By Thomas Claburn
Jan 9, 2006
Information security pros with bachelor's degrees don't get any more
money than high school grads, but a master's or doctorate is
convertible to higher salaries, according to the study. Moreover,
communications skills rate more important than technical skills for
A new study released today confirms that there is indeed a growing
market for IS expertise.
Alan Paller, director of research at The SANS Institute, a respected
IT research and education organization, suggests that people "are
waking up to the fact that there's a shortage of security talent."
The SANS Institute's 2005 Information Security Salary and Career
Advancement study of over 4,250 IS pros finds that compensation for IS
jobs is strong and growing. For U.S. IS professionals, the median
income, including bonuses, is now $81,558. In Great Britain, it's
$76,389. In Canada, it.s $67,982. In the rest of the world, it's
Paller says his organization has not conducted a salary survey since
2002 because it didn't want to "pile on" during a time when salaries
were under pressure. But he contends salaries in 2005 were
significantly higher than three years earlier.
An infosec salary survey released in 2003 by Foote Partners LLC noted
that compensation declined the previous year. The Foote survey found
that in the fourth quarter of 2002, the overall base salaries for some
100 IT positions declined by an average of 2.8 percent from the fourth
quarter of 2001. Yet even so, during this period salaries for
corporate security positions rose an average of 5.5 percent,
suggesting that even in bad times, good security remains a valuable
One noteworthy finding in the SANS study is that there.s essentially
no difference in terms of compensation between IS workers with high
school degrees and those with bachelor's degrees. However, those with
advanced degrees -- a Master's or Doctorate - can expect to earn
significantly more than those with lesser academic credentials.
Another finding of note: certifications from The International
Information Systems Security Certification Consortium, Inc. (ISC) and
the Information Systems Audit and Control Association (ISACA)
translate into greater earnings than other certifications, such as
those bestowed by individual vendors like Microsoft or Cisco.
Respondents indicated that those certifications offered an edge in
management or policy-centric jobs -- typically highly paid positions.
But for hands-on security, survey takers said the Global Information
Assurance Certification (GIAC), administered by SANS, and
certifications offered by vendors were more advantageous.
Paller interprets this as an indication that there.s no substitute for
real world experience. "You can't become a pilot by studying
airplanes," he says, suggesting that employers should be wary of
computer security pros who have never wrestled with securing actual
Perhaps the most unexpected finding, according to Paller, is that
those taking the survey rated communication skills, both verbal and
written, as more important than technical knowledge in terms of career
Copyright =A9 2006 CMP Media LLC, All rights reserved.
InfoSec News v2.0 - Coming Soon!