[ISN] Salary premiums for security certifications increasing, study shows

From: InfoSec News (alerts@private)
Date: Tue Jul 10 2007 - 22:17:29 PDT


By Jaikumar Vijayan
July 09, 2007

Want more money for your information security skills? Try getting a 
professional certification. For all the continuing debate about the real 
value of IT certification programs, the premiums that companies are 
willing to pay for certified information security professionals is 
actually trending upwards.

A report released last week by New Canaan, Conn.-based Foote Partners 
LLC shows that formally certified security professionals on average are 
still commanding about 10% to 15% higher salaries than noncertified 
individuals in comparable roles. The numbers were marginally higher than 
the premiums offered for certified security professionals six months 
ago. Among the certification programs commanding the highest premiums 
were Certified Information Systems Security Professional (CISSP) , 
Certified Information Systems Auditor (CISA) and Certified Information 
Security Manager (CISM).

In contrast, the premiums being offered for individuals with 
professional certifications in other IT areas fell by about 2% over the 
past one year, according to the Foote report. The analysis was based on 
salary data from 33,800 U.S and Canadian IT professionals.

"Security certifications bucked the overall trend by growing in value 
from October to April, up an average of 1.7 percent across the entire 
group of twenty-seven security certifications that we survey," the 
report said. "This is a very important development, because salaries as 
well as skills pay for IT security professionals stopped growing and in 
some cases declined a few years ago following what had been a strong 
wave of hiring in the wake of Patriot Act, Homeland Security Act, and 
Sarbanes-Oxley Act legislation," the Foote report said.

That trend has begun reversing itself as demand for qualified security 
professionals has begun to steadily grow recently, said David Foote, CEO 
of Foote Partners, in an interview with Computerworld. High-profile 
breaches, such as the one at TJX earlier this year, have made company 
executives increasingly nervous about the impact of security breaches on 
their customer bases, Foote said. As a result many have begun to ramp up 
their security efforts, resulting in an overall increase in demand for 
qualified security professionals to their highest levels after 9/11, he 

This trend in IT security certifications pay is an indication that, 
finally, there is something other than government regulation that is 
driving business leaders to invest more in security, Foote said. "The 
trend is not being driven by compliance and regulations. It is being 
driven by people saying customers are demanding more security," from the 
companies they do business with, Foote said.

Also pushing up the premiums for security certification is a new 
Department of Defense directive which requires over 100,000 security 
professionals in certain specific job roles to be certified within a 
five year period, Foote said. The directive affects full- or part-time 
military service members, contractors, or those with privileged access 
to DOD information systems who are performing information assurance 

The two trends are creating a "perfect storm" in terms of pushing up 
premiums for IT security certifications at a time when other 
certification programs are commanding lower premiums than they used to, 
he added.

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Tue Jul 10 2007 - 22:27:15 PDT