[ISN] Information Security Salaries Rise

From: InfoSec News (isn@private)
Date: Mon Jan 09 2006 - 22:34:52 PST


By Thomas Claburn 
Jan 9, 2006

Information security pros with bachelor's degrees don't get any more 
money than high school grads, but a master's or doctorate is 
convertible to higher salaries, according to the study. Moreover, 
communications skills rate more important than technical skills for 
career advancement. 

A new study released today confirms that there is indeed a growing 
market for IS expertise. 

Alan Paller, director of research at The SANS Institute, a respected 
IT research and education organization, suggests that people "are 
waking up to the fact that there's a shortage of security talent." 

The SANS Institute's 2005 Information Security Salary and Career 
Advancement study of over 4,250 IS pros finds that compensation for IS 
jobs is strong and growing. For U.S. IS professionals, the median 
income, including bonuses, is now $81,558. In Great Britain, it's 
$76,389. In Canada, it.s $67,982. In the rest of the world, it's 

Paller says his organization has not conducted a salary survey since 
2002 because it didn't want to "pile on" during a time when salaries 
were under pressure. But he contends salaries in 2005 were 
significantly higher than three years earlier. 

An infosec salary survey released in 2003 by Foote Partners LLC noted 
that compensation declined the previous year. The Foote survey found 
that in the fourth quarter of 2002, the overall base salaries for some 
100 IT positions declined by an average of 2.8 percent from the fourth 
quarter of 2001. Yet even so, during this period salaries for 
corporate security positions rose an average of 5.5 percent, 
suggesting that even in bad times, good security remains a valuable 

One noteworthy finding in the SANS study is that there.s essentially 
no difference in terms of compensation between IS workers with high 
school degrees and those with bachelor's degrees. However, those with 
advanced degrees -- a Master's or Doctorate - can expect to earn 
significantly more than those with lesser academic credentials. 

Another finding of note: certifications from The International 
Information Systems Security Certification Consortium, Inc. (ISC) and 
the Information Systems Audit and Control Association (ISACA) 
translate into greater earnings than other certifications, such as 
those bestowed by individual vendors like Microsoft or Cisco. 

Respondents indicated that those certifications offered an edge in 
management or policy-centric jobs -- typically highly paid positions. 
But for hands-on security, survey takers said the Global Information 
Assurance Certification (GIAC), administered by SANS, and 
certifications offered by vendors were more advantageous. 

Paller interprets this as an indication that there.s no substitute for 
real world experience. "You can't become a pilot by studying 
airplanes," he says, suggesting that employers should be wary of 
computer security pros who have never wrestled with securing actual 

Perhaps the most unexpected finding, according to Paller, is that 
those taking the survey rated communication skills, both verbal and 
written, as more important than technical knowledge in terms of career 

Copyright  2006 CMP Media LLC, All rights reserved. 

InfoSec News v2.0 - Coming Soon! 

This archive was generated by hypermail 2.1.3 : Mon Jan 09 2006 - 23:02:22 PST