Though hiring managers may be hunkering down amid the economic turmoil, newly released skills pay data shows a surprising trend: some information security pros are taking home pay increases.
In the final quarter of 2008, overall pay for uncertified IT skills recorded a calendar quarter decline of 0.5% -- the first such decline since mid-2004, according to the IT Skills and Certifications Pay Index published by Vero Beach, Fla.-based Foote Partners LLC.
However, pay for a handful of IT skill sets -- including designations covering several security skill sets and certifications -- grew in Q4, prompting speculation that corporations are placing a priority on people and skills they believe will help them through the crisis.
"It's not just 'slash-and-burn' recession strategy based strictly on CIOs cutting costs," said David Foote, co-founder and CEO of Foote Partners. "It looks like a calculated effort [by CIOs], in a time of chaos and severe constriction, to smartly invest in skills and technologies that will not only tactically see them through the recession but also ensure that [their companies] are stronger and undiminished at their core when it's over."
Security jobs, skills and certifications:
Guide to vendor-specific information security certifications: Certification experts Ed Tittel and Kim Landros provide an overview of vendor-specific information security certifications available.
Security Certifications' Ethics Programs Merely Window-Dressing: Professional information security organizations' efforts to improve their ethics programs only dress up an ugly situation.
So what is it about security in particular that CIOs find appealing in red-budget years? Foote said while it's unlikely that executives will worry about growth and expanding profit margins in the coming months, they have more time to focus on the data that their companies already have, and the importance of keeping that data intact until the economy's fever breaks.
With the numerous layoffs that face many corporations, data leakage by disgruntled ex-employees is a real concern. Foote said CIOs may be looking for security pros to implement new DLP products or monitor IAM systems to keep former employees from compromising sensitive information.
"It's not how much or how little you spend that is the key to maintaining, or even increasing, growth and profitability during economic downturns," Foote said. "It's about how smart you're (sic) spending [is] on IT products, services and labor."
Looking at the numbers, it seems companies think security is a smart investment indeed. Overall IT security certifications pay grew 0.8% over the last 3 months and 1.9% year over year. Certifications posting the greatest gains were the GIAC Security Essentials Certification (GSEC), which was up 46.7% in Q4 of 2008, and the Certified Ethical Hacker (CEH) certification, up 40.0%. The Certified Information Security Manager (CISM) was also up 7.1% over the last quarter. Of the highest paying IT certifications, 18 out of 42, or 42.9%, were security certs.
For non-certified security skills, network security management made neither gains nor losses in Q4, but was up 6.7% over the last 6 months, and 14.3% year over year. Also, network security management and what are noted in the report as 'various, project-based security skills' were among the highest paying non-certified IT skills of the last three months.
"There are a lot of factors driving this [upward trend]," said Foote, "but all in all it just shows how far IT management has come since they were in this position last time. A very positive thing to see in some very negative conditions."