IT Security Salaries Expected To Rise In 2011

wiredmikey writes "IT security professionals in the United States can expect starting salaries to increase in 2011, according to a new salary report released today. The guide suggests larger increases in base compensation expected in high-demand segments including information security related positions. According to the report, companies are hiring security professionals to help foil fraud, prevent network breaches and comply with new regulations, to keep confidential information safe and secure."

Re:

[h4rr4r]

And that is why we require degrees around here for all but the sharpest tacks. Too many know-nothing test takes. If you do not know how it really works you probably can't figure it out when it breaks.

Re:

[h4rr4r]

Nope, note I said we exclude the sharpest tacks. It just happens to be the normal way for folks who actually know how spanning tree works, or where broadcast domains should be split or how to script their way out of wet paper bag. Sure the test takers can tell you the vendor approved method, but they sure as hell can't tell you what other methods might be better or why the vendors docs are wrong.

Re:

[ls671]

Well, I would say you learn basic IT principles, or how things work, in the first year or year and a half of a university degree. After that, you go into specialization and schools have a tendency to lag behind compared to the industry because things move fast and teachers just aren't available for a technology that is only a few years old. I found that my first years in university were the most interesting ones. After that I started to learn cutting edge stuff by myself because no teachers were available t

Re:

[Eivind]

Both true, and nontrue. Yeah, universities aren't teaching the newest-and-hottest in Programming 101. But nor do they need to.

Thing is, the fundamental concepts do NOT move quickly. Not at all. To the contrary, if I had a dime for every Ruby on Rails app I've seen that, for example, essentially re-implements the filesystem - poorly - I could probably afford a bigmac by now.

They tend to repeat ALL the mistakes too. Some examples ? If you're organizing stuff in a tree-structure, what do you do about stuff tha

Re:

[Beerdood]

I went to a technical school for my Comp Sci training. The bulk of the courses was what you'd expect (databases, programming basics, languages etc..) but there were 3 mandatory courses on "business" or "communications". This included things like how to write your resume, a simulation of a project manager dealing with consultants, how to write a proposal, actually communicating with people etc... Also, the final project of our last semester had people in groups developing a new application for a client f

Re:

[keeboo]

But they're going to hire me because there's a better chance that my writing and communication skills are superior. You don't learn how to deal with people by teaching yourself to code and your writing skills probably need some work (ever wonder why English 101 is required for your university degree?)

Don't delude yourself... They will probably hire you because:

- The CVs will be filtered by a non-technical HR employee who will blindly search for buzz words and academic qualifications.
- Then those filtered CVs will be reviewed by someone who don't want the hassle of trying to find a "hidden gem", so that person will pick the safer options (academic qualifications and formal experience with the exact very technologies they want you to work with) for interview.

Re:Get in line...

[sjs132]

There may be 9-10% people who already have a degree looking for the same job you are. You picked a lousy time to graduate. Go back in for a masters, you can get four more years of beer drinking and racking up the loans.

WooHoo!

[WrongSizeGlass]

Time to raise my rates! I'm sure my clients are going to be thrilled, but if they took my advice about security they'd only pay for my advice and not pay me repeatedly to delouse their PC's.

Not Based on Surveys - Based on Actual Placements

[joelleo]

bodes well for the article's accuracy that its based upon actual placements rather than a "salary survey." Here's to a slightly higher salary in '11! *clinks rum & coke glass with the slashdotter next to him*

Re:

[betterunixthanunix]

Rum and coke? With that higher salary, I would expect some single malt scotch...

Re:

[joelleo]

/me searches for his bottle of Caol Ila
/me realizes he hasn't bought it yet because HIS share of the higher salaries hasn't come through yet
/me frowns in consternation and turns to his bottle of Jack in the meantime

Already for me

[c0mpliant]

I got a raise a month ago for the first time in two years since I started this Security job and not a token raise either. There is demand there for Security officers from Security Admin jobs to Pen testing jobs and everything inbetween

gold

[buravirgil]

"Industries forecasting particularly strong demand for IT professionals in 2011 include business services, transportation and healthcare."

"There is a strong need for IT professionals in healthcare in particular. We've seen a strong demand for IT professionals, from developers to help desk, to assist with the conversion to electronic medical records," Reed noted."

Pfft. Only corporations will steal medical information, through regulation. And breaches will still be whole databases left in a taxi on a laptop.

Re:gold or where is the data this week?

[WillAffleckUW]

Actually, one of the most amusing security breaches in history was when a General left his laptop with Top Secret info on it in a taxi.

I'm farming Cataclysm. They pay in Yuan for archeological items.

Re:

[sjs132]

I hate farmville to...

Re:

[WillAffleckUW]

I hate farmville to...

FrontierVille is Zyngastic!

Don't hate the player, hate the cow-clicking game. Now excuse me while I click on these dragons.

Re:

[sjs132]

:)

That's great

[dnaumov]

Now if there were any actual IT security jobs around...

tricksters sell to scared idiots, news at 11

[FuckingNickName]

Yeah, there's also an increase in demand for physical security, more funding for anti-terror tools/research, etc. The western world is currently more scared of nothing than it's been for decades, and IT security "experts" are the latest in a line of technically mediocre conjurers who manage to charge a lot to turn people from feeling scared to feeling slightly less scared while achieving absolutely nothing.

You know who you are.

Re:

[c0mpliant]

Are you denying rising need for additional security in our ever expanding interconnected world? In the era when more than ever before, a persons personal data is stored on dozens of different, independent sources each one of them has to be secure and if its not you may as well have no security any where. Then you need to actively monitor it for ensured protection against the latest threats. This is no snake oil that is being sold, this is as much requirement for business as accountants, HR and physical secu

Re:

[Securityemo]

The clinch is of course, that in computer security the client has no idea what the hell you are doing whatsoever. There is no direct way for the client to observe if he has been ripped off, so people will therefore intuitively feel that a larger moral burden rests on the "comp sec guy."

Re:

[bzipitidoo]

Security needs have not fundamentally changed!

GP is right. We've been jumping at shadows. And dealing poorly with the problems by having an army of "security specialists" try to plug leaks before they happen. They're constantly analyzing code, patching systems, quarantining spam, checking logs, tweaking firewalls, and other similar measures. It's like managing dikes by hiring boys to walk along them and plug holes with their fingers. Mitre's CVE program is all very well, but is hardly all that we can

Re:

[Glonoinha]

For instance, why can't a file belong to multiple owners and/or groups?

Without going so far as calling it 'secure' - I will go out on a limb and say that Windows has been able to do this since ... like NT 4.0
Now that I think about it, I'm pretty sure Novell had this ability as far back as ... maybe Netware 2.15 or 2.2 (ie, early 90's.)

Re:

[gtall]

Damn, you are right, if software didn't have bugs, we wouldn't have such severe security issues. I propose we ban software bugs from now on, call your senator, call your congresscritter; we can do this!!

Re:

[CAIMLAS]

If someone can turn a buck telling people trivial things which improve security - simply because he's an 'expert' - I'm all for it. I'd love such an easy job.

"Lock your doors at night"
"Don't leave valuables in plain sight"
"Look both ways before crossing"
"Don't trust the panhandlers"
"Cabbies are even worse"

All of this is common sense, but take a Bushman into a city and see how much sense it makes. He'd probably give many shiny beads to be led to safety.

Re:

[Beryllium Sphere(tm)]

Part of my practice is telling clients when not to worry. They'll ask about some overhyped threat, and I'll put it in perspective for them.

what the hell is a "Pre Sales Engineer"?

[Nadaka]

And why is it at the bottom of a list that otherwise includes IT professions that I can recognize?

Re:

[Anonymous Coward]

Pre Sales Engineer would probably be the assistant to the sales team who listens to the potential customer's needs and then devises potential configurations (of the product) for the customer to consider for their SOLUTION ?

Re:

[wiredmikey]

That's correct -- a more "tech savvy" sales assistant essentially that can help translate customer needs into a solution the company can supply.

Re:

[Nadaka]

It is bad enough that they are calling programmers "engineers" these days, maybe 5% or less of them actually apply engineering principals in the design of software. But a sales guy?

An engineer is an practitioner of applied science, someone who takes theoretical advances and implements them. In most countries and engineer must be tested and certified. An engineer has an ethical obligation to the general public, the users of his design and his clients. An engineer may face legal consequences if his designs ar

Re:

[tyen]

Anonymous Coward pretty much answered what a presales engineer does, but didn't explain why it is at the bottom of the list. The list appears to be sorted by salary range or percent increase. Note that presales engineer had the largest percent increase, but the lowest salary range in the list.

Many presales engineers (especially at the big companies) have a compensation plan that is part salary, part commission and part incentive bonus plans, so this table might not be an accurate reflection of what they rea

Re:

[wiredmikey]

Hi Tyen -- The report focuses on "Base Compensation" -- and that is noted. I absolutely agree with you, the column just didn't include any bonus, commissions, etc (for any positions listed) that are often part of a total comp plan. You're 100% spot on with your comment. Just that the main focus is base salary.

Quick!

[CAIMLAS]

Quick! Increase the H1B quota!

Only half serious on that one, folks: you know they're going to push for it. It doesn't matter if they think they can get someone for 10%-20% than they could've 2 years ago if they can get someone for 30%+ less on account of statistics.

I'd not be surprised if this statistic is somehow funded by industry groups which want the IT wage to go down further.

I suspect part of the reason why there may be increased demand is healthcare. There are huge demands on healthcare IT right now

"According to Robert Half" == standard propaganda

[walterbyrd]

Asking Robert Half if IT salaries are going to go up, is like asking a Century 21 agent if it's a good time to buy a house. The answer is a forgone, agenda driven, conclusion.

These sorts of surveys are always meaningless. Did anybody predict the massive layoffs of IT workers in 2009? How about the total collapse in 2000/2001? Do we ever seen any sorts of warnings about massive offshoring, and/or inshoring, from these industry puff pieces?

The industry propaganda is unwaveringly optimistic of the future for IT workers. But, reality often tells a very different story.

Re:

[wiredmikey]

Maybe for IT workers overall but not right now as far as security talent. Not enough talent right now for people with information security skills.

Re:

[Ethanol-fueled]

I love the phoney American optimism that the economy will soon "turn around."

Guess what, guys? This was the recovery!

Security+

[Scarletdown]

So, was it a good thing I just recently got my Security+ certification after all? I trust it was not a waste of my time?

Re:

[gandhi_2]

On the contrary! You can now help us unload the delivery trucks at Walmart!

Re:

[walterbyrd]

I have one, and I have found it to be a waste of time. Companies want the CISSP.

CompTIA is now making an Advanced Security+ cert. I think that is supposed to compete with the CISSP.

Whatever

[Jethro]

Is there someone I get to punch when this ends up not happening for the 5th year in a row?