[ISN] Paychecks For Security Pros In The Heartland Catching Up To Northeast, Silicon Valley

From: InfoSec News (alerts@private)
Date: Tue Jun 12 2007 - 00:02:41 PDT


http://www.informationweek.com/security/showArticle.jhtml?articleID=199902153

By Sharon Gaudin
InformationWeek
Jun 7, 2007

IT security professionals living outside of Silicon Valley and the 
Northeast are getting substantial raises.

An eight-year study by the SANS Institute shows that security 
professionals working in the rest of the country -- especially the 
Midwest, the Northwest, and the Southeast -- are catching up to their 
better-paid security brethren. When it comes to getting the best raises, 
these areas have been at the top of the charts since the end of the last 
century, with salary growth exceeding 7.5% yearly.

"There has been a leveling," said Alan Paller, director of research at 
the SANS Institute, in an interview with InformationWeek. "It used to be 
that from New York to Boston and then in California, salaries were way 
ahead. That's where you went if you wanted a lot of money. Then the rest 
of the country discovered they were just as much a target for attacks as 
the California and New York firms were. It's not that they're getting 
paid more than New Engand, but they're getting bigger raises and 
catching up."

Have they caught up, yet, though?

According to Paller, the Mid-Atlantic region -- Pennsylvania, Maryland, 
Virginia and Washington -- has the biggest paychecks for security 
professionals, coming in at a mean salary of $95,615 for 2006. The 
Northeast came in second with $92,452, while the West, which includes 
Silicon Valley, rang in with $86,368. The Midwest is seeing a mean 
salary of $84,120, as the Northwest comes in at $81,186. The Southeast 
comes in at $80,123 and the U.S. Central, which includes Kansas, 
Oklahoma and Texas, came in at $78,666.

Paller, though, was quick to point out that salary satisfaction doesn't 
come from having the highest salary. It comes from having consistent 
increases in your salary.

"Satisfaction is less related to the absolute value of your salary than 
with the change," he explained. "People who are getting good raises 
every year are feeling appreciated. Those people will be much more 
satisfied with their compensation than people who are paid well but 
haven't gotten raises in two years. Satisfaction in security is much 
higher in areas outside of the traditional high-paid areas, like Silicon 
Valley."

The SANS survey also shows that Federal Information Security Management 
Act and the advancement of China's technology capabilities are 
propelling salaries in industries like aerospace and professional 
service providers who work for government agencies, handling jobs like 
security assessments and auditing. Those are two of the industry 
segments that showed an eight-year total salary increase of 65%. Just a 
few weeks ago, the Department of Defense released a report saying that 
the People's Liberation Army in China is building up its cyberwarfare 
capabilities, even creating malware that could go after enemy computer 
systems in first-strike attacks.

"It's two-thirds FISMA and one-third that the Chinese are all over the 
aerospace industry and government computers," said Paller. "We're trying 
to build protections against attacks. ... [The DOD] wouldn't have said 
it publicly if they didn't think that some action really needed to be 
taken. It's been known for some time but talking about it means they're 
really worried."

Paller noted that salaries for security professionals working in the 
telecommunications and finance industries are growing strong, but that's 
not surprise since they have been for years.

Who's not doing so well?

Salaries in manufacturing, health care, and education aren't fairing 
nearly so well, coming in at the low end of the pay spectrum. "They've 
always been the lowest paid and they're getting the lowest raises," said 
Paller.

As for what jobs are doing well, and not so well, it looks like managers 
are seeing more raises than the people they're managing.

Some of the positions that saw their salaries grow by more than 65% in 
the past eight years are IT director; director or manger in information 
security or audit; CISO; CSO; chief compliance officer; chief privacy 
officer; chief of audit, and security auditor.

Those who got smaller raises include security architects; systems or 
network managers; intrusion detection specialists; forensics 
investigators, and desktop support.

"It's basically appreciation of the value of these people," said Paller. 
"Through these last seven years, people have valued writing about 
security higher than doing security and that's because of regulations. 
FISMA is not measured on how secure your systems are but how well-done 
your reports are. It's more or less the same with HIPAA and SOX. Most of 
the money went to people who wrote about security rather than those who 
did security. That's what these attacks from the Chinese and 
cybercrimals has changed. IT's moving security back into the operational 
people's hands " operational directors."

SANS is in the process of running another salary survey. The new study 
will focus on the past year, as opposed to this study which focused on 
an eight-year span. To participate in the new study, go to this Web site 
[1].

[1] http://www.sans.org/salary2005/


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Tue Jun 12 2007 - 00:06:45 PDT