Salary boost for getting CISSP, related certs

* Security certifications continue rise in value

A $21,000 boost in salary can be yours if you obtain a CISSP or two other major security certifications, according to another study showing just how important security skills have become for getting ahead in the IT field.

A $21,000 boost in salary can be yours if you obtain a Certified Information Systems Security Professional (CISSP) or two other major security certifications, according to another study showing just how important security skills have become for getting ahead in the IT field.

In last week’s newsletter we discussed a Foote Partners report showing that the value of security certifications is rising even as IT certifications on the whole drop in value. Another study finds that holders of the CISSP, SSCP or CAP certifications who work in the Americas and have at least five years experience earn $102,376 per year – more than $21,000 higher than IT pros who also have five years experience but lack the certifications.

Research firm Frost & Sullivan conducted the study for (ISC)2, the nonprofit that maintains the credentials, surveying 7,548 IT pros from around the world with all kinds of job titles, from network administrator and programmer to CIO and chief security officer (CSO).

As we noted last week, security experts have potentially lucrative careers ahead of them because corporations are dealing with numerous regulations and are increasingly worried about the consequences of leaking proprietary data, including customer information.

The CISSP cert rose in value 7.7% in the past six months, and other security certifications did even better, according to the Foote Partners report. The Certified Information Security Manager (CISM) credential rose 27.3% in value.

CISSP is designed for people who are or want to be chief information security officers (CISO), CSOs, or senior security engineers, while the Systems Security Certified Practitioner (SSCP) is often seen as the first step on the information security career path, according to (ISC)2. The Certification and Accreditation Professional (CAP) test is for workers who certify and accredit the security of computer systems.

College education levels for information security professionals are rising too, pointing to the increasing maturity of the field, according to Frost & Sullivan. In the Americas, 54% of security pros have a bachelor’s degree or equivalent, 31% have master’s degrees, and 5% have doctorates.

“As universities develop specialized programs at the bachelor’s, master’s and even doctorate levels, information security practitioners are likely to feel increased pressure to pursue more and more specialized education,” Frost & Sullivan writes.

Few security professionals even existed 20 years ago, when it seemed only the most critical networks needed security at all, the report states. In the profession’s early days hiring managers relied heavily on certifications in lieu of experience, and to some extent still do, Frost & Sullivan writes. Though experience and college education play a big role in whether you land a job today, 78% of managers who hire security pros say certifications are important.

There are 40 vendor-neutral security certifications and 25 vendor-specific ones today, several times more than were available just six years ago. Unfortunately, the expanding numbers might dilute the value of specific credentials. Yet there is a growing need for training because of the complexity of information security.

Frost & Sullivan found that 40% of security pros plan to acquire more certifications in the next 12 months. The need for more training spans many areas, from security administration and operations security to privacy, access control, disaster recovery, telecommunications and network security.

Which security certifications and skills are most important in your mind? How valuable are security certifications compared to college education and experience? Feel free to discuss in the comment form below, or send me an e-mail.


Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022