The Best-Paying IT Security Jobs of 2015 85
Nerval's Lobster writes: It's no secret that tech pros with extensive IT security backgrounds are in high demand, especially in the wake of last year's high-profile hacks of major companies such as Sony and Home Depot. Which security-related job pays the most? According to a new analysis of Dice salary data, a lead software security engineer can expect to earn an average of $233,333 in 2015, followed by a director of security, who can expect to earn $200,000. Nor are those outliers: Chief information security officers, directors of information security, and IT security consultants can all expect to earn close to $200,000, if not more. While many subfields of IT security prove quite lucrative, there are also other jobs that earn below the average for tech pros. Security analysts will make an average of $59,880 this year, for instance, while security installation technicians—because somebody needs to install the cameras and sensors—can expect to earn $31,680. Compare that to the average tech-pro salary of $89,450 in 2014, which is only expected to rise this year. According to a 2014 report from Global Knowledge and Penton, those armed with certifications such as CRISC, CISM, and CISA can expect to earn a healthy six figures a year.
Umm, yeah? (Score:5, Insightful)
Suitably high level technical skill pays very well, 'Director of' and 'Chief Something Officer' pay well to very well, 'consultants' are either quite expensive or powerless peons who have been reclassified to avoid labor laws that apply to real employees; and installation technicians aren't quite below the poverty line.
Re: (Score:2)
our company got conned into hiring one of these "security consultants". all they did is plug their laptop in, type in server IPs, click a button, and then print out the report. which was all the unfixed items that were ultra-low priority along with several false positives. upper management was impressed and even had sales bragging to customers about our focus on security.
Re: (Score:1)
then what would the company do with all that unpaid bonus money?
Re: (Score:1)
Hire more security consultants, of course!
Re:Umm, yeah? (Score:5, Funny)
Hell at least he found something, even if all he did was fire up Metasploit. Many times you don't even get that.
Re:Umm, yeah? (Score:4, Informative)
Why didn't your CISO step in?
We had a company try to pull that one on us, too. They even had the chuzpah to just fire up Nessus, create a report and dump it on us. And that was certainly not what was agreed on in the contract. When asked to show what else they did, they came up with a list of things they actually could have done, of course with no findings because "our security is so good"... and they would even have gotten away with it if it wasn't for our internal team to find a security hole just that time, and one that is SO damn blatant that anyone not faking it would have had to find it.
We still paid. It's horribly difficult to prove something like that in court. But I have a hunch that they are having a hard time getting more contracts. You see, word travels...
Re: (Score:2)
We still paid. It's horribly difficult to prove something like that in court. But I have a hunch that they are having a hard time getting more contracts. You see, word travels...
Again, see OP. Scrub the word "security" out and you could have this problem with any consultant. You win some, you lose some, you typically pay either way.
Re: (Score:2)
There are certain things that are very dependent on what your customer's setup is like.
But I hope we can agree on saying that charging 15 days for collecting information about the client's infrastructure (essentially no cost, since that's expected from the client to deliver, but let's say 4 hours), configuring Nessus (~20 minutes) and eventually copy/pasting the result into a prepared document that supposedly constitutes a report is a wee bit off, yes?
Re:Umm, yeah? (Score:5, Insightful)
It's industry fast-talk meant to muddle your minds. Look at this:
Compare that to the average tech-pro salary of $89,450 in 2014, which is only expected to rise this year.
In all stable markets, salaries rise. In the dot-com boom, IT people were getting $150k-$250k; they dropped to $60k, and have been on the rise since. Why did they drop? Because the bubble bust and because everyone went to school for IT; we have a STEM glut, especially in IT, so salaries are low. As long as we continue the narrative of climbing salaries for high-value IT professionals, people will go to college for IT, and will continue to contribute to the high candidate availability and relatively low salary. With such a stable market--constantly and continuously oversupplied with labor--salaries will climb at a slow pace, but they will always climb.
Showing high average salaries, especially un-adjusted for high-cost areas where many technicians live, puts out golden dollar signs for people to chase. People imagine themselves one day as a Director of IA, a VP of InfoSec, a CISO, a big-name boss doing as little work as possible for a maximized salary. They don't consider that such positions are on the order of one per company, matched to the company's size (small business's Director of Information Security is going to get small-business salary), and actually a whole hell of a lot of work--and not just tech work, but work of a different nature you may find greatly rewarding or horrifyingly torturous. It doesn't matter; they go to get those degrees in IT and IT Security, imagining themselves rolling in money.
Welcome to higher-education initiatives, where the Government facilitates college education. We've shifted social responsibility from businesses--who would normally experience pain from a lack of professionals and thus aggressively supply education and training to career entrants in order to maximize their profitable strategic market advantage--to individuals--who face higher risks and a greater chance of unemployment for the potential to garner lower salaries, but believe themselves advantaged by being able to independently acquire a certification of their skill in an area which they would have otherwise acquired by advancing their career and drawing income. The point of supplying free college education or government-backed loans is to transfer power and, ultimately, money away from the individual laborer and to the hands of large businesses in the most non-intuitive and unrecognizable way, so that people will cry out for more of this rather than recognizing how much harm it's doing to them.
Re: (Score:2)
The median household income for college grads is not that low. See this [wikipedia.org]. Note also that IT is a male-dominated field, so don't forget to add in the male gender pay bonus.
Median male salary with a Bachelor's degree is $50,916 according to your own source. That is still much less than the average IT worker.
IT workers typically make about what a person with a Professional degree makes. This is appropriate given the amount of education and certifications necessary to work in this field.
IT workers typically do not make what a person with a Professional degree makes, because the amount of education and certifications is not similar at all. A professional degree is essential a doctorate. That is not universally true, but the vast majority of professional degrees are doctorates. They are also almost universally licensed as a requirement to practice in their f
Re: (Score:2)
You *cannot* mix individual and household income and somehow treat them as equivalent. They are not. I was refuting the "51K median HH income" BS.
This thread was already mixing individual income ($89k average tech-pro salary) and median income ($51k median HH income) so I was merely following the convention. I agree that we shouldn't be looking at HH income at all though, and should focus on average college grads making $51k and average tech-pro workers making $89k. These stats are slightly different since one is median and one is the mean, but I doubt there are many 1%-ers skewing the tech-pro salaries.
No on strives for "median". Half the population lack college degrees. Median income means no/some college. And half the population with college degrees have worthless paper in English or Psychology or Communications or some economically equivalent worthless crap.
We are already ignoring the population that lac
Re: (Score:2)
Excellent comment
Re: (Score:2)
What's different about it this time? People normally balk at this argument. It's one I've begun to think I need to avoid politically--I have political initiatives for a far better welfare system (supplies stronger social safety nets without the constantly rising proportional costs our current system suffers from) and for K-12 education improvement (no fixed plan yet; lots of concepts to glue together, but I need to find someone with real understanding of K-12 education to translate those to classroom man
Meh (Score:1)
Ummm..... (Score:2, Funny)
Hello!
I am a security engineer at the biggest cloud platform company in the world... 8 years... I seem to need an adjustment =P
I seem to be missing out on a nice chunk =P
Re:Ummm..... (Score:5, Insightful)
Re: (Score:2)
You were underpaid from the start, and its perpetuated. Laughably so. Here's what my progression looked like
01-05 70-72K (I got a small raise in there) in San Diego
05-08 82K+equity in Seattle
08-10 90K+equity startup
10-12 90K-120K+equity at another startup (salaries went up from startup scale to full scale when we knew we'd be bought)
12-13 $75/hr contracting while on vacation then moving to Baltimore. I was underpaid here, should have asked for more but did it to move to Baltimore for personal reasons
Re: (Score:1)
Notice his career started in 08?
"Even if we assume you live somewhere far cheaper than the valley you were criminally underpaid to start and still underpaid now."
Congratulations, you just described most of the first graduating class of the "lost generation". You were born 7 years earlier: do you want a medal?
Re: (Score:2)
Mine started in 01- the year of the dot com crash. He's still underpaid, the problem is he doesn't have the balls to demand more or leave.
Re: (Score:2)
Re: (Score:2)
I mentioned the city in several cases- assume that until I mention another city its the same as the previous one. But cost of living numbers tend to be really overstated- other than housing the remainder is basically flat anywhere in the US, the 2-3% difference doesn't matter if you aren't living paycheck to paycheck. Subtract out the difference in housing yourself, I have no idea what your base is.
We'll disagree on you having the best housing- for me the best housing means fun things in walking distanc
Re: (Score:2)
other than housing the remainder is basically flat anywhere
Housing is a large portion of many people's incomes. Going from $500/m for a 2 bedroom 3 level duplex with a 2 stall garage where I live, to who knows what in a big city, is probably a big difference. Not to mention getting to/from anywhere in the city is about 5-10 minutes no matter what time of the day.
I understand not having a yard because mowing does suck, but I
Re: (Score:2)
Given the cost of living in the Valley, $170K isn't all that much, even if your expectations aren't just internet bluffing. I can have a much better life in areas that aren't so hideously crowded and still take home more real disposable income after paying for housing and transportation, not to mention all of the intangible benefits of having a short commute, while having a gross salary that's 2/3 of what you're bragging about. All I have to do is live almost anywhere else in the country.
Big salary number
Re: (Score:2)
My expectations aren't internet bluffing, its taking my RSUs by the current stock price, and adding in my expected bonus. Although if the stock market crashes in the next 6 months it could seriously decrease, its not a 0 risk supposition.
I think you have a lot of wrong information about real cost of living in the valley. My commute is 20-25 minutes each way, and could easily be much lower at the same housing price. This morning it was 35 due to an accident, first time its been over 30 in 6 months. That'
Re: (Score:2)
Woah, stop the presses (Score:3, Funny)
"While many subfields of IT security prove quite lucrative, there are also other jobs that earn below the average for tech pros."
Wait, so some people earn ABOVE average and some earn BELOW? Stop the freaking presses people.
Re: (Score:3)
Re:Woah, stop the presses (Score:5, Funny)
Not true - 99.999% of the population have above average number of fingers
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
A full half of the population is below average.
You are thinking of "median", but "average" generally refers to the mean. More than 90% of households earn less than the mean.
Re: (Score:2)
Ah yes. I forgot to point out that it was a joke before the overly pedantic nit-pickers showed up.
It's a joke. Laugh. It's funny. Trust me.
Re: (Score:2)
left out the the security "outplacement" manager (Score:2)
Vague details (Score:2)
security installation technicians—because somebody needs to install the cameras and sensors—can expect to earn $31,680
That's because there is no actual skill involved. Any idiot with a drill and a screwdriver can mount a camera to a wall. Doesn't require any special training or skills. This is the sort of thing that people with work documents of questionable origin tend to get hired to do.
According to a 2014 report from Global Knowledge and Penton, those armed with certifications such as CRISC, CISM, and CISA can expect to earn a healthy six figures a year.
Umm, great. Living where? $100K in Silicon Valley or Manhattan won't get you much. Same amount in the mid-west is pretty comfortable living.
Re: (Score:2)
Especially if you want outdoor mounts, there are still any number of mistakes that can lead to moisture problems, compromise insulation, damage fire barriers, and so on, so you don't want to scrape the bottom of the barrel too hard; but there aren't too many formal requirements compared to mains voltage work or structural m
$31K? (Score:5, Interesting)
Cheap labor (Score:2)
That is $15/hr. I hope no one thinks paying that for any kuind of critical security infrastructure is a good idea. They could be bribed with things like free movie tickets or a Big Mac.
What it means is that they hired some Mexicans or other foreigners to do the grunt work of attaching things to walls so they wouldn't have to pay much. Any time you have hard grunt labor where you want to pay as little as possible (picking in fields, construction, etc) chances are non-trivial that they are paying someone who was born in another country to do it.
Re: (Score:2)
>> they could be bribed with things like free movie tickets or a Big Mac
I'm comfortably in the six figures and I can STILL be bribed by these things. Even a smile if it comes from the right person. There's a reason good managers, influencers and salespeople are good at what they do - they use everything they have to make other people feel appreciated, and the world turns around them.
Re: (Score:2)
This figure must include high end consultants (Score:2)
My experience, having worked with security "consultants" in the past, is that many of them are of the same stripe as the management consultants from Accenture, KPMG, etc. and just fly around the country giving PowerPoint presentations to scared executives trying to sell them a packaged appliance/solution. If these guys are part of the survey, I can easily see $200K+ -- their firm is billing them out at at least twice that. I know lots of young grads with zero or little experience routinely get jobs with the
Re: (Score:2)
None of those companies are paying recent grads 200K. Even their more senior folks (non-partners) will not be making the big money. The guys with the experience and the credentials will be making 200K+ but they will be with small boutique consulting firms.
Very Very few folks who are not consultants will be making that kind of money. Companies will bring in the expertise when they need it but won't pay an employee that well.
I know this because I've been doing IAM/Security consulting for over 20 years. I kn
Re: (Score:2)
Yeah, those high end consultants are people that companies hire to "help" them get through their annual security / PCI audit. They know what to say to the auditors to prevent further digging, and know what not to say to help hide the actual deficiencies. I bet they do little to actually improve security practices, though. OTOH, you will have your anti-virus definitions reporting in as updated, though!
Places that need (to pass) real security audits will have the requirements baked in to the design phase e
The best paying IT security jobs in 2015 (Score:5, Insightful)
Stagnant pay for IT (Score:3)
I was making $85,000/yr in the '90s in IT. Bumping that by only $15,000 in 25 years seems kind of insulting.
Re: (Score:2)
I was making $85,000/yr in the '90s in IT. Bumping that by only $15,000 in 25 years seems kind of insulting.
IT workers need to stop using salaries in the 90's as evidence that IT salaries have stagnated. Pay in the 90's was bloated, and there was a massive correction after the bubble burst.
The S&P 500 finally reached its 2000 peak in April 2015. Considering the tech sector was a major contributor to the stock market crashing in 2000, it makes sense that IT wages would not be much higher than they were 20 years ago.
Also, most IT sector workers have their salaries stagnate at around $100k per year because they
Re: (Score:2)
No. '90s. As in 1990. Ten YEARS before the Y2K "bubble".
Sounds like good job security (Score:2)
*ba doom ching*