Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Businesses Security IT

The Best-Paying IT Security Jobs of 2015 85

Nerval's Lobster writes: It's no secret that tech pros with extensive IT security backgrounds are in high demand, especially in the wake of last year's high-profile hacks of major companies such as Sony and Home Depot. Which security-related job pays the most? According to a new analysis of Dice salary data, a lead software security engineer can expect to earn an average of $233,333 in 2015, followed by a director of security, who can expect to earn $200,000. Nor are those outliers: Chief information security officers, directors of information security, and IT security consultants can all expect to earn close to $200,000, if not more. While many subfields of IT security prove quite lucrative, there are also other jobs that earn below the average for tech pros. Security analysts will make an average of $59,880 this year, for instance, while security installation technicians—because somebody needs to install the cameras and sensors—can expect to earn $31,680. Compare that to the average tech-pro salary of $89,450 in 2014, which is only expected to rise this year. According to a 2014 report from Global Knowledge and Penton, those armed with certifications such as CRISC, CISM, and CISA can expect to earn a healthy six figures a year.
This discussion has been archived. No new comments can be posted.

The Best-Paying IT Security Jobs of 2015

Comments Filter:
  • Umm, yeah? (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Monday May 11, 2015 @12:39PM (#49666183) Journal
    I know that smearing 'security' all over things is popular; but isn't this almost comically similar to non-security job descriptions?

    Suitably high level technical skill pays very well, 'Director of' and 'Chief Something Officer' pay well to very well, 'consultants' are either quite expensive or powerless peons who have been reclassified to avoid labor laws that apply to real employees; and installation technicians aren't quite below the poverty line.
    • by Anonymous Coward

      our company got conned into hiring one of these "security consultants". all they did is plug their laptop in, type in server IPs, click a button, and then print out the report. which was all the unfixed items that were ultra-low priority along with several false positives. upper management was impressed and even had sales bragging to customers about our focus on security.

      • by gatkinso ( 15975 ) on Monday May 11, 2015 @01:06PM (#49666467)

        Hell at least he found something, even if all he did was fire up Metasploit. Many times you don't even get that.

      • Re:Umm, yeah? (Score:4, Informative)

        by Opportunist ( 166417 ) on Monday May 11, 2015 @01:59PM (#49666953)

        Why didn't your CISO step in?

        We had a company try to pull that one on us, too. They even had the chuzpah to just fire up Nessus, create a report and dump it on us. And that was certainly not what was agreed on in the contract. When asked to show what else they did, they came up with a list of things they actually could have done, of course with no findings because "our security is so good"... and they would even have gotten away with it if it wasn't for our internal team to find a security hole just that time, and one that is SO damn blatant that anyone not faking it would have had to find it.

        We still paid. It's horribly difficult to prove something like that in court. But I have a hunch that they are having a hard time getting more contracts. You see, word travels...

        • We still paid. It's horribly difficult to prove something like that in court. But I have a hunch that they are having a hard time getting more contracts. You see, word travels...

          Again, see OP. Scrub the word "security" out and you could have this problem with any consultant. You win some, you lose some, you typically pay either way.

    • Re:Umm, yeah? (Score:5, Insightful)

      by bluefoxlucid ( 723572 ) on Monday May 11, 2015 @01:10PM (#49666505) Homepage Journal

      It's industry fast-talk meant to muddle your minds. Look at this:

      Compare that to the average tech-pro salary of $89,450 in 2014, which is only expected to rise this year.

      In all stable markets, salaries rise. In the dot-com boom, IT people were getting $150k-$250k; they dropped to $60k, and have been on the rise since. Why did they drop? Because the bubble bust and because everyone went to school for IT; we have a STEM glut, especially in IT, so salaries are low. As long as we continue the narrative of climbing salaries for high-value IT professionals, people will go to college for IT, and will continue to contribute to the high candidate availability and relatively low salary. With such a stable market--constantly and continuously oversupplied with labor--salaries will climb at a slow pace, but they will always climb.

      Showing high average salaries, especially un-adjusted for high-cost areas where many technicians live, puts out golden dollar signs for people to chase. People imagine themselves one day as a Director of IA, a VP of InfoSec, a CISO, a big-name boss doing as little work as possible for a maximized salary. They don't consider that such positions are on the order of one per company, matched to the company's size (small business's Director of Information Security is going to get small-business salary), and actually a whole hell of a lot of work--and not just tech work, but work of a different nature you may find greatly rewarding or horrifyingly torturous. It doesn't matter; they go to get those degrees in IT and IT Security, imagining themselves rolling in money.

      Welcome to higher-education initiatives, where the Government facilitates college education. We've shifted social responsibility from businesses--who would normally experience pain from a lack of professionals and thus aggressively supply education and training to career entrants in order to maximize their profitable strategic market advantage--to individuals--who face higher risks and a greater chance of unemployment for the potential to garner lower salaries, but believe themselves advantaged by being able to independently acquire a certification of their skill in an area which they would have otherwise acquired by advancing their career and drawing income. The point of supplying free college education or government-backed loans is to transfer power and, ultimately, money away from the individual laborer and to the hands of large businesses in the most non-intuitive and unrecognizable way, so that people will cry out for more of this rather than recognizing how much harm it's doing to them.

      • Excellent comment

        • What's different about it this time? People normally balk at this argument. It's one I've begun to think I need to avoid politically--I have political initiatives for a far better welfare system (supplies stronger social safety nets without the constantly rising proportional costs our current system suffers from) and for K-12 education improvement (no fixed plan yet; lots of concepts to glue together, but I need to find someone with real understanding of K-12 education to translate those to classroom man

  • by Anonymous Coward
    More dice clickbait/advertising.
  • Ummm..... (Score:2, Funny)

    by Anonymous Coward

    Hello!

    I am a security engineer at the biggest cloud platform company in the world... 8 years... I seem to need an adjustment =P

    I seem to be missing out on a nice chunk =P

    • Re:Ummm..... (Score:5, Insightful)

      by grimmjeeper ( 2301232 ) on Monday May 11, 2015 @12:50PM (#49666315) Homepage
      That's because they already have you. The only way to really keep your salary up to average or better is to jump companies every once in a while.
  • by Anonymous Coward on Monday May 11, 2015 @12:46PM (#49666263)

    "While many subfields of IT security prove quite lucrative, there are also other jobs that earn below the average for tech pros."

    Wait, so some people earn ABOVE average and some earn BELOW? Stop the freaking presses people.

  • security installation technicians—because somebody needs to install the cameras and sensors—can expect to earn $31,680

    That's because there is no actual skill involved. Any idiot with a drill and a screwdriver can mount a camera to a wall. Doesn't require any special training or skills. This is the sort of thing that people with work documents of questionable origin tend to get hired to do.

    According to a 2014 report from Global Knowledge and Penton, those armed with certifications such as CRISC, CISM, and CISA can expect to earn a healthy six figures a year.

    Umm, great. Living where? $100K in Silicon Valley or Manhattan won't get you much. Same amount in the mid-west is pretty comfortable living.

    • Most security-related hardware is also (and probably largely for this purpose) kept low-voltage/data cabling only, so you can usually do it without getting a full electrician involved.

      Especially if you want outdoor mounts, there are still any number of mistakes that can lead to moisture problems, compromise insulation, damage fire barriers, and so on, so you don't want to scrape the bottom of the barrel too hard; but there aren't too many formal requirements compared to mains voltage work or structural m
  • $31K? (Score:5, Interesting)

    by deadweight ( 681827 ) on Monday May 11, 2015 @12:53PM (#49666349)
    That is $15/hr. I hope no one thinks paying that for any kuind of critical security infrastructure is a good idea. They could be bribed with things like free movie tickets or a Big Mac.
    • That is $15/hr. I hope no one thinks paying that for any kuind of critical security infrastructure is a good idea. They could be bribed with things like free movie tickets or a Big Mac.

      What it means is that they hired some Mexicans or other foreigners to do the grunt work of attaching things to walls so they wouldn't have to pay much. Any time you have hard grunt labor where you want to pay as little as possible (picking in fields, construction, etc) chances are non-trivial that they are paying someone who was born in another country to do it.

    • >> they could be bribed with things like free movie tickets or a Big Mac

      I'm comfortably in the six figures and I can STILL be bribed by these things. Even a smile if it comes from the right person. There's a reason good managers, influencers and salespeople are good at what they do - they use everything they have to make other people feel appreciated, and the world turns around them.

  • My experience, having worked with security "consultants" in the past, is that many of them are of the same stripe as the management consultants from Accenture, KPMG, etc. and just fly around the country giving PowerPoint presentations to scared executives trying to sell them a packaged appliance/solution. If these guys are part of the survey, I can easily see $200K+ -- their firm is billing them out at at least twice that. I know lots of young grads with zero or little experience routinely get jobs with the

    • by LDAPMAN ( 930041 )

      None of those companies are paying recent grads 200K. Even their more senior folks (non-partners) will not be making the big money. The guys with the experience and the credentials will be making 200K+ but they will be with small boutique consulting firms.

      Very Very few folks who are not consultants will be making that kind of money. Companies will bring in the expertise when they need it but won't pay an employee that well.

      I know this because I've been doing IAM/Security consulting for over 20 years. I kn

    • by rwa2 ( 4391 ) *

      Yeah, those high end consultants are people that companies hire to "help" them get through their annual security / PCI audit. They know what to say to the auditors to prevent further digging, and know what not to say to help hide the actual deficiencies. I bet they do little to actually improve security practices, though. OTOH, you will have your anti-virus definitions reporting in as updated, though!

      Places that need (to pass) real security audits will have the requirements baked in to the design phase e

  • by ArhcAngel ( 247594 ) on Monday May 11, 2015 @02:05PM (#49667009)
    Heh, the best paying IT security jobs in 2015 are in a bunker in Russia writing viruses. Followed closely by phishing experts in Europe posing as African royalty.
  • by msobkow ( 48369 ) on Monday May 11, 2015 @02:07PM (#49667035) Homepage Journal

    I was making $85,000/yr in the '90s in IT. Bumping that by only $15,000 in 25 years seems kind of insulting.

    • by ranton ( 36917 )

      I was making $85,000/yr in the '90s in IT. Bumping that by only $15,000 in 25 years seems kind of insulting.

      IT workers need to stop using salaries in the 90's as evidence that IT salaries have stagnated. Pay in the 90's was bloated, and there was a massive correction after the bubble burst.

      The S&P 500 finally reached its 2000 peak in April 2015. Considering the tech sector was a major contributor to the stock market crashing in 2000, it makes sense that IT wages would not be much higher than they were 20 years ago.

      Also, most IT sector workers have their salaries stagnate at around $100k per year because they

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Working...