Operations // Careers & People
5/15/2014
03:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

InformationWeek Radio: State of Information Security Salaries & Careers

InformationWeek Radio: The IW Salary Survey shows that security pros have high salaries and great job security ... but how long will it last?

Security pros are in high demand, and if the 621 security staffers and managers who took part in InformationWeek’s 2014 IT Salary Survey are any indication, they also earn much more than the average IT pro and enjoy more job security.

But how long will that last?

According to Mark Aiello, president of Boston-based cyber-security professional services and staffing firm Cyber 360 Solutions, hiring managers today are struggling to find candidates for security positions because they're looking in the wrong places and asking for the wrong credentials. They might be desperately emptying their pockets for security pros now, but eventually they'll wise up. How long will that take and how will it change the average security pro's paycheck?

Join me Tuesday, May 20, at 2:00 p.m. ET for a live online radio interview with Aiello to review the results of the InformationWeek IT Salary Survey, discuss what a career in security is like now, and imagine what it might be like in a few years.

Register now for this episode of the InformationWeek Salary & Careers radio series, powered by Dark Reading. Don't forget to bring along your burning questions for Mark on Tuesday, because he'll be answering some questions from the audience during the broadcast. Anything in particular you'd like me to ask him? Let me know in the comments below.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joyce23501
50%
50%
Joyce23501,
User Rank: Apprentice
5/20/2014 | 10:00:51 AM
salaries are likely to rise
I worked in my company's IT Security department for many years.  The required skills are primarily those of network engineering: knowledge of Radius (authentication) servers,  enterprise firewall devices, IP routing, enterprise VPN servers, and intrusion detection devices.    These are all highly specialized areas that are very difficult to learn. 

By comparison, Web development skills are (by comparison) relatively easy to learn.  There is a huge number of people who know how to develop Websites.  This is why salaries for Web development are likely to decline, while salaries for security specialists are likely to keep rising.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
5/16/2014 | 1:19:03 PM
Re: salary bubble?
Is automation the wild card? If the really smart security people build tools that are usable by less skilled people to test for 75% +/- of potential problems, then you free skilled manhours in the same way that hiring LPNs and CNAs fre up RNs for more skilled work. 
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
5/16/2014 | 11:59:56 AM
Re: salary bubble?
I believe the talent pool has remained small due to the skills required for information security.  For example, web application penetration testing requires in depth knowledge of HTML, HTTP, SQL, XML, LDAP, IMAP, SMTP, shell coding, and the knowledge of how to apply it.  Those skills span many different IT disciplines and it takes someone dedicated to be able to learn it.  Unlike other areas of IT you cannot give someone a step by step tutorial on information security, every situation is unique.

I don't see the required skillset of a qualified information security professional becomming easy to obtain in the near future.  As a result, I don't see a large talent pool either.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/16/2014 | 9:10:09 AM
salary bubble?
Interesting question. The infosec community has enjoyed healthy salaries due to high demand and a smaller talent pool. But if indeed the search widens to other more available skillsets, could that burst the high-dollar salary bubble?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6196
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSp...

CVE-2014-7247
Published: 2014-11-25
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?