Who's Popular Now? Information Security Workers Gain Favor in IT World



Similar documents
TECH SKILLS PAY GETTING A BOOST FROM RETENTION FEARS, OFFSHORING FAILURES, AGGRESSIVE CONSULTING INDUSTRY HIRING

increased demand for banks to help companies structure their finances EXPECTATIONS

2015 WAS A MIXED YEAR FOR THE INDONE- SIAN RECRUITMENT MARKET.

Helping Companies Build Great IT Departments Since 1981

COMPENSATION REPORT FOR FINANCIAL PROFESSIONS WITH CANDIDATE RECRUITMENT INSIGHTS

Item number a

An Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans. NICE Annual Conference November 2015

Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor

THAILAND. Despite major political unrest in 2014, the labour market in Thailand remained buoyant.

PRE-IPO/VENTURE-BACKED PAY PLANNING Getting Your Startup s Compensation House in Order By Brett Harsen, Vice President

Full-Speed Ahead: The Demand for Security Certification by James R. Wade

Career Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88

SHINY HAPPY PEOPLE. Salary survey ANALYSIS

Securing Critical Information Assets: A Business Case for Managed Security Services

PMO Director. PMO Director

SANS CyberTalent VetSuccess Immersion Academy. VetSuccess

Career Paths in Information Security v6.0

How to Attract and Retain Women in the Industry. Findings from the (ISC) 2 Women in Security Study

HR 2014 Salary & Employment Insights The Rocky Road to Recovery

Technology s Fastest-growing Fields:

2015 INSIGHT BANKING & FINANCIAL SERVICES

IT Market Monitor. Salary and Vacancy Trends: Q Designed to bring you current trends in the Technology staffing industry

Leading Through Uncertain Times

Human. Rısk. By Matt Shadrick and Seymour Adler, Ph.D., Aon Consulting Worldwide

Career and Job Highlights for Computer and Information Systems Managers

Employee Engagement Drives Client Satisfaction and Employee Success in Professional Services

HR Manager Job Description

TURNINGPOINT TALENT QUARTERLY REPORT. Q Marketing Compensation & Hiring Trends. Page 1

16,300 IT jobs added to U.S. payrolls in October, all in the IT services industry.

HIRING THE BEST IN 2016

CERTIFICATIONS IN HUMAN RESOURCE MANAGEMENT PROFESSIONAL HRMP EXAM CONTENT OUTLINE

Making HR Strategic: Integrated Human Capital Management Holds the Key

IT Workforce snapshot

Talent 2020: Surveying the talent paradox from the employee perspective The view from the Health Care sector

IT Salary Guide. Southern California. Released February 2015

HR SOLUTIONS RECRUITING FOR A NEW AGE

SURVEY FINDINGS. Executive Summary. Introduction Budgets and Spending Salaries and Skills Areas of Impact Workforce Expectations

When the vice president of sales wants. Sales Talent Through Partnerships. Attract, Deploy & Retain the Right

The Why & How of Managed Services

BRAZIL was a slow year in Brazil with just over 2% GDP growth.

DoD Directive (DoDD) 8570 & GIAC Certification

THE WHY & HOW OF MANAGED SERVICES

Copyrighted Material CASH BONUSES. Four Ways to Attract, Retain and Motivate Employees. Copyrighted Material

White Paper Preparing Your Contact Centers for the Customer Experience Tsunami. Transforming Passion into Excellence

VetSuccess. Top employers providing America s veterans with careers in cybersecurity

The fast track to top skills and top jobs in cyber. Guaranteed.

LexisNexis State of the Legal Industry Survey Complete Survey Findings

Vietnam. companies and retailers might consider individuals with complementary FMCG experience whose skills can be refined internally.

Strategic Recruiting Where are the dental employees we need? by Ronald F. Arndt, DDS, MBA, MAGD

What s On the Minds of HR Directors? Neil Reichenberg Executive Director International Public Management Association for Human Resources

2010 ASPE-SDLC, Ravenflow & IIBA Business Analyst Salary Survey

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security

2016 EXPECTATIONS 2015 INSIGHT

The Magazine of WorldatWork Total Rewards Model LEADS THE WAY

BELGIUM was a year of recovery for Belgium.

Outsourcing HR: Advantages for Small Businesses

Security Transcends Technology

jobsdb Compensation and Benefits Survey Report 2015

Course Descriptions for the Business Management Program

COMPUTER SCIENCE DEGREE CAREER PATH

IT Workforce snapshot

BeecherMadden Cyber Security Recruitment Trends 2012

Operations Excellence in Professional Services Firms

NAS Insights Knowledge times 7

Application Trends Survey

Differentiating Employee Value Proposition for the Sales Force. Scott Sands Global Practice Leader, Sales Force Effectiveness Hewitt Associates

What specific talent groups will be necessary to achieving strategic business goals?

Top 5 In-Demand Degrees

2014 HIMSS Workforce Survey AUGUST 2014

Career Analysis into Cyber Security: New & Evolving Occupations

THE SANS INFORMATION SECURITY SALARY & CAREER ADVANCEMENT SURVEY

The evolution. of the IT manager

A Guide to Identifying, Assessing & Contracting with Executive Search Firms

Making the Business Case for HR Investments During Economic Crisis

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

GLOBAL TREND REPORT IT PROJECT MANAGEMENT OFFICE H1 JAN-JUN

THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW

Determining the Right Salary/Incentive Ratio for Your Sales Jobs 1 by Jerome A. Colletti Mary S. Fiss Colletti-Fiss, LLC

Information Security Specialist Training on the Basis of ISO/IEC 27002

Job Title Dublin Cork Regional

Close Brothers Graduate Programme

E m e r g i ng From a Crisis

Managing HR on a Global Scale

Application Trends Survey

HR and Recruiting Stats That Make You Think. A Statistical Reference Guide for Talent Acquisition Professionals

PROCUREMENT LEADERS IN A CHANGING WORLD: WILL THEY DECLINE OR THRIVE?

THE 2013 INTERNAL AUDIT COMPENSATION STUDY EXECUTIVE SUMMARY SEPTEMBER 2013

Human Resource Management in Organized Retail Industry in India

Case Study: AT&T. AT&T has taken its Recruitment Brand Back

B2B Marketing Effectiveness Benchmarks, Insights & Advice

2009 Talent Management Factbook

Insurance Industry 2015 Employment and Hiring Outlook

Recovery: Are We There Yet?

white paper true value: getting salary and benefits right managing your employee expectations

GLOBAL TREND REPORT IT PROJECT MANAGEMENT OFFICE 2015 OUTLOOK

A CFO s Guide to Creating a High Performance Organization: Workforce Management Best Practices

FRANCHISE BUSINESS JOURNAL

What If Your In-House Physician Recruiting is Not Working? The Benefits of Recruitment Process Outsourcing for Healthcare Organizations

Program Drill-Downs National

Report 015 Retention. Life Working Series 2015

Transcription:

workspan, March 2003, Volume 46, Number 3 Who's Popular Now? Information Security Workers Gain Favor in IT World By David Foote, Foote Partners LLC Underdogs for years, information security workers are emerging triumphantly in a new world of restrained budgets and rising cyber threats. Quick Look Branded as slow, expensive and difficult to work with, security professionals have not achieved the kind of recognition enjoyed by many of their more glamorous technology peers. With a weakened economy and new kinds of threats, many companies are reprioritizing and refocusing their budgets, and information security is emerging as the "Next Big Thing." Starting now, but accelerating sharply in early 2004, employers will much more aggressively recruit security professionals with new combinations of skills, knowledge, experience and character. Page 1

Among their information technology (IT) colleagues, security professionals have never earned the kind of recognition enjoyed by many of their more glamorous peers, such as software programmers and Web developers. Even worse, they've been branded as slow, expensive, intrusive and difficult. But the listless economy, rapidly expanding e-business development and new terrorist threats have forced companies to reprioritize and refocus budgets. Information security (infosec) is slowly emerging as one of the "Next Big Things" in IT careers. Infosec compensation has shown astonishing staying power in a tough transition period, according to two recent compensation studies conducted by Foote Partners. The studies involved tracking nearly 1,800 IT organizations since 1998, covered nearly 30,000 public and private sector IT professionals in the United States, Canada and Europe, and drew upon continuous data collection updated and published quarterly. (See "Survey Methodology".) The research is compiled from: Confidential compensation data obtained directly from IT and business executives Research partnerships with several hundred HR departments Direct interviewing and "interactive" surveying through Jan. 1, 2003. Both studies show a marked divergence between security jobs and the rest of IT in most compensation statistics. Base salary, total compensation and certification premium pay for security professionals continued to climb in 2002, while compensation for almost all other IT categories eroded or was unchanged. The bottom line is, with above-average pay performance in security-related jobs posted for a second straight year, and an enormous upside potential for long-term career advancement, many of IT's best and brightest may gravitate to the field as it evolves. The Changing Landscape Infosec is struggling through major transitions: Expanding its focus to include protection of virtual, as well as physical, perimeters Developing security operations on a global scale Attempting critical initiatives with only limited authority to act. With risks and threats rising, the days of semi-reformed hackers being considered for the head security jobs are over. Viruses, regulations, terrorism and other factors have expanded the security threat and led to stiffer qualifications at every level of security hiring. As a consequence, the average total compensation for four of six security-related positions surveyed now exceeds $100,000 for the 1,260 security professionals included in the fourth quarter 2002 edition of the Quarterly IT Insider Professional Salary Study. Security budgets have been spared the drastic cost-cutting plaguing IT because companies are spending billions on e-business infrastructures and development, and will continue to do so for years. Analysts from IT research firm Gartner, for example, boldly Page 2

predict $288 billion in worldwide online sales by 2006, compared with 2001's $38 billion in U.S. online revenues reported by the Department of Commerce, representing just 1.2 percent of total U.S. retail sales. Overall, 2002 was a tough year for IT workers. The survey results revealed that, in fourth quarter 2002, overall base salaries for some 100 IT positions declined by an average 2.8 percent from fourth quarter 2001. Meanwhile, bonuses paid out fell by 32 percent as the frenzied competition for qualified personnel subsided with the dot-com burst and general economic slowdown. Bucking the trend, salaries for corporate security positions in the period increased by an average 5.5 percent, with total compensation up 3.3 percent as bonuses declined by a less dramatic 9.1 percent. Compare this with 2001's annual findings for security salaries (up 12.2 percent from 2000) and IT salaries overall (a 9.6 percent gain), and it's clear that security jobs are displaying remarkable resilience. In fact, security salaries have increased more than 16 percent in the past two years. Moreover, security certification bonuses as a percent of base pay rose 11.3 percent in value from fourth quarter 2001 to fourth quarter 2002, while the figure for overall IT certification pay dropped 3.3 percent. Inside the Numbers Though nowhere near 2001's growth rates for security-related base salaries, 2002 numbers are no less impressive given the tumultuous political and economic climate. Security directors led the way, with a 7.4 percent increase in base salary and an 8.3 percent rise in total compensation, followed by data warehousing/ business intelligence security managers (up 4.7 percent and 3.3 percent, respectively). Compensation for senior security analysts also has been impressive, up 4.6 percent for the year in base pay and a whopping 18.7 percent over two years, second only to security directors' 18.8 percent growth in the same period. Moreover, these two positions led all others in total compensation, with 13 percent and 20.8 percent gains, respectively. Systems administrators averaged 4.5 percent less in base pay, as their security-related responsibilities increasingly shifted to full-time security workers, some of whom are former administrators. Total average compensation for system administrators was down 9.5 percent. (See Figure 1.) Page 3

FIGURE 1: Annual Growth, Total Compensation -- National Average (base pay and cash bonus) Fourth Quarter, 2001 Fourth Quarter, 2002 Two-year Growth Systems Senior Security Analyst DW/BI Security Manager Web Security Manager Manager, Security 3.7% -9.5% -6.1% 12.6% 0.4% 13% 1.3% 3.3% 4.6% 7.2% -0.8% 6.3% 9.2% -0.4% 8.7% Director, Security 11.5% 8.3% 20.8% Source: Foote Partners LLC, Quarterly IT Professional Salary Survey For additional perspective, only two other IT job families in the survey registered annual base salary increases in 2002: network operations (up 6 percent) and jobs relating to vendor SAP AG's popular enterprise resource software systems (up 4 percent). Only two job families registered gains in total compensation: security jobs and SAP (up 1.6 percent). Bonuses paid out averaged 13.3 percent of base pay salary across all security-related positions surveyed in fourth quarter 2002, down from 16.3 percent for the same period a year earlier. The more compelling statistic in 2002 was the small decline in bonus payouts for corporate security jobs compared with the rest of IT -- attesting to the pressure to fill key open security positions with internal transfers, train and certify them, and motivate their performance. It's the smallest decline for the year recorded in any IT job category in the studies. Certification Is Worth the Effort With layoffs and hiring freezes altering the landscape, bonuses for technical certifications are being used to single out and reward talented workers, entice internal transfers and strengthen in-house technical capabilities when outside hiring is restricted. Security pay is strong here, too. Premium bonuses for all 54 technical certifications tracked report a decrease from a median average of 8.3 percent of base pay to 8 Page 4

percent in the year ending fourth quarter 2002 (a 3.3 percent loss). But security certification bonuses increased 11.3 percent for the same period to 8.9 percent of base, and gained a spectacular 31 percent in value over two years against flat growth for tech certifications overall. (See Figure 2.) FIGURE 2: IT Certification Premium Bonus Pay Certifications Bonus as a Percent of Base Salary (Median) Certifications Family Fourth Quarter 2000 Fourth Quarter 2001 Fourth Quarter 2002 Percent Change 2002 ANNUAL Percent Change TWO YEARS General 7% 6.3% 5.5% -12% -21.4% Applications Development/ Programming Languages 9.7% 7.6% 6.9% -9.8% -28.8% Database 10% 11.3% 10.3% -8.8% 3.3% Webmaster/ Internetworking Network Administration and Management Systems Administration/ Network Operating Systems 9.3% 8.8% 7.6% -13.9% -19% 9.5% 9.2% 8.7% -5.8% -8.7% 6% 7.5% 7.6% 1.1% 27% Security 6.8% 8% 8.9% 11.3% 31.2% Project Management 12% 14% 15% 7.1% 25% All Certifications Combined 8% 8.3% 8% -3.3% 0.4% Source: Foote Partners LLC, Quarterly Hot Technical Skills & Certifications Pay Index. Leading the surge: several technical niche certifications from the SANS Institute's Global Information Assurance Certification (GIAC) series, plus a boost for the well-established Certified Information Systems Security Professional (CISSP) and Certified Information Page 5

Systems Auditor (CISA) certifications, all registering between 11 percent and 38 percent growth in premium pay in the past 12 months. (See Figure 3.) FIGURE 3: Security Certification Premium Bonus Pay Security Certifications Percent of Base Salary (Median) Fourth Quarter 2002 Annual Growth 2002 GIAC Certified Intrusion Analyst Certified Information Systems Security Professional GIAC Certified Incident Handler GIAC Systems and Network Auditor Certified Information Systems Auditor GIAC Certified Unix Security GIAC Certified Firewall Analyst GIAC Certified Window Security Certified Network Security Professional GIAC Security Essentials Certification 12% 0% 11% 38% 10% 11% 9% 13% 9% 13% 9% 13% 9% 0% 8% 33% 7% 0% 5% 0% Average: All Security Certifications 8.9% 11.3% Source: Foote Partners LLC, Quarterly Hot Technical Skills & Certifications Pay Index. Continued strength in security certification pay overall is expected, especially for the broadly-focused CISSP which prepares recipients to manage enterprise security systems. Companies scrambling to find qualified candidates to lead revitalized security organizations insist on such advanced certifications, and are hotly anticipating the arrival this year of the Certified Information Security Manager (CISM) certification, which takes more of a business approach to information security that is less technically detailed and Page 6

more concerned with information risk management. Also expect a small decline in pay for GIAC's certifications: The number of participants in GIAC training programs increased 29 percent in 2002, according to the SANS Institute, which likely will expand the supply number of certificants more quickly than IT budgets can accommodate. Other security-related certifications showed strength in 2002. Premium bonus pay for Novell's Certified Novell Engineer and Master Certified Novell Engineer certifications grew between 10 percent and 13 percent for the year, and the Project Management Professional certification, de rigueur for implementing complex enterprise-level projects, remains the highest paying certification for the second year, posting a median 15 percent of base premium bonus. The studies indicate that managers increasingly are apt to use certification pay as a bargaining chip to secure and protect training allocations as they come under scrutiny, and as leverage in negotiating compensation packages for essential workers. Certifications arguably offer cost-conscious executives something more substantial and easier to valuate when validating investment in IT human capital. Trends and Challenges Hiring freezes and layoffs haven't stalled progress in IT security, they've just made it tougher. IT managers are looking within their organizations for workers with the right blend of technology, business acumen, and mental toughness. Figure 4 depicts the job paths most typical in filling today's infosec positions. Spotting strong security talent and finding ways to reward, retain and motivate the downsized, perpetually overburdened security team has been hard, but outsourcing to an immature security services industry isn't a panacea either. Moreover, latest research findings indicate that more stressed-out private sector infosec professionals than ever before are seeking public sector jobs to enhance job security and work/life balance. Page 7

FIGURE 4: Information Security Job Paths Likelihood that a previous position will serve as the source for a security job. From: Previous Job Network Security/ Firewall Analyst Infosec Auditor To: New Security Job Security/ Firewall Systems Infosec Infosec Manager Security Consultant School 3 1 2 3 3 0 0 3 Help Desk and Miscellaneous Network Security/Firewall Analyst 5 5 5 4 5 4 2 3 --- 4 2 5 4 3 3 4 0 --- 1 2 0 0 2 4 Infosec Auditor 0 0 --- 0 0 0 2 1 Security/Firewall Systems 1 2 1 --- 2 3 3 2 5 4 2 4 --- 2 3 3 Infosec Officer N/A N/A N/A N/A N/A --- 3 0 Project Management N/A N/A N/A N/A N/A 3 4 2 Infosec Manager N/A N/A N/A N/A N/A N/A --- 2 Security Consultant N/A 1 N/A N/A N/A 2 3 --- 0=extremely rare; 1=infrequently; 5=very frequently; NA=overqualified Source: SANS Institute, 2002 Annual Survey Fax 480/483-8352; www.worldatwork.org; E-mail worldatwork@worldatwork.org Page 8

Despite its rising profile, IT security still lacks the branding and recognition of its business value that has been so instrumental in establishing other expensive enterpriselevel initiatives, such as customer relationship management (CRM). These initiatives formed top-notch project teams and built powerful internal marketing campaigns with business-savvy new hires and outside consultants. IT security needs the same level of effort to win support and ongoing commitment from senior executives. Beginning now, but accelerating sharply in early 2004 (assuming an improved economy), employers will more aggressively recruit security professionals with new combinations of skills, knowledge, experience and character. Technical professionals will keep their jobs and boost their pay if: They've acquired niche security skills (e.g., intrusion detection, computer forensics, incident response) Are network savvy Can write code Are well versed in key technologies, such as XML and wireless. A red-hot market will explode for security managers: With a broad view of security and the ability to think strategically in both business and technology terms Who can adroitly navigate corporate politics and create systems for entire organizations Who have experience in global management, cyber terrorism protection, regulatory matters and building private/public partnerships Who understand the latest security technologies. Two other critical skills emerged in the surveys as necessary at all levels of the new security organization: a grounding in enterprise-level project management disciplines and effective interpersonal and communication skills for working with resistant security customers. In the next several years, a high ground that is more behavioral than technological will emerge in a field that once was dominated by retired military officers and men with backgrounds in physics and mathematics. More security leadership positions are going to be filled by women with undergraduate degrees in the sciences and advanced degrees in the social sciences. Soon, colleges will confer information security degrees that blend technology, communications and behavioral sciences. Many industry experts envision more closely integrated security, operations and auditing functions in both public and private sector organizations, with chief infosec officers (or their equivalents) playing increasingly critical strategic roles. When this occurs, security will have outlasted its critics and become an essential part of the business, instead of the annoying stepchild it's been for so long. And IT professionals who were wise enough to enter the security profession now, while barriers to entry are relatively low, will look like geniuses. Page 9

Survey Methodology Confidential IT compensation information is provided via personal associations with several hundred senior IT and business executives. Findings are checked and augmented through direct interviewing of incumbents (to match IT job titles against actual job duties and skills) and aggressive "interactive" surveying techniques. The same sample is continuously tracked. Data are updated, analyzed and published every three months. Additional data are collected from more than 400 participating HR departments trained to provide updated pay data tied to actual job content. Industry multipliers are computed twice a year and detailed job descriptions updated annually. Multiple validation and reliability mechanisms are employed to ensure accuracy and consistency, including self-report/hr report; local/ regional/national surveys; local compensation analysts, consultants and recruiters. Key employers and market-influencers are identified in each targeted city or labor market, and data sources within each are targeted and contacted. The sample, therefore, includes public, educational and private organizations of all sizes and industries. About the Author David Foote is co-founder, president and chief research officer at Foote Partners LLC. He has been a WorldatWork member since 1995. He can be reached at dfoote@footepartners.com or 203/972-8900. Page 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information