Operations
5/15/2014
03:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

InformationWeek Radio: State of Information Security Salaries & Careers

InformationWeek Radio: The IW Salary Survey shows that security pros have high salaries and great job security ... but how long will it last?

Security pros are in high demand, and if the 621 security staffers and managers who took part in InformationWeek’s 2014 IT Salary Survey are any indication, they also earn much more than the average IT pro and enjoy more job security.

But how long will that last?

According to Mark Aiello, president of Boston-based cyber-security professional services and staffing firm Cyber 360 Solutions, hiring managers today are struggling to find candidates for security positions because they're looking in the wrong places and asking for the wrong credentials. They might be desperately emptying their pockets for security pros now, but eventually they'll wise up. How long will that take and how will it change the average security pro's paycheck?

Join me Tuesday, May 20, at 2:00 p.m. ET for a live online radio interview with Aiello to review the results of the InformationWeek IT Salary Survey, discuss what a career in security is like now, and imagine what it might be like in a few years.

Register now for this episode of the InformationWeek Salary & Careers radio series, powered by Dark Reading. Don't forget to bring along your burning questions for Mark on Tuesday, because he'll be answering some questions from the audience during the broadcast. Anything in particular you'd like me to ask him? Let me know in the comments below.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joyce23501
50%
50%
Joyce23501,
User Rank: Apprentice
5/20/2014 | 10:00:51 AM
salaries are likely to rise
I worked in my company's IT Security department for many years.  The required skills are primarily those of network engineering: knowledge of Radius (authentication) servers,  enterprise firewall devices, IP routing, enterprise VPN servers, and intrusion detection devices.    These are all highly specialized areas that are very difficult to learn. 

By comparison, Web development skills are (by comparison) relatively easy to learn.  There is a huge number of people who know how to develop Websites.  This is why salaries for Web development are likely to decline, while salaries for security specialists are likely to keep rising.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
5/16/2014 | 1:19:03 PM
Re: salary bubble?
Is automation the wild card? If the really smart security people build tools that are usable by less skilled people to test for 75% +/- of potential problems, then you free skilled manhours in the same way that hiring LPNs and CNAs fre up RNs for more skilled work. 
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
5/16/2014 | 11:59:56 AM
Re: salary bubble?
I believe the talent pool has remained small due to the skills required for information security.  For example, web application penetration testing requires in depth knowledge of HTML, HTTP, SQL, XML, LDAP, IMAP, SMTP, shell coding, and the knowledge of how to apply it.  Those skills span many different IT disciplines and it takes someone dedicated to be able to learn it.  Unlike other areas of IT you cannot give someone a step by step tutorial on information security, every situation is unique.

I don't see the required skillset of a qualified information security professional becomming easy to obtain in the near future.  As a result, I don't see a large talent pool either.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/16/2014 | 9:10:09 AM
salary bubble?
Interesting question. The infosec community has enjoyed healthy salaries due to high demand and a smaller talent pool. But if indeed the search widens to other more available skillsets, could that burst the high-dollar salary bubble?
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.