Industry observers watching the IT security job market are pointing to up-and-coming areas such as computer forensics and wireless security for the hottest jobs. The better-paying positions overall, however, are going to security professionals with management responsibilities rather than simply technical roles.
Those are the findings from separate studies by The SANS Institute and the International Information Systems Security Certification Consortium (ISC2), which are professional organizations offering security certification. Their recent reports on how IT security jobs stack up indicate that security is gaining more clout with managers.
“To be a chief information security officer takes good technology understanding, but also business understanding,” said Rolf Moulton, president and CEO of ISC2, which has 40,000 members.
To move up the corporate ladder, security professionals must spend more time speaking with their organization’s businesspeople, learning their goals and communicating with them in ways they can comprehend, “not [in] the technical gobbledygook that technical people give them,” Moulton said. If they don’t, they end up “staying in a security club rather than a business club.” And the result is a big difference in salary, at the very least.
The SANS 2005 Information Security Salary and Career Advancement Survey shows that those in executive roles, with titles such as chief information security officer, chief security officer or security manager, earned US$106,326 on average. That compares with the average US$75,275 paid to technical security professionals with job titles such as security engineer, security penetration tester or Web security manager. Both organizations urge security professionals to facilitate career moves from the technical to the management track through training and certification, as well as college-level business-related studies.
“An MBA, as well as a college degree in information security, is what we see in CISOs,” Moulton said. IT security professionals, many of whom started as network administrators and honed their skills to become experts in Windows security, firewall maintenance or intrusion-detection systems, for example, always wonder where the next hot jobs are.