Even Security Salary Growth Slows

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,3959,325276,00.asp

July 1, 2002 
By Lisa Vaas 

The collapse of the dot-com bubble has finally had an impact on salary
increases for information security jobs--a job family that was long
considered a safe harbor for IT professionals. The percent of annual
increases of salary declined from 11.6 percent in December 2000 to
just 7 percent last year, according to a salary report released today
by the SANS (System Administration, Networking, and Security)  
Institute, a nonprofit organization of security professionals.

The reason for the salary increase slippage is that dot-com companies
had been doling out enormous raises to retain their security people,
according to SANS Director Alan Paller. "[Dot-coms] were offering
people 20 percent, 25 percent raises to leave old-economy companies
and to come work for them," said Paller, in Bethesda, Md. "That pushed
everybody else up. But they stopped hiring a year ago, and everyone
else stopped having to give these extreme raises. It's a
supply-and-demand rather than a value equation."

The fact that security salaries are still increasing at all is an
anomaly in these hard times. Recent research from Foote Partners LLC
found that only three out of 17 IT job families are experiencing
salary growth: security, network operations and SAP (to read the
story, click here). Indeed, the lingering level of security salary
increases actually reflects the fact that security hiring is down and
companies are trying to hang onto the security staff they have, Paller
said.

"We're not seeing a lot of hiring," he said. "We're seeing huge
numbers of companies deciding to keep their existing people happy.  
They are getting them training in new fields and technologies, such as
security technologies, project management and databases. But we're not
seeing a lot of hiring from outside."

However, according to Paller, there are some industries and sectors
where security hiring is still robust. Those include government
agencies such as the Department of Defense, the CIA and the National
Security Agency, as well as the principal consulting firms that
support them, including companies such as Science Applications
International Corp., The Mitre Corp. and Computer Sciences Corp.

The bulk of available security positions are senior technical jobs as
opposed to security policy jobs, Paller said. "The demand is for
people who really understand and have practiced forensics, for people
who really understand and have practiced intrusion detection, system
testing, vulnerability testing and penetration testing" he said. "A
year ago, there was a large demand for people who could talk about
those things, but that's disappeared completely."

The salary survey, titled "The SANS 2002 Salary Survey," summarizes
data collected from 1,214 security and system administration
professionals during April and May 2002.

In other survey findings, the United States for the first time slipped
from being the world's top region for security salaries. Asia reported
the highest pay, at 7.5 percent over the worldwide average. The United
States came in second, at 5.6 percent over average.

Paller pointed out that these findings are likely influenced by the
fact that most of the Asians who participated in the survey live in
Hong Kong and Singapore, which are two of the highest-paid technology
centers in Asia. "There's a very high urban concentration near the
biggest [Asian] cities, and no smaller cities [are represented] in
Asia," he said. "So there's a small skew in that data. If we picked
only New York, San Francisco, Washington and Chicago, there'd be much
higher [average] salaries [in the United States]."

Western European and United Kingdom security professionals got better
raises over the past year—about twice as large--as did their U.S.  
counterparts. But that's probably because their employers realize
they've been underpaying security professionals, Paller conjectured.  
The United Kingdom and Western Europe reported salaries 10 percent and
13 percent lower, respectively, than the worldwide average, the study
found.

Some other results of the survey include: 

* The average salary paid to all security and systems staff who 
  participated in the survey was $69,340. 

* Bonuses paid in 2001 averaged 14.5 percent (median 10 percent) of 
  base salaries. 

* Within the United States, New England/New York/New Jersey reported 
  the highest salaries, (9 percent over the U.S. average). West Coast 
  security salaries are 4 percent higher than average, and Mid-Atlantic 
  security salaries are 3 percent higher than the country's average. 

* Employers with more than 10,000 employees paid their security and 
  system administration staff nearly 10 percent more, on average, than 
  smaller employers. 

* Security and system administrators who work with Unix make almost 25 
  percent more than those who work primarily with Microsoft Corp. 
  Windows systems. 

* Employers in consulting, system integration, aerospace, banking, 
  computer and network manufacturing, and telecom pay the highest 
  salaries. Education and other non-profit and government agencies 
  pay the lowest salaries. 

IT Careers Center Managing Editor Lisa Vaas can be reached at 
lisa_vaas () ziffdavis com.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.