More than half — 58 percent – of cybersecurity professionals say that holding one or more information security certifications is the leading factor in a successful career, according to a survey by the SANS Institute. In addition, they believe certifications can add up to 5 percent to a security professional’s salary.
At the same time, they say pay in the field hasn’t been especially dynamic. Indeed, despite high demand, salaries at the mid-level have largely stalled. Twenty-three percent of respondents reported their pay as being in the $80,000 – $99,999 salary range, little changed since the survey was last conducted in 2008. The latest findings were based on responses from 4,000 security experts polled in February and March.
- Eighty percent of respondents reported their employers either pay all (65 percent) or part (15 percent) of a certification’s cost.
- Professionals have to keep up with the changing threat landscape. More than 67 percent reported changing their area of focus one to three times during their career. Nineteen percent have changed focus four to six times.
- The importance of specialization grows along with company size.
- Education, experience and titles matter when it comes to compensation.
- Three quarters of respondents had at least a bachelor’s degree.
Cybersecurity professionals’ compensation “should be higher, given the tough nature of the jobs IT security professionals shoulder—and the specialized skills and business acumen required in such positions,” the survey opined.
One bit of good news came at the higher end of the spectrum: A larger group of respondents are earning $100,000 or more a year—49 percent in 2014 as opposed to 38 percent in 2008. That indicates that salaries are rising for managers.
Salaries averaged $73,697 for professionals who’d been in the field for up to three years, and climbed with experience. Those who’ve worked for more than 20 years earned an average of $124,000.
As for which certifications to get, Vero Beach, Fla.-based analyst Foote Partners listed these as being among the security credentials gaining 10 percent or more in market value during the first quarter:
- InfoSys Security Management Professional (ISSMP/CISSP)
- GIAC Certified Penetration Tester
- EC-Council Certified Ethical Hacker
- GIAC Exploit Researcher and Advanced Penetration Tester
- Systems Security Certified Practitioner
- GIAC Secure Software Programmer–Java
- GIAC Secure Software Programmer–.NET
- How to Become More Marketable in IT Security
- IT Security Job Opportunities Growing in a Dangerous World
- Internet of Things Could Prove a Boon for Security Experts