Getting your bachelor’s degree before entering the information security job market? Don’t expect to get paid more than a high school graduate. If you’re working on a master’s or doctorate degree, however, you can expect your salary to take a jump.
This comes from a new report out of the SANS Institute. The 2005 Information Security Salary & Career Advancement Survey, which polled 4,250 security professionals, shows that the IS job market is growing, as are salaries.
The study also shows that security professionals say writing and speaking skills are more valuable than technical skills; the thing that angers them about management the most is a lack of vision, and people with soft security certifications say they’re not prepared for hands-on work.
”We had some interesting results,” says Alan Paller, director of research at the SANS Institute, a major IT research and education organization. ”The techies themselves say there’s one thing more important than technical skills and that’s speaking and writing skills when it comes to career advancement. I expected their bosses to say it, but they said it themselves.”
Paller says they never asked the question before but he’s quite sure that it’s a new phenomena for IT professionals to be concerned about their communication skills.
”I don’t think it was ever very high on their list,” he told Datamation. ”One of the reasons security fails is because the security people can’t make the business people understand the importance of security. If they can learn to make effective presentations, they can make a lot of difference in improving security for their organizations. It also will help them with their careers, but think about how much it will improve security.”
Salaries are Up
Paller also says the stagnant salaries of the early part of the decade seem to be recovering. For security professionals in the United States, the median income, including salary and bonuses, is $81,558. And the U.S. is doing better than other countries. The worldwide median, according to SANS, is $77,050. Great Britain’s median is $76,389 (or 94 percent of the U.S. median), and Canada’s median is $67,982 (or 83 percent of the U.S. median).
The study also shows that a senior security executive, with a title like chief information security officer or chief privacy officer, has a median income of $106,326. That shows an increase of 3.6 percent. And a senior technology executive, with a title like chief technology officer or VP of operations, has a median income of $101,667 — an increase of 2.8 percent. For technical security professionals with titles like network architect or Web security manager, the median drops down to $75,275, an increase of 2.9 percent.
And not surprisingly, years of experience directly correlates with compensation. A security professional with less than three years of experience has a median income of $63,529. Someone with more than five years of experience but not quite 10 years, receives $82,283, and someone with more than 20 years of experience takes home $101,724.
”Salaries are rising about 3 to 3.5 percent.” says Paller. ”The average ranges from $75,000 for technical people to $106,000 for CSOs. Those are pretty good salaries. It’s about 14 percent better than three years ago. But it wasn’t a smooth transition. [Salaries] went down a little bit before they came back up. There was a year or two with no raises at all. That whole telecom collapse took a lot out of salaries.”
The SANS Institute study also shows that earning a bachelor’s degree isn’t going to do you much good when you open up your wallet. In fact, according to the survey, security professionals with a bachelor’s degree take home a median income of $77,247, while those with only a high school diploma earn $78,731.
To see any kind of salary increase, a security professional needs a master’s degree, which should bring them in $90,647, or a doctorate, which will earn them an average of $98,333.
Frustrations and Delights
The survey also asked IS professionals about what frustrates them and what delights them.
In choosing ”the single best thing your employer does to make you enjoy working,” nearly 28 percent said it’s trust. That trust might come in the form of freedom or autonomy, respect, support and encouragement. The second-highest choice (11.6 percent) was working hours and work/life balance. After that, respondents chose (in order) compensation, challenge, corporate culture, recognition and interesting projects.
The survey also asked people about ”the single worst thing your employer does that makes working no fun at all.”
The top complaint (at 20.2 percent) was lack of vision and micromanagement. That was far ahead of the second-place complaint, long and undesirable work hours, which came in with 9.9 percent. After that was low compensation, politics, lack of funding, lack of authority, bureaucracy and red tape, poor communications and lack of training.
”The top thing that makes them mad is management with a lack of vision, long working hours and low compensation,” says Paller. ”That’s what you’d figure. What makes them happy, though, is trust. It’s higher than the next thing (balance between work and home) by a factor of three. I think security people really care about improved security and they’re frustrated that they can’t get people to do what they’re suggesting. Nobody listens to them. It’s a Rodney Dangerfield problem. Maybe this is what led them to say that speaking and writing skills matter.”
Soft certifications also got a thumbs down in the survey. People who hold soft security certifications voted two to one that their certifications do not prepare them for a hands-on job. ”The people who hold those certifications voted that way,” adds Paller. ”If you want a hands-on security job, you don’t focus on soft certifications.”