Do IA certifications improve hiring, promotion & salaries?

Security Certifications and Jobs

The economic doldrums that struck the US and the rest of the world in 2008 and 2009 are not over yet, although the New Year brings hope of recovery.

The economic doldrums that struck the United States and the rest of the world in 2008 and 2009 are not over yet, although the New Year brings hope of recovery.

Recently a young reader just completing his Certified Ethical Hacker (CEH) certification asked me whether information assurance (IA) certifications matter in getting a job, and if so, which certifications are best.

In "Professional Certification and Training in Information Assurance," (Chapter 74, by Christopher Christian, M. E. Kabay, Kevin Henry and Sondra Schneider) from the Fifth Edition of the Computer Security Handbook (Wiley, 2009), we write,

Sometimes students, professionals and marketers use the terms "certificate" and "certification" interchangeably. In addition, academics and professionals sometimes differ in their interpretation of "accreditation."

• A certificate is a "document providing official evidence: an official document that gives proof and details of something such as personal status, educational achievements, ownership, or authenticity."

• Certification, in this context, is the process (thus, a verb) of examining the work experience, knowledge and trustworthiness of a candidate for a particular certificate; confusingly, the certificate granted for qualified applicants is often referred to as a particular certification (and thus, a noun).

• "Accreditation" refers to the process of "officially recogniz[ing]" a person or organization as having met a standard or criterion. In information assurance, accreditation is carried out by official, industry- and government-recognized bodies.

In a later section of the chapter, we write,

Certification differs from a certificate program, which is usually an educational offering that confers a document at the program's conclusion.

Accreditation of a certification involves a voluntary, self-regulatory process established by defined organizations and using published standards. Accreditation is granted when stated quality criteria are met.

By submitting to accreditation and enforcing documented, verified standards for professional certification, organizations … seek to protect the public and consumers against meaningless claims of professionalism.

This article and the next two focus on certification. In line with the comments above, readers should always investigate the degree of accreditation backing any given certification; unaccredited certifications may be worth the same as the degrees that are offered as "Degree Without Studying: Earn an Accredited Degree based on your Work or Life Experience."

In general, IT specialists are doing pretty well despite the rotten economy. Indeed, some reports indicate that employers are actually having trouble filling high-end, specialized positions.

In April 2008, Denise Dubie of NetworkWorld wrote, "A CompTIA skills survey released in February had security listed as the No. 1 skill among three-quarters of the 3,578 IT hiring managers polled. Foote Partners reports that security skills accounted for 17% of base pay in the fourth quarter of 2007, and pay for network security management skills increased by more than 27% in 2007." She added, but going forward, IT professionals will need to be able to incorporate their security savvy into network, wireless, application, operating system and other IT areas to best compete.

"Firewall, data leak, compliance -- you name it and it's in demand for security," says CompTIA's Neill Hopkins, vice president of skills development at the Computer Technology Industry Association. "In the networking field, you need to also be an expert at security, but going forward skills around how to train staff and employees to be security-aware will have to be developed."

In the 2008 "Information Security Career Progression" survey by the Information Systems Audit and Control Association (ISACA), the researchers found that in their November 2007 survey of "1,426 CISMs from 73 countries, CISM [Certified Information Security Manager] comes in as the second-highest paid IT certification, at an average of $115,072 annually. This is especially interesting when compared to the fact that in the same survey, security, which was the highest paid discipline in 2006, fell to fourth place in 2007 — from an average salary of $93,500 to $87,890. At $115,072, CISM is clearly being recognized as an asset among business leaders…. CISMs are experiencing tremendous career growth while acquiring responsibility for issues that demonstrate value to the business.

In the next article in this five-part series, I’ll continue the review of a few more surveys and studies of the job-value of security certifications.

Learn more about this topic

Researchers: IT security jobs largely untouched by economy

Security job security

IT security jobs remain hot

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.