IT security and compliance professionals are constantly looking to improve their career, seeking increased responsibilities at their current employer, and keeping an open mind to new opportunities.
There's a balancing act being played at the highest levels between hiring more people and automating processes.
research director, Spire Security
That was among the key findings of TechTarget's IT Salary Survey 2012. The survey was conducted among readers across TechTarget's network of sites and polled 2,277 IT professionals in North America, boasting specialties in 40 areas of IT. The survey included about 200 people who indicated IT security, compliance, risk management or disaster recovery as their primary role within the organization.
Of those indicating a security or compliance role, only 25% were satisfied with their current job. And only 22% planned to stay in their current role over the next 3 to 5 years.
The survey reflected a common theme throughout the security industry: Many career-minded IT security pros change jobs frequently. Job networking is a frequent occurrence on social network sites and mailing lists. Those that are willing to travel to advance their career are making connections at industry conferences and finding positions. The survey found that while many are not actively seeking a new position, more than half said they were open to new opportunities. It comes at a time when HR departments are struggling to fill certain IT security roles, citing an expanding skills gap in the industry.
Career Advice for 2013
The IT security skills required by some firms have become a lot more specific. The demand for security generalists is waning.
For many IT security and compliance professionals, 2012 was a good year, according to the survey. Raises were common among those surveyed, with 57% receiving one in 2012, 43% received a bonus, and only 11% had no change in pay in 2012.
Roughly half of those surveyed indicated making between $100,000 and $150,000 in 2012. Only 6% said they made more than $150,000, not including an annual bonus and other perks.
A common message that a significant investment in maintaining IT security is needed may be sinking in at some organizations. Regardless of whether the cybercriminal threat has increased, advanced persistent threats and the impact of cyberwar has been a consistent theme over the last two years, said Pete Lindstrom, a research director at Spire Security. The risk of intellectual property theft, stolen account credentials and data leakage is perceived as constantly increasing, Lindstrom said. Company executives need to figure out whether there is really a need to scale security programs in the face of new threats.
"We don't necessarily want more cops, but we hire more cops because we feel a need for more of them," Lindstrom said. "There's a balancing act being played at the highest levels between hiring more people and automating processes. For security professionals, the entire profession exists to reduce risk using the minimum resources."
Those surveyed said productivity goals were a major measurement of success at the organization. Innovation and creativity also was a common goal, followed by maintaining uptime and reliability of systems and applications within the organization. Only 12% said return on investment (ROI) for projects was a major factor in measuring success. Other respondents identified the ability to keep the company breach-free, reduce risk or maintain compliance as factors in measuring performance throughout the year.
Approximately 38% received a raise of up to 6% of their base salary. Of those receiving a bonus, 23% were rewarded with $5,000 or more in 2012.
Most of those surveyed could be considered security industry veterans. Eighty-six percent of people that indicated security, compliance, risk management or disaster recovery as their primary responsibility had more than a decade of experience.
2013 IT security, compliance salary, job outlook
The IT salary survey 2012 indicated that raises are anticipated in 2013, but many of those surveyed are not counting on a bonus. Approximately 55% said they anticipate a raise in the next 12 months; about 43% anticipate a bonus.
Only 23% said their salary would stay the same in 2013.
Those surveyed are also looking to boost staff and fill security specialty positions. Only 20% said the IT organization was fully staffed, and approximately 43% would be looking to make new hires in the IT organization in 2013. The survey's findings support previous reports that indicated the credit bubble burst in 2008 had a negligible impact on IT security industry jobs. Highly coveted jobs include security analysts, security-minded software engineers and systems administrators.
The mood at most companies is generally pretty good, with 37% indicating they have an optimistic attitude. Only 24% were pessimistic.