Content

The IT pro’s likes and gripes

Information security professionals enjoy an atmosphere of trust and independence in the workplace but also believe management must improve its long-term vision, a recent survey by the SANS Institute has pointed out.

When asked to choose the best part of an IT security job, nearly 28 percent of respondents said "trust" was a major positive aspect of their occupation. Nearly 12 percent chose "working hours and a balance between work and other parts of life" and 11 percent emphasized compensation.

"Compensation for information security jobs is strong and growing," the organization said. "The median income, including salary and bonus, for all U.S. information security professionals is $81,558. Other nations pay less. The worldwide median is $77,050. Great Britain's median is $76,389. Canada's median is $67,982. The median for the rest of the world is $51,250."

When asked to pick their job's main irritant, more than 20 percent said they dislike "problems in management and leadership, including a lack of vision and micromanagement." Almost 10 percent chose long or undesirable working hours, and more than 8 percent cited "low compensation."

More than 4,250 security pros participated in the 2005 Information Security Salary and Career Advancement Survey, according to the organization. The poll was taken between Oct. 20 and Nov. 18, 2005.

Asked to cite critical skills necessary for advancement, more than 65 percent of respondents said verbal and written communication, technical knowledge and critical thinking and judgment were very important.

Alan Paller, SANS director, was pleased with that response.

"These highly technical people understand that their speaking and writing skills are more important than their technical skills for career advancement," he said. "Hooray!"

Surprisingly, more than 34 percent of those asked about the value and impact of professional certifications said they have "no impact" on their professional lives. Nearly 28 percent said they "helped me make our systems better defended against penetrations."

Twenty-four percent said they helped them get a new job, and nearly 20 percent said it helped them get a raise.

The survey has shown that, in most cases, the certifications do not benefit the enterprise, Paller said.

"Basically that says most of the certifications benefit the cert holder but not the employer," he said. "The exceptions are the Global Information Assurance Certification and vendor specific security certifications. They help both the employee and the employer."

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.