[ISN] Even Security Salary Growth Slows

From: InfoSec News (isnat_private)
Date: Wed Jul 03 2002 - 04:39:22 PDT

  • Next message: InfoSec News: "[ISN] Apple: Taking OS X security seriously -- finally"

    July 1, 2002 
    By Lisa Vaas 
    The collapse of the dot-com bubble has finally had an impact on salary
    increases for information security jobs--a job family that was long
    considered a safe harbor for IT professionals. The percent of annual
    increases of salary declined from 11.6 percent in December 2000 to
    just 7 percent last year, according to a salary report released today
    by the SANS (System Administration, Networking, and Security)  
    Institute, a nonprofit organization of security professionals.
    The reason for the salary increase slippage is that dot-com companies
    had been doling out enormous raises to retain their security people,
    according to SANS Director Alan Paller. "[Dot-coms] were offering
    people 20 percent, 25 percent raises to leave old-economy companies
    and to come work for them," said Paller, in Bethesda, Md. "That pushed
    everybody else up. But they stopped hiring a year ago, and everyone
    else stopped having to give these extreme raises. It's a
    supply-and-demand rather than a value equation."
    The fact that security salaries are still increasing at all is an
    anomaly in these hard times. Recent research from Foote Partners LLC
    found that only three out of 17 IT job families are experiencing
    salary growth: security, network operations and SAP (to read the
    story, click here). Indeed, the lingering level of security salary
    increases actually reflects the fact that security hiring is down and
    companies are trying to hang onto the security staff they have, Paller
    "We're not seeing a lot of hiring," he said. "We're seeing huge
    numbers of companies deciding to keep their existing people happy.  
    They are getting them training in new fields and technologies, such as
    security technologies, project management and databases. But we're not
    seeing a lot of hiring from outside."
    However, according to Paller, there are some industries and sectors
    where security hiring is still robust. Those include government
    agencies such as the Department of Defense, the CIA and the National
    Security Agency, as well as the principal consulting firms that
    support them, including companies such as Science Applications
    International Corp., The Mitre Corp. and Computer Sciences Corp.
    The bulk of available security positions are senior technical jobs as
    opposed to security policy jobs, Paller said. "The demand is for
    people who really understand and have practiced forensics, for people
    who really understand and have practiced intrusion detection, system
    testing, vulnerability testing and penetration testing" he said. "A
    year ago, there was a large demand for people who could talk about
    those things, but that's disappeared completely."
    The salary survey, titled "The SANS 2002 Salary Survey," summarizes
    data collected from 1,214 security and system administration
    professionals during April and May 2002.
    In other survey findings, the United States for the first time slipped
    from being the world's top region for security salaries. Asia reported
    the highest pay, at 7.5 percent over the worldwide average. The United
    States came in second, at 5.6 percent over average.
    Paller pointed out that these findings are likely influenced by the
    fact that most of the Asians who participated in the survey live in
    Hong Kong and Singapore, which are two of the highest-paid technology
    centers in Asia. "There's a very high urban concentration near the
    biggest [Asian] cities, and no smaller cities [are represented] in
    Asia," he said. "So there's a small skew in that data. If we picked
    only New York, San Francisco, Washington and Chicago, there'd be much
    higher [average] salaries [in the United States]."
    Western European and United Kingdom security professionals got better
    raises over the past year—about twice as large--as did their U.S.  
    counterparts. But that's probably because their employers realize
    they've been underpaying security professionals, Paller conjectured.  
    The United Kingdom and Western Europe reported salaries 10 percent and
    13 percent lower, respectively, than the worldwide average, the study
    Some other results of the survey include: 
    * The average salary paid to all security and systems staff who 
      participated in the survey was $69,340. 
    * Bonuses paid in 2001 averaged 14.5 percent (median 10 percent) of 
      base salaries. 
    * Within the United States, New England/New York/New Jersey reported 
      the highest salaries, (9 percent over the U.S. average). West Coast 
      security salaries are 4 percent higher than average, and Mid-Atlantic 
      security salaries are 3 percent higher than the country's average. 
    * Employers with more than 10,000 employees paid their security and 
      system administration staff nearly 10 percent more, on average, than 
      smaller employers. 
    * Security and system administrators who work with Unix make almost 25 
      percent more than those who work primarily with Microsoft Corp. 
      Windows systems. 
    * Employers in consulting, system integration, aerospace, banking, 
      computer and network manufacturing, and telecom pay the highest 
      salaries. Education and other non-profit and government agencies 
      pay the lowest salaries. 
    IT Careers Center Managing Editor Lisa Vaas can be reached at 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Jul 03 2002 - 07:36:37 PDT