http://www.eweek.com/article2/0,3959,325276,00.asp
July 1, 2002
By Lisa Vaas
The collapse of the dot-com bubble has finally had an impact on salary
increases for information security jobs--a job family that was long
considered a safe harbor for IT professionals. The percent of annual
increases of salary declined from 11.6 percent in December 2000 to
just 7 percent last year, according to a salary report released today
by the SANS (System Administration, Networking, and Security)
Institute, a nonprofit organization of security professionals.
The reason for the salary increase slippage is that dot-com companies
had been doling out enormous raises to retain their security people,
according to SANS Director Alan Paller. "[Dot-coms] were offering
people 20 percent, 25 percent raises to leave old-economy companies
and to come work for them," said Paller, in Bethesda, Md. "That pushed
everybody else up. But they stopped hiring a year ago, and everyone
else stopped having to give these extreme raises. It's a
supply-and-demand rather than a value equation."
The fact that security salaries are still increasing at all is an
anomaly in these hard times. Recent research from Foote Partners LLC
found that only three out of 17 IT job families are experiencing
salary growth: security, network operations and SAP (to read the
story, click here). Indeed, the lingering level of security salary
increases actually reflects the fact that security hiring is down and
companies are trying to hang onto the security staff they have, Paller
said.
"We're not seeing a lot of hiring," he said. "We're seeing huge
numbers of companies deciding to keep their existing people happy.
They are getting them training in new fields and technologies, such as
security technologies, project management and databases. But we're not
seeing a lot of hiring from outside."
However, according to Paller, there are some industries and sectors
where security hiring is still robust. Those include government
agencies such as the Department of Defense, the CIA and the National
Security Agency, as well as the principal consulting firms that
support them, including companies such as Science Applications
International Corp., The Mitre Corp. and Computer Sciences Corp.
The bulk of available security positions are senior technical jobs as
opposed to security policy jobs, Paller said. "The demand is for
people who really understand and have practiced forensics, for people
who really understand and have practiced intrusion detection, system
testing, vulnerability testing and penetration testing" he said. "A
year ago, there was a large demand for people who could talk about
those things, but that's disappeared completely."
The salary survey, titled "The SANS 2002 Salary Survey," summarizes
data collected from 1,214 security and system administration
professionals during April and May 2002.
In other survey findings, the United States for the first time slipped
from being the world's top region for security salaries. Asia reported
the highest pay, at 7.5 percent over the worldwide average. The United
States came in second, at 5.6 percent over average.
Paller pointed out that these findings are likely influenced by the
fact that most of the Asians who participated in the survey live in
Hong Kong and Singapore, which are two of the highest-paid technology
centers in Asia. "There's a very high urban concentration near the
biggest [Asian] cities, and no smaller cities [are represented] in
Asia," he said. "So there's a small skew in that data. If we picked
only New York, San Francisco, Washington and Chicago, there'd be much
higher [average] salaries [in the United States]."
Western European and United Kingdom security professionals got better
raises over the past year—about twice as large--as did their U.S.
counterparts. But that's probably because their employers realize
they've been underpaying security professionals, Paller conjectured.
The United Kingdom and Western Europe reported salaries 10 percent and
13 percent lower, respectively, than the worldwide average, the study
found.
Some other results of the survey include:
* The average salary paid to all security and systems staff who
participated in the survey was $69,340.
* Bonuses paid in 2001 averaged 14.5 percent (median 10 percent) of
base salaries.
* Within the United States, New England/New York/New Jersey reported
the highest salaries, (9 percent over the U.S. average). West Coast
security salaries are 4 percent higher than average, and Mid-Atlantic
security salaries are 3 percent higher than the country's average.
* Employers with more than 10,000 employees paid their security and
system administration staff nearly 10 percent more, on average, than
smaller employers.
* Security and system administrators who work with Unix make almost 25
percent more than those who work primarily with Microsoft Corp.
Windows systems.
* Employers in consulting, system integration, aerospace, banking,
computer and network manufacturing, and telecom pay the highest
salaries. Education and other non-profit and government agencies
pay the lowest salaries.
IT Careers Center Managing Editor Lisa Vaas can be reached at
lisa_vaas_at_ziffdavis.com.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn'
in the BODY of the mail.
Received on Jul 03 2002
Intro
