Security skills pay increases despite economic downturn

By Carolyn Gibney, Assistant Site Editor
29 Jan 2009 | SearchSecurity.com

Though hiring managers may be hunkering down amid the economic turmoil, newly released skills pay data shows a surprising trend: some information security pros are taking home pay increases.

However, pay for a handful of IT skill sets -- including designations covering several security skill sets and certifications -- grew in Q4, prompting speculation that corporations are placing a priority on people and skills they believe will help them through the crisis.

"It's not just 'slash-and-burn' recession strategy based strictly on CIOs cutting costs," said David Foote, co-founder and CEO of Foote Partners. "It looks like a calculated effort [by CIOs], in a time of chaos and severe constriction, to smartly invest in skills and technologies that will not only tactically see them through the recession but also ensure that [their companies] are stronger and undiminished at their core when it's over."

So what is it about security in particular that CIOs find appealing in red-budget years? Foote said while it's unlikely that executives will worry about growth and expanding profit margins in the coming months, they have more time to focus on the data that their companies already have, and the importance of keeping that data intact until the economy's fever breaks.

With the numerous layoffs that face many corporations, data leakage by disgruntled ex-employees is a real concern. Foote said CIOs may be looking for security pros to implement new DLP products or monitor IAM systems to keep former employees from compromising sensitive information.

"It's not how much or how little you spend that is the key to maintaining, or even increasing, growth and profitability during economic downturns," Foote said. "It's about how smart you're (sic) spending [is] on IT products, services and labor."

Looking at the numbers, it seems companies think security is a smart investment indeed. Overall IT security certifications pay grew 0.8% over the last 3 months and 1.9% year over year. Certifications posting the greatest gains were the GIAC Security Essentials Certification (GSEC), which was up 46.7% in Q4 of 2008, and the Certified Ethical Hacker (CEH) certification, up 40.0%. The Certified Information Security Manager (CISM) was also up 7.1% over the last quarter. Of the highest paying IT certifications, 18 out of 42, or 42.9%, were security certs.

For non-certified security skills, network security management made neither gains nor losses in Q4, but was up 6.7% over the last 6 months, and 14.3% year over year. Also, network security management and what are noted in the report as 'various, project-based security skills' were among the highest paying non-certified IT skills of the last three months.

"There are a lot of factors driving this [upward trend]," said Foote, "but all in all it just shows how far IT management has come since they were in this position last time. A very positive thing to see in some very negative conditions."