News Stay informed about the latest enterprise technology news and product updates.

Security certifications gaining value - good times are here

Companies are beginning to seek out more security talent in niche areas according to the latest job skill and certification research from Foote Partners LLC. Security certification premiums increased 2.2% over the last six months compared to other areas that are flat or losing ground, according to David Foote, president of the research firm. I interviewed Foote today to find out what niche areas may be highly coveted.

The premiums could be embedded into base pay or in addition to base pay in terms of bonus or variable pay. Among the certifications paying a premium: (There’s no big surprises here) certified information systems security professionals (CISSP), certified information systems auditor (CISA), certified information security manager (CISM). Some extensions doing well: CISSP – management and professional, architecture and professional, engineering professional. These are earning between 10-16% of base pay.

Foote said that on average, for one certification in information security, people are earning 9% of base pay. Out of 151 certifications that Foote Parnters surveys, overall the average individual certification is at 8% right now. Only 1% more than the average may not seem like much, but Foote said it is significant, because security certification premiums are surging while many of the other certifications have been declining over the last year.

Some security skills in high demand: Autocorrelation, incident response, forensics, packet-level network skills, applications network use and packet skills, identity management and LDAP, wireless security, VoIP security, and Legal compliance, audit and remediation.

Foote also said that small specialty security consultancies are having trouble filling positions. Although Foote’s survey has had a pretty good finger on the pulse of the job market, (he says he tracks over 67,000 IT worker salaries and IT skills pay), it’s still very hard to know exactly how the job market is doing since there’s so many factors involved. I’m curious as to what you’re seeing in the job market. Is it easy to get a security job today? How do you make yourself stand out to a prospective employer? Comment here or send me an email at rwestervelt [at] techtarget [dot] com.

Technorati Tags: , , ,

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I am currently a sole proprietor of a information security and privacy compliance. I have certifications as a CISA and CIPP (Certified Information Privacy Professional) and I am on the Board of Governors for IIA. Prior to this I retired from a CRM company I founded and sold in 2003 to a large conglomerate. However, my age is 64 and I understand age is a factor with many companies but more than likely I am in better shape than many chief executives in their early fiftys. Let me know if this makes any sense to a prospective employer.
In your article you state that companies are seeking out more security talent. I believe compaines are try to steal the talent that other compaines have. I just recently graduated and have an Associate Degree in Computer Forensics, but I don't have any job experience. I am currently back in a program attempting to get a Security + certification because with out the experience no one will give me a chance will this certification open doors that currently closed?
Curtis, I'm a managing partner for a small IT consulting firm, C Johnson & Associates, LLC. I do agree with you that it is sometimes difficult breaking into an an industry. The certification may help, but don't count on it. You might consider interning/volunteering for a company/small business that you are interested in to get that initial experience potential employers are looking for. The government is another place to look for internships. Hope this helped.
I obtained an associated degree in Computer an Information Science. Through a placement program I landed an entry level Information Security Analyst (after 6 months of looking) job with the US Coast Guard. Having no experience I consider myself very lucky. The first thing I did was get the Security+ certification. Then I started studying for the CISSP. I was fortunate in that my employer funded a boot camp for me. I used that as a starting point and focused on the areas I felt needed the most attention. I passed but still have to wait until I fulfull the time requirement. However, even as an Associate of (ISC)2 I've had lots of opportunities at new securtiy jobs but feel a great degree of loyalty to my current employer becuase of the support given.