The SANS 2005 Information security Salary and Career Advancement Survey" shows that those in executive roles - with titles such as chief information security officer, chief security officer or security manager - earned $106,326 on average. That compares with the average $75,275 paid to technical security professionals with job titles such as security engineer, security penetration tester or Web security manager (see graphic).
Moreover, being in the United States confers an advantage. The ISC2 and SANS reports conclude that U.S.-based IT security professionals overall are paid considerably better than their foreign counterparts, and this is particularly true in Asian countries (for more on global pay, see www.nwdocfinder.com/2421). Part of the reason for higher U.S. salaries, as compared with the rest of the world, is that network security has been a defined profession here for longer, Moulton says.
Both organizations urge security professionals to facilitate career moves from the technical to the management track through training and certification, as well as college-level business-related studies. "An MBA, as well as a college degree in information security, is what we see in CISOs,"Moulton says.
New skills are in demand
IT security professionals - many of whom started as network administrators and honed their skills to become experts in Windows security, firewall maintenance or intrusion-detection systems, for example - always wonder where the next hot jobs are.
So too does David Foote, director of research firm Foote Partners, which periodically surveys thousands of technical and business managers to determine which IT jobs are in most demand - and which are on the wane. Foote says a recent survey of management opinion at 1,900 companies suggests that in the coming year, corporations will be most interested in hiring security professionals with expertise in a few rising fields: incident response and forensics; wireless security, identity management and VoIP-related security. "1 think there'll be a lot more activity in these areas," Foote says.
Vendor-specific equipment certifications remain important, such as those from Cisco, which last year introduced new certifications for most of its security products, Foote says.
In addition to the continuing importance of expertise in product or technology areas, there s a new element that could impact careers in IT security, Foote says: Corporate managers have started indicating a strong preference for hiring IT security professionals who have a solid track record within a specific industry, whether manufacturing, retailing, medical or any vertical market. "Consider staying with a vertical industry," Foote says.
That shouldn't discourage job seekers from moving from company to company in search of better pay or working conditions, but now there appears to be clear value in sticking to a vertical market. The reason for this is that employers are expressing greater confidence in candidates who have an understanding of the business relationships and patterns of their industry not just technology expertise.
ISC2's "
The 2005 Global Information Security Workforce Study" also indicates that wireless security, identity and access management, disaster recovery and forensics are areas where organizations are investing the most. Computer forensics - the intersection of technology with crime and the law - is an evolving field in terms of the definition of a metric for skills.
Lt. Col. Kenneth Zatyko, director of the Baltimore-area Defense Computer Forensics Laboratory, says only in the last two years have a handful of colleges, including Johns Hopkins, Carnegie Mellon and the University of Tulsa, begun offering academic programs for digital forensics examiners. "Frankly, right now we have to grow our own,"says Zatyko, whose laboratory strives to maintain a staff of about 40 digital forensics examiners. Steven Shirley, executive director of the Department of Defense's Cyber Crime Center, which houses the lab, can approve the lab's employees as digital forensics examiners, based on Zatyko's recommendations.
Moreover, being in the United States confers an advantage. The ISC2 and SANS reports conclude that U.S.-based IT security professionals overall are paid considerably better than their foreign counterparts, and this is particularly true in Asian countries (for more on global pay, see www.nwdocfinder.com/2421). Part of the reason for higher U.S. salaries, as compared with the rest of the world, is that network security has been a defined profession here for longer, Moulton says.
Both organizations urge security professionals to facilitate career moves from the technical to the management track through training and certification, as well as college-level business-related studies. "An MBA, as well as a college degree in information security, is what we see in CISOs,"Moulton says.
New skills are in demand
IT security professionals - many of whom started as network administrators and honed their skills to become experts in Windows security, firewall maintenance or intrusion-detection systems, for example - always wonder where the next hot jobs are.
So too does David Foote, director of research firm Foote Partners, which periodically surveys thousands of technical and business managers to determine which IT jobs are in most demand - and which are on the wane. Foote says a recent survey of management opinion at 1,900 companies suggests that in the coming year, corporations will be most interested in hiring security professionals with expertise in a few rising fields: incident response and forensics; wireless security, identity management and VoIP-related security. "1 think there'll be a lot more activity in these areas," Foote says.
Vendor-specific equipment certifications remain important, such as those from Cisco, which last year introduced new certifications for most of its security products, Foote says.
In addition to the continuing importance of expertise in product or technology areas, there s a new element that could impact careers in IT security, Foote says: Corporate managers have started indicating a strong preference for hiring IT security professionals who have a solid track record within a specific industry, whether manufacturing, retailing, medical or any vertical market. "Consider staying with a vertical industry," Foote says.
That shouldn't discourage job seekers from moving from company to company in search of better pay or working conditions, but now there appears to be clear value in sticking to a vertical market. The reason for this is that employers are expressing greater confidence in candidates who have an understanding of the business relationships and patterns of their industry not just technology expertise.
ISC2's "
The 2005 Global Information Security Workforce Study" also indicates that wireless security, identity and access management, disaster recovery and forensics are areas where organizations are investing the most. Computer forensics - the intersection of technology with crime and the law - is an evolving field in terms of the definition of a metric for skills.Lt. Col. Kenneth Zatyko, director of the Baltimore-area Defense Computer Forensics Laboratory, says only in the last two years have a handful of colleges, including Johns Hopkins, Carnegie Mellon and the University of Tulsa, begun offering academic programs for digital forensics examiners. "Frankly, right now we have to grow our own,"says Zatyko, whose laboratory strives to maintain a staff of about 40 digital forensics examiners. Steven Shirley, executive director of the Department of Defense's Cyber Crime Center, which houses the lab, can approve the lab's employees as digital forensics examiners, based on Zatyko's recommendations.
