financial sectors said they're earning more -- between $82,927 and $84,397 a year -- than those in other industries. Professionals in the healthcare sector, for example, said they earn about $75,988.

Certifications help some, not others
Most of those surveyed said they hold at least one relevant professional certification. Some respondents said they hold multiple certifications. While many have enjoyed career advancement and better pay as a result, 34% said their certifications haven't made much difference when it comes to getting promotions, raises or high pay.

Of the 4,250 people polled, 1,172 said they hold ISC(2) certifications (CISSP, SSCP); 1,135 said they hold vendor certifications from the likes of Microsoft and Cisco Systems Inc.; 903 hold GIAC certifications (GSEC, GSWN, etc.); 459 hold ISACA certifications (CISA, CISM); and 442 hold CompTIA certifications (Security+, etc.). Of them:

• 27.8% said their certifications helped them better defend systems against penetrations.
• 24.1% said their certifications helped them get a new job.
• 19.6% said it helped them get a raise.
• 15% said it got them a promotion.
• 11.6% said being certified helped their consulting companies get new business.
• 34.4% said their certifications had no impact on any of those factors.

People who hold certifications from ISC(2) and ISACA are earning more -- between $91,555 and $98,571 -- than those who hold other certifications, SANS found. Those with a CompTIA certification, for example, said they earn about $68,036.

Tags: Information Security Jobs and Training,  CISSP Certification,  Security Industry Certifications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Jobs and Training Security jobs survey finds fewer budget cuts, lower security salaries IT security skills and certification pay Information security skills must include communication, expert says Despite recession, pay climbs for top IT security certifications How do I transition to a career in IT security? Information security book excerpts and reviews Security skills pay increases despite economic downturn Getting the CEH certification to join an ethical hacking network Finding a security management job after an economic downturn How to become an information security expert CISSP Certification IT security skills and certification pay Despite recession, pay climbs for top IT security certifications Information security book excerpts and reviews Security skills pay increases despite economic downturn How do I get CPE credits? Finding a security management job after an economic downturn What is the GISP certification and how does it compare to the CISSP certification? Security certifications Certification still pays for CISSPs, CISMs CISSP Domain 1 quiz: Security Management Practices CISSP Certification Research Security Industry Certifications Security jobs survey finds fewer budget cuts, lower security salaries IT security skills and certification pay Despite recession, pay climbs for top IT security certifications How do I transition to a career in IT security? Security skills pay increases despite economic downturn How do I get CPE credits? Getting the CEH certification to join an ethical hacking network What is the GISP certification and how does it compare to the CISSP certification? New certification targets software security Security certifications

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Cisco Certified Security Professional (CCSP)  (SearchSecurity.com) CSO  (SearchSecurity.com) security clearance  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary